کاربرد شبکه‌های عصبی «حافظه بلندمدت-کوتاه‌مدت» و «پیچشی» برای شناسایی حملات ممانعت از سرویس توزیع‌شده

نوع مقاله : مقاله پژوهشی

نویسندگان

1 استادیار بخش فناوری اطلاعات دانشکده مهندسی کامپیوتر دانشگاه یزد

2 دانشکده مهندسی کامپیوتر، دانشگاه یزد، یزد، ایران

3 دانشکده مهندسی کامپیوتر، دانشگاه یزد،‌یزد، ایران

چکیده

یادگیری عمیق به دلیل توانایی در تجزیه و تحلیل الگوهای پیچیده ترافیک شبکه با قابلیت پاسخ‌های خودکار بلادرنگ، ابزار مهمی برای تشخیص حمله ممانعت از سرویس توزیع‌شده است. ولی در اینجا مسئله اصلی نوظهور بودن آن است که باعث شده بررسی کامل فرصت‌ها و چالش‌ها در این زمینه با پیاده‌سازی‌های واقعی یا نمونه داده‌های محک انجام نشده باشد. در این مقاله دو روش تشخیص حمله ممانعت از سرویس به‌وسیله یادگیری عمیق LSTM و CNN و همچنین روش پیشنهادی جدیدی با ترکیب آن‌ها معرفی می‌شود. نتایج نشان می دهد که هر دو روش LSTM و LSTM-CNN به طور مداوم از نظر درستی، دقت، بازیابی و امتیازات F1 بهتر از CNN عمل می کنند. بررسی‌های ما نشان داد که CNN می‌تواند به طور خودکار ویژگی‌هایی مانند اندازه بسته، زمان، و آدرس‌های منبع/مقصد را از ترافیک خام شبکه یاد بگیرد؛ از سوی دیگر، LSTM به‌ویژه برای تشخیص الگوهای توالی زمانی حملات در ترافیک شبکه مفید است. از طرف دیگر انتخاب بین استفاده از CNN یا LSTM برای تشخیص DDoS به ویژگی‌های خاص مجموعه‌داده حمله، و اهمیت نسبی ویژگی‌های مکانی و زمانی در شناسایی حملات DDoS بستگی دارد. در نهایت، چالش‌هایی مثل بیش‌برازش، پیچیدگی‎ رایانشی، تفسیرپذیری، محدودیت‎‌های داده و حملات‎ خصمانه بررسی می‌شود و دلیل تردید‌ها در گزارش نتایج مقالات می‌تواند به مشکلات مجموعه‌داده محک مورد استفاده مانند عدم کیفیت نمونه‌ها بر اساس اندازه‎ و تنوع محدود، عدم‎ برچسب‌گذاری، داده‎‌های نامتعادل، نسبت داده شود.

کلیدواژه‌ها

موضوعات


عنوان مقاله [English]

Using Long Short-Term Memory and Convolutional neural networks to Detect Distributed Denial of Service Attacks

نویسندگان [English]

  • S.Mojtaba Matinkhah 1
  • Ali Khakbaz 2
  • Fazlolah Adibnia 3
1 Computer Eng. Department, Yazd University, Yazd, Iran
2 Computer Engineering, Yazd University, Yazd, Iran
3 Computer Eng. Department, Yazd University, Yazd, Iran
چکیده [English]

Deep learning is an essential tool for detecting distributed denial of service (DDoS) attacks due to its ability to analyze complex network traffic patterns and respond in real-time. However, a comprehensive examination of the opportunities and challenges in this field is necessary, given its emerging nature. This examination should include real implementations or benchmark data samples. In this paper, we introduce two methods for detecting DDoS attacks: one using Long Short-Term Memory (LSTM) and the other using Convolutional Neural Networks (CNN). Additionally, we propose a new method that combines LSTM and CNN. The results demonstrate that both LSTM and LSTM-CNN methods consistently outperform CNN in terms of accuracy, precision, recovery, and F1 scores. Our investigations reveal that CNN can automatically learn features such as packet size, timing, and source/destination addresses from raw network traffic. On the other hand, LSTM is particularly useful for detecting temporal sequence patterns of attacks in network traffic. The choice between CNN or LSTM for DDoS detection depends on the specific characteristics of the attack dataset and the relative importance of spatial and temporal features in identifying DDoS attacks. Finally, we examine challenges such as overfitting, computational complexity, interpretability, data limitations, and hostile attacks. Doubts surrounding the reporting of results in literature can be attributed to problems with the benchmark dataset used, including limited sample size and variety, lack of labeling, and unbalanced data.

