research-article

DAD-MCNN: DDoS Attack Detection via Multi-channel CNN

Authors:

Zhen WangAuthors Info & Claims

ICMLC '19: Proceedings of the 2019 11th International Conference on Machine Learning and Computing

Pages 484 - 488

https://doi.org/10.1145/3318299.3318329

Published: 22 February 2019 Publication History

Abstract

With the continuous development of web services, the web security becomes more and more important. Distributed Denial of Service (DDoS) attack as one of the most common form of attacks, has produced serious economic damages. DDoS attack detection as one of main defense methods is suffered increasing attention by researchers. Most of them use machine learning methods to make good detection performance. However, there are still gaps between real detection rate and expected one, conventional machine learning methods are limited compared with deep learning. In this paper, we propose DAD-MCNN, a multi-channel CNN(MC-CNN) based DDoS attack detection framework, which can fully utilize information from a huge amount of network packages and set up an earlier warning system. Our contributions can be summarized as follows: (1) we propose a new preprocessing method for the network dataset. (2) MC-CNN is applied to detect DDoS attack and the detection result is decided by data in respective channels. (3) We use incremental training method to optimize training procedures and time in MC-CNN. (4) The experiment result shows that MC-CNN has the highest accuracy compared with conventional machine learning methods. The result also proves that our approach has performed well not only in DDoS attack detection but also in other anomaly attack detection.

References

[1]

Douligeris, C. and Mitrokotsa, A. 2003. DDoS attacks and defense mechanisms: a classification. In Proceedings of the 3rd IEEE International Symposium on Signal Processing and Information Technology, 2003. ISSPIT 2003. IEEE, 190--193.

[2]

Zhou, W., Jia, W., Wen, S., Xiang, Y., and Zhou, W. 2014. Detection and defense of application-layer DDoS attacks in backbone web traffic. Future Generation Computer Systems 38, 36--46.

[3]

Spyridopoulos, T., Karanikas, G., Tryfonas, T., Oikonomou, G., and Security 2013. A game theoretic defence framework against DoS/DDoS cyber attacks. Computers 38, 39--50.

Digital Library

[4]

Han, Y., He, F., Tan, X., and Yu, H. 2017. Effective small interfering RNA design based on convolutional neural network. In 2017 IEEE International Conference on Bioinformatics and Biomedicine (BIBM), 16--21.

[5]

Shi, H., Ushio, T., Endo, M., Yamagami, K., and Horii, N. 2016. A multichannel convolutional neural network for cross-language dialog state tracking. In 2016 IEEE Spoken Language Technology Workshop (SLT), 559--564.

[6]

Xu, X., Sun, Y., and Huang, Z. 2007. Defending DDoS attacks using hidden Markov models and cooperative reinforcement learning. In Pacific-Asia Workshop on Intelligence and Security Informatics Springer, 196--207.

Digital Library

[7]

Berral, J.L., Poggi, N., Alonso, J., Gavalda, R., Torres, J., and Parashar, M. 2008. Adaptive distributed mechanism against flooding network attacks based on machine learning. In Proceedings of the 1st ACM workshop on Workshop on AISec ACM, 43--50.

Digital Library

[8]

Manikopoulos, C. and Papavassiliou, S. 2002. Network intrusion and fault detection: a statistical anomaly approach. IEEE Communications Magazine 40, 10, 76--82.

Digital Library

[9]

Hsieh, C.-J. and Chan, T.-Y. 2016. Detection DDoS attacks based on neural-network using Apache Spark. In 2016 International Conference on Applied System Innovation (ICASI), IEEE, 1--4.

[10]

Zhao, T., Lo, D.C.-T., and Qian, K. 2015. A neural-network based DDoS detection system using hadoop and HBase. In High Performance Computing and Communications (HPCC)

Digital Library

[11]

Yuan, X., Li, C., and Li, X. 2017. DeepDefense: Identifying DDoS Attack via Deep Learning. In 2017 IEEE International Conference on Smart Computing (SMARTCOMP) IEEE, 1--8.

[12]

Jaderberg, M., Vedaldi, A., and Zisserman, A. 2014. Deep features for text spotting. In European conference on computer vision Springer, 512--528.

[13]

Farabet, C., Couprie, C., Najman, L., Lecun, Y., and Intelligence, M. 2013. Learning hierarchical features for scene labeling. IEEE transactions on pattern analysis 35, 8, 1915--1929.

Digital Library

[14]

Lecun, Y., Bottou, L., Bengio, Y., and Haffner, P. 1998. Gradient-based learning applied to document recognition. Proceedings of the IEEE 86, 11, 2278--2324.

[15]

Cup, K.: Dataset. available at the following website http://kdd. ics. uci. edu/databases/kddcup99/kddcup99. html 72 (1999).

