research-article

A hybrid deep learning model based low‐rate DoS attack detection method for software defined network

Authors:

Qingyu WuAuthors Info & Claims

Transactions on Emerging Telecommunications Technologies, Volume 33, Issue 5

https://doi.org/10.1002/ett.4443

Published: 27 May 2022 Publication History

Abstract

The low‐rate DoS (LDoS) attack is a new kind of network attack which has the characteristics such as low speed and good concealment. The software defined network, as a new type of network architecture, also faces the threat from LDoS attacks. In this article, we propose a detection method of LDoS attacks based on a hybrid deep learning model CNN‐GRU: the convolutional neural network (CNN) and the gated recurrent unit (GRU). First, we extract field values such as n_packets and n_bytes, from the flow rule, and construct the average numbers of packets and bytes as the input data of the hybrid model. Then, to enhance the detection performance of the hybrid model, we improve the sailfish algorithm to optimize the hyperparameters of CNN and GRU automatically in the training process. Finally, we adopt hyperparameter optimized CNN and GRU to extract deeper spatial and temporal features of input data, respectively, which achieves accurate detection of the LDoS attack. The experimental results demonstrate that the proposed hybrid deep learning model‐based method outperforms other traditional machine learning algorithms in terms of detection efficiency and accuracy.

Graphical Abstract

A hybrid deep learning model based on the convolutional neural network and the gated recurrent unit is designed to detect the low‐rate DoS attack in software defined networks.

References

[1]

He Y, Liu T, Cao Q, Xiong Q, Han Y. A survey of low‐rate denial‐of‐service attacks. J Front Comput Sci Technol. 2008;2(1):1‐19.

[2]

Kuzmanovic A, Knightly EW. Low‐rate TCP‐targeted denial of service attacks and counter strategies. IEEE/ACM Trans Netw. 2006;14(4):683‐696.

Digital Library

[3]

Tang D, Tang L, Shi W, Zhan S, Yang Q. MF‐CNN: a new approach for LDoS attack detection based on multi‐feature fusion and CNN. Mob Netw Appl. 2021;26(4):1705‐1722.

Digital Library

[4]

Tang D, Dai R, Tang L, Zhan S, Man J. Low‐rate dos attack detection based on two‐step cluster analysis. Proceedings of the International Conference on Information and Communications Security; 2018:92‐104; Springer, New York, NY.

[5]

Wen K, Yang J, Zhang B. Survey on research and progress of low‐rate denial of service attacks. J Softw. 2014;25(3):591‐605.

[6]

Kreutz D, Ramos FM, Verissimo PE, Rothenberg CE, Azodolmolky S, Uhlig S. Software‐defined networking: a comprehensive survey. Proc IEEE. 2014;103(1):14‐76.

[7]

Rehmani MH, Davy A, Jennings B, Assi C. Software defined networks‐based smart grid communication: a comprehensive survey. IEEE Commun Surv Tutor. 2019;21(3):2637‐2670.

[8]

Pascoal TA, Dantas YG, Fonseca IE, Nigam V. Slow TCAM exhaustion DDoS attack. Proceedings of the IFIP International Conference on ICT Systems Security and Privacy Protection; 2017:17‐31; Springer, New York, NY.

[9]

LeCun Y, Bengio Y, Hinton G. Deep learning nature. Nature. 2015;521(7553):436‐444.

[10]

Serte S, Serener A, Al‐Turjman F. Deep learning in medical imaging: a brief review. Trans Emerg Telecommun Technol. 2020;e4080.

[11]

Zhang Q, Yang LT, Chen Z, Li P. A survey on deep learning for big data. Inf Fusion. 2018;42:146‐157.

[12]

Acharya UR, Fujita H, Oh SL, Hagiwara Y, Tan JH, Adam M. Application of deep convolutional neural network for automated detection of myocardial infarction using ECG signals. Inf Sci. 2017;415:190‐198.

[13]

Sujitha B, Parvathy VS, Lydia EL, Rani P, Polkowski Z, Shankar K. Optimal deep learning based image compression technique for data transmission on industrial internet of things applications. Trans Emerg Telecommun Technol. 2021;32(7):e3976.

Digital Library

[14]

Liu J, Wu C, Wang J. Gated recurrent units based neural network for time heterogeneous feedback recommendation. Inf Sci. 2018;423:50‐65.

Digital Library

[15]

Hossain MS, Muhammad G. Emotion recognition using deep learning approach from audio–visual emotional big data. Inf Fusion. 2019;49:69‐78.

Digital Library

[16]

Wang Y, Wei X, Shen H, Ding L, Wan J. Robust fusion for RGB‐D tracking using CNN features. Appl Soft Comput. 2020;92:106302.

