Next Article in Journal
Decision Making with STPA through Markov Decision Process, a Theoretic Framework for Safe Human-Robot Collaboration
Previous Article in Journal
Efficacy of an Acupressure Mat in Association with Therapeutic Exercise in the Management of Chronic Low Back Pain: A Prospective Randomized Controlled Study
 
 
Article

Detection of Unknown DDoS Attacks with Deep Learning and Gaussian Mixture Model

1
Department of Electronic Engineering, National Kaohsiung University of Science and Technology, Kaohsiung 807618, Taiwan
2
Genie Networks Ltd., Taipei 11444, Taiwan
*
Author to whom correspondence should be addressed.
Academic Editor: Eui-Nam Huh
Appl. Sci. 2021, 11(11), 5213; https://doi.org/10.3390/app11115213
Received: 6 May 2021 / Revised: 28 May 2021 / Accepted: 1 June 2021 / Published: 4 June 2021
DDoS (Distributed Denial of Service) attacks have become a pressing threat to the security and integrity of computer networks and information systems, which are indispensable infrastructures of modern times. The detection of DDoS attacks is a challenging issue before any mitigation measures can be taken. ML/DL (Machine Learning/Deep Learning) has been applied to the detection of DDoS attacks with satisfactory achievement. However, full-scale success is still beyond reach due to an inherent problem with ML/DL-based systems—the so-called Open Set Recognition (OSR) problem. This is a problem where an ML/DL-based system fails to deal with new instances not drawn from the distribution model of the training data. This problem is particularly profound in detecting DDoS attacks since DDoS attacks’ technology keeps evolving and has changing traffic characteristics. This study investigates the impact of the OSR problem on the detection of DDoS attacks. In response to this problem, we propose a new DDoS detection framework featuring Bi-Directional Long Short-Term Memory (BI-LSTM), a Gaussian Mixture Model (GMM), and incremental learning. Unknown traffic captured by the GMM are subject to discrimination and labeling by traffic engineers, and then fed back to the framework as additional training samples. Using the data sets CIC-IDS2017 and CIC-DDoS2019 for training, testing, and evaluation, experiment results show that the proposed BI-LSTM-GMM can achieve recall, precision, and accuracy up to 94%. Experiments reveal that the proposed framework can be a promising solution to the detection of unknown DDoS attacks. View Full-Text
Keywords: distributed denial of service (DDoS); machine learning; long short-term memory (LSTM); gaussian mixture model; incremental learning distributed denial of service (DDoS); machine learning; long short-term memory (LSTM); gaussian mixture model; incremental learning
Show Figures

Figure 1

MDPI and ACS Style

Shieh, C.-S.; Lin, W.-W.; Nguyen, T.-T.; Chen, C.-H.; Horng, M.-F.; Miu, D. Detection of Unknown DDoS Attacks with Deep Learning and Gaussian Mixture Model. Appl. Sci. 2021, 11, 5213. https://doi.org/10.3390/app11115213

AMA Style

Shieh C-S, Lin W-W, Nguyen T-T, Chen C-H, Horng M-F, Miu D. Detection of Unknown DDoS Attacks with Deep Learning and Gaussian Mixture Model. Applied Sciences. 2021; 11(11):5213. https://doi.org/10.3390/app11115213

Chicago/Turabian Style

Shieh, Chin-Shiuh, Wan-Wei Lin, Thanh-Tuan Nguyen, Chi-Hong Chen, Mong-Fong Horng, and Denis Miu. 2021. "Detection of Unknown DDoS Attacks with Deep Learning and Gaussian Mixture Model" Applied Sciences 11, no. 11: 5213. https://doi.org/10.3390/app11115213

Find Other Styles
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Back to TopTop