[16]

Gharib, A., Sharafaldin, I., Lashkari, A.H., and Ghorbani, A.A. 2016. An evaluation framework for intrusion detection dataset. In 2016 International Conference on Information Science and Security (ICISS), 1--6

Cited By

Tiwari AKumar D(2024)Sentinel Shield: Leveraging ConvLSTM and Elephant Herd Optimization for Advanced Network Intrusion DetectionICST Transactions on Scalable Information Systems10.4108/eetsis.573711:6Online publication date: 26-Jun-2024
https://doi.org/10.4108/eetsis.5737
Rivas POrduz JJui TDeCusatis CKhanal B(2024)Quantum-Enhanced Representation Learning: A Quanvolutional Autoencoder Approach against DDoS ThreatsMachine Learning and Knowledge Extraction10.3390/make60200446:2(944-964)Online publication date: 1-May-2024
https://doi.org/10.3390/make6020044
Anley MGenovese AAgostinello DPiuri V(2024)Robust DDoS attack detection with adaptive transfer learningComputers & Security10.1016/j.cose.2024.103962144(103962)Online publication date: Sep-2024
https://doi.org/10.1016/j.cose.2024.103962
Show More Cited By

Index Terms

DAD-MCNN: DDoS Attack Detection via Multi-channel CNN
1. Networks
  1. Network properties
    1. Network security
      1. Denial-of-service attacks

Recommendations

Software-defined DDoS detection with information entropy analysis and optimized deep learning
Abstract
Software Defined Networking (SDN) decouples the control plane and the data plane and solves the difficulty of new services deployment. However, the threat of a single point of failure is also introduced at the same time. Attackers ...
Graphical abstract

Display Omitted
Highlights
- A two-level DDoS attack detection method based on information entropy and deep learning in the context of SDN.
A novel framework of DDoS attack detection in network using hybrid heuristic deep learning approaches with attention mechanism

The “Distributed Denial of Service (DDoS)” threats have become a tool for the hackers, cyber swindlers, and cyber terrorists. Despite the high amount of conventional mitigation mechanisms that are present nowadays, the DDoS threats continue to enhance in ...
Real-time DDoS attack detection using FPGA

A real-time DDoS attack detection method should identify attacks with low computational overhead. Although a large number of statistical methods have been designed for DDoS attack detection, real-time statistical solution to detect DDoS attacks in ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ICMLC '19: Proceedings of the 2019 11th International Conference on Machine Learning and Computing

February 2019

563 pages

ISBN:9781450366007

DOI:10.1145/3318299

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

Southwest Jiaotong University

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 February 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ICMLC '19

ICMLC '19: 2019 11th International Conference on Machine Learning and Computing

February 22 - 24, 2019

Zhuhai, China

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

22
Total Citations
View Citations
422
Total Downloads

Downloads (Last 12 months)58
Downloads (Last 6 weeks)2

Reflects downloads up to 01 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Tiwari AKumar D(2024)Sentinel Shield: Leveraging ConvLSTM and Elephant Herd Optimization for Advanced Network Intrusion DetectionICST Transactions on Scalable Information Systems10.4108/eetsis.573711:6Online publication date: 26-Jun-2024
https://doi.org/10.4108/eetsis.5737
Rivas POrduz JJui TDeCusatis CKhanal B(2024)Quantum-Enhanced Representation Learning: A Quanvolutional Autoencoder Approach against DDoS ThreatsMachine Learning and Knowledge Extraction10.3390/make60200446:2(944-964)Online publication date: 1-May-2024
https://doi.org/10.3390/make6020044
Anley MGenovese AAgostinello DPiuri V(2024)Robust DDoS attack detection with adaptive transfer learningComputers & Security10.1016/j.cose.2024.103962144(103962)Online publication date: Sep-2024
https://doi.org/10.1016/j.cose.2024.103962
Shieh CNguyen THorng M(2023)Detection of Unknown DDoS Attack Using Convolutional Neural Networks Featuring Geometrical MetricMathematics10.3390/math1109214511:9(2145)Online publication date: 3-May-2023
https://doi.org/10.3390/math11092145
Ali TChong YManickam S(2023)Machine Learning Techniques to Detect a DDoS Attack in SDN: A Systematic ReviewApplied Sciences10.3390/app1305318313:5(3183)Online publication date: 2-Mar-2023
https://doi.org/10.3390/app13053183
Kaniški MDobša JKermek D(2023)Deep Learning within the Web Application Security Scope – Literature Review2023 46th MIPRO ICT and Electronics Convention (MIPRO)10.23919/MIPRO57284.2023.10159847(1195-1200)Online publication date: 22-May-2023
https://doi.org/10.23919/MIPRO57284.2023.10159847
Fox GBoppana R(2023)On Early Detection of Anomalous Network FlowsIEEE Access10.1109/ACCESS.2023.329168611(68588-68603)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3291686
Mallampati SSeetha HBatchu R(2023)PCB-LGBM: A Hybrid Feature Selection by Pearson Correlation and Boruta-LGBM for Intrusion Detection SystemsProceedings of International Conference on Computational Intelligence and Data Engineering10.1007/978-981-99-0609-3_37(523-533)Online publication date: 18-Jun-2023
https://doi.org/10.1007/978-981-99-0609-3_37
Najafimehr MZarifzadeh SMostafavi S(2023)DDoS attacks and machine‐learning‐based detection methods: A survey and taxonomyEngineering Reports10.1002/eng2.126975:12Online publication date: 30-May-2023
https://doi.org/10.1002/eng2.12697
Ali R(2022)Detection of DDoS attack in cloud computing and its prevention: a systematic reviewi-manager’s Journal on Cloud Computing10.26634/jcc.9.1.185429:1(1)Online publication date: 2022
https://doi.org/10.26634/jcc.9.1.18542
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents