Advancing DDoS Attack Detection: A Synergistic Approach Using Deep Residual Neural Networks and Synthetic Oversampling (2401.03116v1)
Abstract: Distributed Denial of Service (DDoS) attacks pose a significant threat to the stability and reliability of online systems. Effective and early detection of such attacks is pivotal for safeguarding the integrity of networks. In this work, we introduce an enhanced approach for DDoS attack detection by leveraging the capabilities of Deep Residual Neural Networks (ResNets) coupled with synthetic oversampling techniques. Because of the inherent class imbalance in many cyber-security datasets, conventional methods often struggle with false negatives, misclassifying subtle DDoS patterns as benign. By applying the Synthetic Minority Over-sampling Technique (SMOTE) to the CICIDS dataset, we balance the representation of benign and malicious data points, enabling the model to better discern intricate patterns indicative of an attack. Our deep residual network, tailored for this specific task, further refines the detection process. Experimental results on a real-world dataset demonstrate that our approach achieves an accuracy of 99.98%, significantly outperforming traditional methods. This work underscores the potential of combining advanced data augmentation techniques with deep learning models to bolster cyber-security defenses.
- Ahanger, T. A. 2017. An effective approach of detecting DDoS using artificial neural networks. In 2017 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET), 707–711. IEEE.
- Patient subgrouping with distinct survival rates via integration of multiomics data on a Grassmann manifold. BMC Medical Informatics and Decision Making, 22(1): 1–9.
- Detection of distributed denial of service (DDoS) attacks using artificial intelligence on cloud. In 2018 IEEE World Congress on Services (SERVICES), 35–36. IEEE.
- DDoS attack detection using IP address feature interaction. In 2009 International Conference on Intelligent Networking and Collaborative Systems, 113–118. IEEE.
- Boosting-based DDoS detection in internet of things systems. IEEE Internet of Things Journal, 9(3): 2109–2123.
- Novel approach for detection of IoT generated DDoS traffic. Wireless Networks, 27(3): 1573–1586.
- DeepSMOTE: Fusing deep learning and SMOTE for imbalanced data. IEEE Transactions on Neural Networks and Learning Systems.
- Doe, J. 2023. Top 6 DDoS Lessons for 1H 2023. Accessed: 2023-10-20.
- Ericsson. 2021. Ericsson Mobility Report - June 2021. Accessed: 2023-10-20.
- Review of detection DDOS attack detection using naive bayes classifier for network forensics. Bulletin of Electrical Engineering and Informatics, 6(2): 140–148.
- for Cybersecurity (CIC), C. I. 2017. CICFlowMeter: Network Traffic Flow Generator Tool. https://www.unb.ca/cic/datasets/ids-2017.html.
- Ghillani, D. 2022. Deep learning and artificial intelligence framework to improve the cyber security. Authorea Preprints.
- Burst header packet flood detection in optical burst switching network using deep learning model. Procedia computer science, 143: 970–977.
- Deep residual learning for image recognition. In Proceedings of the IEEE conference on computer vision and pattern recognition, 770–778.
- A game-theoretical approach for mitigating edge DDoS attack. IEEE Transactions on Dependable and Secure Computing, 19(4): 2333–2348.
- IoT DoS and DDoS attack detection using ResNet. In 2020 IEEE 23rd International Multitopic Conference (INMIC), 1–6. IEEE.
- VARMAN: Multi-plane security framework for software defined networks. Computer Communications, 148: 215–239.
- NFV security survey in 5G networks: A three-dimensional threat taxonomy. Computer Networks, 197: 108288.
- Enhancing ML-Based DoS Attack Detection Through Combinatorial Fusion Analysis. In 2023 IEEE Conference on Communications and Network Security (CNS), 1–6. IEEE.
- SYNGuard: Dynamic threshold-based SYN flood attack detection and mitigation in software-defined networks. IET Networks, 10(2): 76–87.
- SDN security review: Threat taxonomy, implications, and open challenges. IEEE Access, 10: 45820–45854.
- Real-time intrusion detection based on residual learning through ResNet algorithm. International Journal of System Assurance Engineering and Management, 1–15.
- Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp, 1: 108–116.
- DDoS attack detection using K-Nearest Neighbor classifier method. In Proceedings of the IASTED International Conference on Telehealth/Assistive Technologies, 248–253.
- A data-driven study of DDoS attacks and their dynamics. IEEE Transactions on Dependable and Secure Computing, 17(3): 648–661.
- Research on DDoS attacks detection based on RDF-SVM. In 2017 10th International Conference on Intelligent Computation Technology and Automation (ICICTA), 161–165. IEEE.
- An improved and random synthetic minority oversampling technique for imbalanced data. Knowledge-Based Systems, 248: 108839.
- A data-driven approach for intrusion and anomaly detection using automated machine learning for the Internet of Things. Soft Computing, 1–13.
- Enhancing ML-Based DoS Attack Detection with Feature Engineering: IEEE CNS 23 Poster. In 2023 IEEE Conference on Communications and Network Security (CNS), 1–2. IEEE.
- Oversampling with reliably expanding minority class regions for imbalanced data learning. IEEE Transactions on Knowledge and Data Engineering.