کلیدواژه‌ها [English]

  • CNN
  • DDoS
  • Deep Learning
  • Machine Learning
  • LSTM
[1] Z. Liu, J. Yu, B. Yan, and G. Wang, “A deep 1-D CNN and bidirectional LSTM ensemble model with arbitration mechanism for LDDoS attack detection,” IEEE Trans. Emerg. Top. Comput. Intell., vol. 6, no. 6, pp. 1396–1410, Dec. 2022.
[2] S. Bishnoi, S. Mohanty, and B. Sahoo, “A deep learning-based methodology in fog environment for DDoS attack detection,” in 2021 5th international conference on computing methodologies and communication (ICCMC), Apr. 2021, pp. 201–206.
[3] Á. L. Perales Gómez, L. F. Maimó, F. J. G. Clemente, J. A. M. Morales, A. H. Celdrán, and G. Bovet, “A methodology for evaluating the robustness of anomaly detectors to adversarial attacks in industrial scenarios,” IEEE Access Pract. Innov. Open Solut., vol. 10, pp. 124582–124594, 2022.
[4] M. I. Sayed, I. M. Sayem, S. Saha, and A. Haque, “A multi-classifier for DDoS attacks using stacking ensemble deep neural network,” in 2022 international wireless communications and mobile computing (IWCMC), May 2022, pp 1125–1130.
[5] A. Zainudin, L. A. C. Ahakonye, R. Akter, D.-S. Kim, and J.-M. Lee, “An efficient hybrid-DNN for DDoS detection and classification in software-defined IIoT networks,” IEEE Internet Things J., pp. 1–1, 2022.
[6] C. Yue, L. Wang, D. Wang, R. Duo, and X. Nie, “An ensemble intrusion detection method for train ethernet consist network based on CNN and RNN,” IEEE Access Pract. Innov. Open Solut., vol. 9, pp. 59527–59539, 2021.
[7] M. Roopak, G. Y. Tian, and J. Chambers, “An intrusion detection system against DDoS attacks in IoT networks,” in 2020 10th annual computing and communication workshop and conference (CCWC), Jan. 2020, pp. 0562–0567.
[8] J. Mao, M. Zhang, and Q. Xu, “CNN and LSTM based data-driven cyberattack detection for grid-connected PV inverter,” in 2022 IEEE 17th international conference on control & automation (ICCA), Jun. 2022, pp. 704–709.
[9] V. Gaur and R. Kumar, “DDoSLSTM: Detection of distributed denial of service attacks on IoT devices using LSTM model,” in 2022 international conference on communication, computing and internet of things (IC3IoT), Mar. 2022, pp. 01–07.
[10] Vaswani et al., “Attention is all you need,” in Advances in neural information processing systems, 2017, vol. 30.
[11] T. Lee, L. Chang, and C. Syu, “Deep Learning Enabled Intrusion Detection and Prevention System over SDN Networks,” in 2020 IEEE International Conference on Communications Workshops (ICC Workshops), Jun. 2020, pp. 1–6.
[12] M. Roopak, G. Yun Tian, and J. Chambers, “Deep learning models for cyber security in IoT networks,” in 2019 IEEE 9th annual computing and communication workshop and conference (CCWC), Jan. 2019, pp. 0452–0457.
[13] B. Nugraha and R. N. Murthy, “Deep learning-based slow DDoS attack detection in SDN-based networks,” in 2020 IEEE conference on network function virtualization and software defined networks (NFV-SDN), Nov. 2020, pp. 51–56.
[14] J. Spaulding and A. Mohaisen, “Defending internet of things against malicious domain names using D-FENS,” in 2018 IEEE/ACM symposium on edge computing (SEC), Oct. 2018, pp. 387–392.
[15] V. Kachavimath and Narayan D. G, “Distributed denial of service attacks detection using deep learning in software defined network,” in 2022 13th international conference on computing communication and networking technologies (ICCCNT), Oct. 2022, pp. 1–5.
[16] M. Ahsan, N. Rifat, M. Chowdhury, and R. Gomes, “Intrusion detection for IoT network security with deep neural network,” in 2022 IEEE international conference on electro information technology (eIT), May 2022, pp. 467–472.
[17] M. H. Haghighat and J. Li, “Intrusion detection system using voting-based neural network,” Tsinghua Sci. Technol., vol. 26, no. 4, pp. 484–495, Aug. 2021.
[18] N. Ruiz, B. Tavera, and A.-S. Abuzneid, “Intrusion detection system: The use of neural network packet classification,” in 2020 international conference on computational science and computational intelligence (CSCI), Dec. 2020, pp. 1276–1281.
[19] Hekmati, E. Grippo, and B. Krishnamachari, “Neural networks for DoS attack detection using an enhanced urban IoT dataset,” in 2022 international conference on computer communications and networks (ICCCN), Jul. 2022, pp. 1–8.
[20] M. Basnet, S. Poudyal, Mohd. H. Ali, and D. Dasgupta, “Ransomware detection using deep learning in the SCADA system of electric vehicle charging station,” in 2021 IEEE PES innovative smart grid technologies conference - latin america (ISGT latin america), Sep. 2021, pp. 1–5.
[21] M. Sarhan, S. Layeghy, N. Moustafa, and M. Portmann, "Netflow datasets for machine learning-based network intrusion detection systems," in Big Data Technologies and Applications: 10th EAI International Conference, BDTA 2020, and 13th EAI International Conference on Wireless Internet, WiCON 2020, Virtual Event, December 11, 2020, Proceedings, vol. 10, pp. 117-135, Springer International Publishing, 2021.