[17]

Nguyen TT, Hoang TD, Pham MT, et al. Monitoring agriculture areas with satellite images and deep learning. Appl Soft Comput. 2020;95:106565.

[18]

Saleem N, Khattak MI. Multi‐scale decomposition based supervised single channel deep speech enhancement. Appl Soft Comput. 2020;95:106666.

[19]

Cao J, Xu M, Li Q, Sun K, Yang Y, Zheng J. Disrupting sdn via the data plane: a low‐rate flow table overflow attack. Proceedings of the International Conference on Security and Privacy in Communication Systems; 2017:356‐376; Springer, New York, NY.

[20]

Chen H, Chen Y. A novel embedded accelerator for online detection of shrew DDoS attacks. Proceedings of the 2008 International Conference on Networking, Architecture, and Storage; 2008:365‐372; IEEE, Chongqing, China.

[21]

Kwok YK, Tripathi R, Chen Y, Hwang K. HAWK: halting anomalies with weighted choking to rescue well‐behaved TCP sessions from shrew DDoS attacks. Proceedings of the International Conference on Networking and Mobile Computing; 2005:423‐432; Springer, New York, NY.

[22]

Wu Z, Zhang L, Yue M. Low‐rate DoS attacks detection based on network multifractal. IEEE Trans Depend Secure Comput. 2015;13(5):559‐567.

[23]

Wu Z, Wang M, Yan C, Yue M. Low‐rate DoS attack flows filtering based on frequency spectral analysis. China Commun. 2017;14(6):98‐112.

[24]

Wu Z, Pan Q, Yue M, Liu L. Sequence alignment detection of TCP‐targeted synchronous low‐rate DoS attacks. Comput Netw. 2019;152:64‐77.

Digital Library

[25]

Chen Z, Yeo CK, Lee BS, Lau CT. Power spectrum entropy based detection and mitigation of low‐rate DoS attacks. Comput Netw. 2018;136:80‐94.

[26]

Wu ZJ, Pei BS. The detection of LDoS attack based on the model of small signal. Dianzi Xuebao(Acta Electron Sin). 2011;39(6):1456‐1460.

[27]

Pascoal TA, Fonseca IE, Nigam V. Slow denial‐of‐service attacks on software defined networks. Comput Netw. 2020;173:107223. https://doi.org/10.1016/j.ins.2016.10.012

[28]

Sahoo KS, Puthal D, Tiwary M, Rodrigues JJ, Sahoo B, Dash R. An early detection of low rate DDoS attack to SDN based data center networks using information distance metrics. Futur Gener Comput Syst. 2018;89:685‐697.

Digital Library

[29]

Wang W, Ke X, Wang L. A HMM‐R approach to detect L‐DDoS attack adaptively on SDN controller. Future Internet. 2018;10(9):83.

[30]

Zhijun W, Qing X, Jingjie W, Meng Y, Liang L. Low‐rate DDoS attack detection based on factorization machine in software defined network. IEEE Access. 2020;8:17404‐17418.

[31]

Cerda P, Varoquaux G. Encoding high‐cardinality string categorical variables. IEEE Trans Knowl Data Eng. 2020. https://doi.org/10.1109/TKDE.2020.2992529

[32]

Czekaj L, Ziembla W, Jezierski P et al. Labeler‐hot detection of EEG epileptic transients. Proceedings of the 2019 27th European Signal Processing Conference (EUSIPCO); 2019:1‐5; IEEE, A Coruña, Spain.

[33]

Chan FT, Wang Z, Patnaik S, Tiwari M, Wang X, Ruan J. Ensemble‐learning based neural networks for novelty detection in multi‐class systems. Appl Soft Comput. 2020;93:106396.

[34]

Singh D, Singh B. Investigating the impact of data normalization on classification performance. Appl Soft Comput. 2020;97:105524.

[35]

Sun Y, Xue B, Zhang M, Yen GG. A particle swarm optimization‐based flexible convolutional autoencoder for image classification. IEEE Trans Neural Netw Learn Syst. 2018;30(8):2295‐2309.

[36]

Sun Y, Xue B, Zhang M, Yen GG. Evolving deep convolutional neural networks for image classification. IEEE Trans Evol Comput. 2019;24(2):394‐407.

[37]

Yang L, Shami A. On hyperparameter optimization of machine learning algorithms: theory and practice. Neurocomputing. 2020;415:295‐316.

[38]

Shadravan S, Naji H, Bardsiri VK. The sailfish optimizer: a novel nature‐inspired metaheuristic algorithm for solving constrained engineering optimization problems. Eng Appl Artif Intell. 2019;80:20‐34.

Digital Library

[39]

Ghosh KK, Ahmed S, Singh PK, Geem ZW, Sarkar R. Improved binary sailfish optimizer based on adaptive β‐hill climbing for feature selection. IEEE Access. 2020;8:83548‐83560.

