An MLP-based Deep Learning Approach for Detecting DDoS Attacks

نوع مقاله : علمی-پژوهشی

نویسندگان

1 Department of Computer Science, University of Sistan and Baluchestan, Zahedan, Iran

2 Department of Computer Engineering, University of Mazandaran, Babolsar, Iran

چکیده

Distributed Denial of Service (DDoS) attacks are among the primary concerns in internet security today. Machine learning can be exploited to detect such attacks. In this paper, a multi-layer perceptron model is proposed and implemented using deep machine learning to distinguish between malicious and normal traffic based on their behavioral patterns. The proposed model is trained and tested using the CICDDoS2019 dataset. To remove irrelevant and redundant data from the dataset and increase learning accuracy, feature selection is used to select and extract the most effective features that allow us to detect these attacks. Moreover, we use the grid search algorithm to acquire optimum values of the model’s hyperparameters among the parameters’ space. In addition, the sensitivity of accuracy of the model to variations of an input parameter is analyzed. Finally, the effectiveness of the presented model is validated in comparison with some state-of-the-art works.

کلیدواژه‌ها


عنوان مقاله [English]

An MLP-based Deep Learning Approach for Detecting DDoS Attacks

نویسندگان [English]

  • M. VASOUJOUYBARI 1
  • E. Ataie 2
  • M. Bastam 2
1 Department of Computer Science, University of Sistan and Baluchestan, Zahedan, Iran
2 DepartmDepartment of Computer Engineering, University of Mazandaran, Babolsar, Iranent of Computer Engineering, Faculty of Engineering and Technology, University of Mazandaran, Babolsar, Iran
چکیده [English]

Distributed Denial of Service (DDoS) attacks are among the primary concerns in internet security today. Machine learning can be exploited to detect such attacks. In this paper, a multi-layer perceptron model is proposed and implemented using deep machine learning to distinguish between malicious and normal traffic based on their behavioral patterns. The proposed model is trained and tested using the CICDDoS2019 dataset. To remove irrelevant and redundant data from the dataset and increase learning accuracy, feature selection is used to select and extract the most effective features that allow us to detect these attacks. Moreover, we use the grid search algorithm to acquire optimum values of the model’s hyperparameters among the parameters’ space. In addition, the sensitivity of accuracy of the model to variations of an input parameter is analyzed. Finally, the effectiveness of the presented model is validated in comparison with some state-of-the-art works.

کلیدواژه‌ها [English]

