A deep learning approach for detection of DDoS attacks

Abstract

Despite its numerous benefits, the Internet is prone to various crimes such as misinformation dissemination, hacking, and attacks. A Denial of Service (DoS) attack is a type of attack that prevents access to online services. If the attack is carried out using one machine, it is referred to as a DoS attack. To mitigate these consequences, it is essential to have a method of detecting DDoS attacks. Although there are many security solutions available, the attackers frequent changes in attack methods pose a challenge for security systems to remain up-to-date. Additionally, existing Machine Learning (ML) strategies are limited to known attack patterns and require annotated data. The existing prominent research in network security has heavily relied on publicly available simulated datasets to test defense mechanisms. Further, the significant increase in network traffic volume over time has caused most existing DDoS defense solutions to fail, as they have not been validated on large volumes of traffic. Additionally, many existing datasets have been created through simulation, and those generated through emulation do not adequately represent a diverse range of attack types. The thesis s 1st contribution involves performing a systematic review of the literature on DL-based detection systems. The objective is to categorize state-of-the-art Deep Learning (DL) methods for identifying Distributed Denial of Service (DDoS) attacks according to common criteria. The 2nd contribution of this thesis involves examining and comparing datasets from 2011 to 2021. This analysis is useful for presenting taxonomy of DDoS attacks and developing a Testbed (TB) for the DDoS attacks at the Application and Transport layer 2022 (DDoSAT-2022) dataset. The 3rd contribution involves developing a method to detect DDoS attacks using DL algorithms and features from two datasets - CICDDoS2019 and DDoS-AT-2022. newline