[40]

Li H, Liu X, Huang Z, et al. Newly emerging nature‐inspired optimization‐algorithm review, unified framework, evaluation, and behavioural parameter optimization. IEEE Access. 2020;8:72620‐72649.

[41]

Arora S, Anand P. Chaotic grasshopper optimization algorithm for global optimization. Neural Comput Appl. 2019;31(8):4385‐4405.

Digital Library

[42]

Vinayakumar R, Alazab M, Soman K, Poornachandran P, Al‐Nemrat A, Venkatraman S. Deep learning approach for intelligent intrusion detection system. IEEE Access. 2019;7:41525‐41550.

[43]

Hassan MM, Gumaei A, Alsanad A, Alrubaian M, Fortino G. A hybrid deep learning model for efficient intrusion detection in big data environment. Inf Sci. 2020;513:386‐396.

Digital Library

[44]

Shiravi A, Shiravi H, Tavallaee M, Ghorbani AA. Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput Secur. 2012;31(3):357‐374.

Digital Library

[45]

Sharafaldin I, Lashkari AH, Hakak S, Ghorbani AA. Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy. Proceedings of the 2019 International Carnahan Conference on Security Technology (ICCST); 2019:1‐8; IEEE, Chennai, India.

[46]

Long J, Zhang S, Li C. Evolving deep echo state networks for intelligent fault diagnosis. IEEE Trans Ind Inform. 2019;16(7):4928‐4937.

[47]

Pektaş A, Acarman T. A deep learning method to detect network intrusion through flow‐based features. Int J Netw Manag. 2019;29(3):e2050.

Digital Library

[48]

Asad M, Asim M, Javed T, Beg MO, Mujtaba H, Abbas S. Deepdetect: detection of distributed denial of service attacks using deep learning. Comput J. 2020;63(7):983‐994.

Cited By

Sekaran KLawrence S(2024)Mutation boosted salp swarm optimizer meets rough set theoryTransactions on Emerging Telecommunications Technologies10.1002/ett.495335:3Online publication date: 11-Mar-2024
https://dl.acm.org/doi/10.1002/ett.4953
Lin SZhang KGuan DHe LChen Y(2023)An intrusion detection method based on granular autoencodersJournal of Intelligent & Fuzzy Systems: Applications in Engineering and Technology10.3233/JIFS-22364944:5(8413-8424)Online publication date: 1-Jan-2023
https://dl.acm.org/doi/10.3233/JIFS-223649

Index Terms

A hybrid deep learning model based low‐rate DoS attack detection method for software defined network

Index terms have been assigned to the content through auto-classification.

Recommendations

Characterization, Detection and Mitigation of Low-Rate DoS attack
ICTCS '14: Proceedings of the 2014 International Conference on Information and Communication Technology for Competitive Strategies

Now a day's web services become key aspect of life. Unfortunately there are several threats to these services. These threats are phishing, e-mail borne viruses, Trojan horse programs, Denial of Service etc. Among of them Distributed Denial of Service ...
Survey of low rate DoS attack detection mechanisms
ICWET '11: Proceedings of the International Conference & Workshop on Emerging Trends in Technology

As opposed to the conventional DoS attacks, Low rate DOS attacker injects a short burst of traffic periodically to fill up the bottleneck buffers right before the expiration of the sender's RTO. This forces the sender's TCP connections to timeout with ...
Low-Rate DoS Attack Detection Based on Two-Step Cluster Analysis
Information and Communications Security
Abstract
The low-rate denial of service (LDoS) attacks reduce the throughput of TCP traffic by sending high rate and short duration bursts periodically to the victim. Although many LDoS attack detection methods have been proposed, LDoS attacks are still ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Transactions on Emerging Telecommunications Technologies

Transactions on Emerging Telecommunications Technologies Volume 33, Issue 5

May 2022

629 pages

EISSN:2161-3915

DOI:10.1002/ett.v33.5

Issue’s Table of Contents

© 2022 John Wiley & Sons, Ltd.

Publisher

John Wiley & Sons, Inc.

United States

Publication History

Published: 27 May 2022

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 14 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Sekaran KLawrence S(2024)Mutation boosted salp swarm optimizer meets rough set theoryTransactions on Emerging Telecommunications Technologies10.1002/ett.495335:3Online publication date: 11-Mar-2024
https://dl.acm.org/doi/10.1002/ett.4953
Lin SZhang KGuan DHe LChen Y(2023)An intrusion detection method based on granular autoencodersJournal of Intelligent & Fuzzy Systems: Applications in Engineering and Technology10.3233/JIFS-22364944:5(8413-8424)Online publication date: 1-Jan-2023
https://dl.acm.org/doi/10.3233/JIFS-223649

View Options

View options

Figures

Tables

Media

View Issue’s Table of Contents