  • Distributed denial of service
  • Network security
  • Machine learning
  • Multi-layer perceptron
  • CICDDoS2019
[1] Ghasabi, M. Deypir, "Detection and mitigation of DDOS attacks in Software Defined Networks using the Jeffrey distance", Tabriz Journal of Electrical Engineering, vol. 48, pp. 1287–1300, 2018.
[2] IoT connected devices worldwide 2019-2030. In: Statista. https://www.statista.com/statistics/1183457/iot-connected-devices-worldwide/. Accessed 15 Nov 2021
[3] M. Salim, S. Rathore, J.H. Park, " Distributed denial of service attacks and its defenses in IoT: a survey", Journal of Supercomputing, vol. 76, pp. 5320–5363, 2020.
[4] Sharafaldin, A.H. Lashkari, S. Hakak, A.A. Ghorbani, "Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy", In: 2019 International Carnahan Conference on Security Technology (ICCST), IEEE, pp. 1–8, 2019.
[5] Z. Bawany, J.A. Shamsi, K. Salah, "DDoS attack detection and mitigation using SDN: methods, practices, and solutions", Arabian Journal for Science and Engineering, vol. 42, pp. 425–441, 2017.
[6] THESSLSTORE | The Largest DDoS Attacks in history. In: Hashed SSL StoreTM. https://www.thesslstore.com/blog/largest-ddos-attack-in-history/. Accessed 22 Dec 2020
[7] USENIX | The Advanced Computing Systems Association. https://www.usenix.org/. Accessed 23 Nov 2021
[8] Advancing IT, Audit, Governance, Risk, Privacy & Cybersecurity | ISACA. https://www.isaca.org/. Accessed 23 Nov 2021
[9] Singh, P. Singh, K. Kumar, "Application layer HTTP-GET flood DDoS attacks: Research landscape and challenges", Computers & Security, vol. 65, pp. 344–372, 2017.
[10] B. Dehkordi, M. Soltanaghaei, F.Z. Boroujeni, "The DDoS attacks detection through machine learning and statistical methods in SDN", Journal of Supercomputing, vol. 77, pp. 2383–2415, 2021.
[11] Behal, K. Kumar, "Detection of DDoS attacks and flash events using information theory metrics–an empirical investigation", Computer Communications, vol. 103, pp. 18–28, 2017.
[12] Wang, "Analyses on limitations of information theory", In: 2009 International Conference on Artificial Intelligence and Computational Intelligence, IEEE, pp. 85–88, 2009.
[13] Yuan, C. Li, X. Li, "DeepDefense: identifying DDoS attack via deep learning", In: 2017 IEEE International Conference on Smart Computing (SMARTCOMP), IEEE, pp. 1–8, 2017.
[14] Doriguzzi-Corin, S. Millar, S. Scott-Hayward, "LUCID: A Practical, Lightweight Deep Learning Solution for DDoS Attack Detection", IEEE Transactions on Network and Service Management, 2020.
[15] Manavi, A. Hamzeh, "An Efficient Approach for Unknown Malware Detection Based on Opcode Analysis", Tabriz Journal of Electrical Engineering, vol. 50, pp. 1847–1864, 2021.
[16] Wang, Y. Lu, J. Qin, "A dynamic MLP-based DDoS attack detection method using feature selection and feedback", Computers & Security, vol. 88, pp. 101645, 2020.
[17] Shah, B.H. Trivedi, "Artificial neural network based intrusion detection system: A survey", International Journal of Computer Applications, vol. 39, pp. 13–18, 2012.
[18] Pradeepa, M. Pushpalatha, "IPR: Intelligent Proactive Routing model toward DDoS attack handling in SDN", Journal of Supercomputing, pp. 1–27, 2021.
[19] Saied, R.E. Overill, T. Radzik, "Detection of known and unknown DDoS attacks using Artificial Neural Networks", Neurocomputing, vol. 172, pp. 385–393, 2016.
[20] Sumathi, N. Karthikeyan, "Detection of distributed denial of service using deep learning neural network", Journal of Ambient Intelligence and Humanized Computing, vol. 12, pp. 5943–5953, 2021.
[21] Niyaz, W. Sun, A.Y. Javaid, "A deep learning based DDoS detection system in software-defined networking (SDN)", EAI Endorsed Transactions on Security and Safety ArXiv Preprint, ArXiv161107400, 2016.
[22] M.A. Ujjan, Z. Pervez, K. Dahal, "Towards sFlow and adaptive polling sampling for deep learning based DDoS detection in SDN", Future Generation Computer Systems, vol. 111, pp. 763–779, 2020.
[23] Johnson Singh, K. Thongam, T. De, "Entropy-based application layer DDoS attack detection using artificial neural networks", Entropy, vol. 18, pp. 350, 2016.
[24] He, T. Zhang, R.B. Lee, "Machine learning based DDoS attack detection from source side in cloud", In: 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud). IEEE, pp. 114–120, 2017.
[25] R. Sanchez, M. Repello, " Evaluating ML-based DDoS Detection with Grid Search Hyperparameter Optimization", 2021 IEEE 7th International Conference on Network Softwarization (NetSoft), vol. , pp.402–408, 2021.
[26] K. Batchu, H. Seetha, "A generalized machine learning model for DDoS attacks detection using hybrid feature selection and hyperparameter tuning", Computer Networks, vol. 200, pp.108498, 2021.
[27] Ismail, H. Hussain, A.A. Khan, U. Ullah, "A Machine Learning-Based Classification and Prediction Technique for DDoS Attacks", IEEE Access, vol. pp.21443–21454, 2022.
[28] Mihoub, O.B. Fredj, O. Cheikhrouhou, " Denial of service attack detection and mitigation for internet of things using looking-back-enabled machine learning techniques", Computers & Electrical Engineering, vol. 98, pp.107716, 2022.
[29] Alidoosti, A. Nowroozi, A. Nickabadi, "Assessing of Web Application Resiliency against Flooding DoS Attacks in the Business Layer", Tabriz Journal of Electrical Engineering, vol. 49, pp. 1757–1767, 2020.
[30] B. Gaikwad, V. Tiwari, A. Keskar, N.C. Shivaprakash, "Efficient FPGA implementation of multilayer perceptron for real-time human activity classification", IEEE Access, vol. 7, pp. 26696–26706, 2019.
[31] S. Das, P. Roy, "A deep dive into deep learning techniques for solving spoken language identification problems", In: Intelligent Speech Signal Processing. Elsevier, pp. 81–100, 2019.
[32] Atefinia, M. Ahmadi, "Network intrusion detection using multi-architectural modular deep neural network", Journal of Supercomputing, vol. 77, pp. 3571–3593, 2021.
[33] Ramírez-Gallego, B. Krawczyk, S. García, "A survey on data preprocessing for data stream mining: Current status and future directions", Neurocomputing, vol. 239, pp.39–57, 2017.
[34] Bergstra, Y. Bengio, "Random search for hyper-parameter optimization", Journal of Machine Learning Research, vol. 13(1), pp. 281-305, 2012.
[35] A. Fayed, A.F. Atiya, "Speed up grid-search for parameter selection of support vector machines", Applied Soft Computing, vol. 80, pp. 202–210, 2019.
[36] S. Elsayed, N.A. Le-Khac, S. Dev, A.D. Jurcut, "Ddosnet: A deep-learning model for detecting network attacks", In: 2020 IEEE 21st International Symposium on" A World of Wireless, Mobile and Multimedia Networks"(WoWMoM). IEEE, pp. 391–396, 2020.
[37] Ferri, P. Flach, J. Hernández-Orallo, "Learning decision trees using the area under the ROC curve", Conference: Machine Learning, Proceedings of the Nineteenth International Conference (ICML 2002), pp. 139–146, 2002.
[38] H. Park, J.M. Goo, C.H. Jo, "Receiver operating characteristic (ROC) curve: practical review for radiologists", Korean Journal of Radiology, vol. 5, pp. 11–18, 2004.
[39] Abadi, P. Barham, J. Chen, "Tensorflow: A system for large-scale machine learning", In: 12th symposium on operating systems design and implementation, pp. 265–283, 2016.
[40] Keras: the Python deep learning API. https://keras.io/. Accessed 13 Nov 2021.
[41] R. Harris, K.J. Millman, S.J. Walt, "Array programming with NumPy", Nature, vol. 585, pp. 357–362, 2020.
[42] Pedregosa, G. Varoquaux, A. Gramfort, "Scikit-learn: Machine learning in Python", Journal of Machine Learning Research, vol. 12, pp. 2825–2830, 2011.
[43] Géron, "Hands-on machine learning with Scikit-Learn, Keras, and TensorFlow: Concepts, tools, and techniques to build intelligent systems", O’Reilly Media, 2019.
[44] 1998 DARPA Intrusion Detection Evaluation Dataset | MIT Lincoln Laboratory. https://www.ll.mit.edu/r-d/datasets/1998-darpa-intrusion-detection-evaluation-dataset. Accessed 15 Nov 2021.
[45] McHugh, "Testing intrusion detection systems: a critique of the 1998 and 1999 darpa intrusion detection system evaluations as performed by lincoln laboratory", ACM Transactions on Information and System Security (TISSEC), vol. 3, pp. 262–294, 2000.
[46] KDD Cup 1999 Data. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. Accessed 15 Nov 2021.
[47] (2010) The CAIDA “DDoS Attack 2007” Dataset. In: CAIDA. https://www.caida.org/catalog/datasets/ddos-20070804_dataset/. Accessed 15 Nov 2021.
[48] (2019) The CAIDA Anonymized Internet Traces Data Access. In: CAIDA. https://www.caida.org/catalog/datasets/passive_dataset_download/. Accessed 15 Nov 2021.
[49] Tavallaee, E. Bagheri, W. Lu, A.A. Ghorbani, "A detailed analysis of the KDD CUP 99 data set", In: 2009 IEEE symposium on computational intelligence for security and defense applications, IEEE, pp. 1–6, 2009.
[50] Shiravi, H. Shiravi, M. Tavallaee, A.A. Ghorbani, "Toward developing a systematic approach to generate benchmark datasets for intrusion detection", Computers & Security, vol. 31, pp. 357–374, 2012.
[51] Sharafaldin, A.H. Lashkari, A.A. Ghorbani, "Toward generating a new intrusion detection dataset and intrusion traffic characterization", Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP), vol. 1, pp.108–116, 2018.
[52] Applications | Research | Canadian Institute for Cybersecurity | UNB. https://www.unb.ca/cic/research/applications.html. Accessed 10 Nov 2021.
[53] DDoS 2019 | Datasets | Research | Canadian Institute for Cybersecurity | UNB. https://www.unb.ca/cic/datasets/ddos-2019.html. Accessed 30 Nov 2021