GLD-Net: Deep Learning to Detect DDoS Attack via Topological and Traffic Feature Fusion

Distributed denial of service (DDoS) attacks are the most common means of cyberattacks against infrastructure, and detection is the first step in combating them. The current DDoS detection mainly uses the improvement or fusion of machine learning and deep learning methods to improve classification p...

Descripción completa

Detalles Bibliográficos
Autores principales: Guo, Wei, Qiu, Han, Liu, Zimian, Zhu, Junhu, Wang, Qingxian
Formato: Online Artículo Texto
Lenguaje:English
Publicado: Hindawi 2022
Materias:
Research Article
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9398712/
https://www.ncbi.nlm.nih.gov/pubmed/36017461
http://dx.doi.org/10.1155/2022/4611331
_version_ 1784772374517776384
author Guo, Wei
Qiu, Han
Liu, Zimian
Zhu, Junhu
Wang, Qingxian
author_facet Guo, Wei
Qiu, Han
Liu, Zimian
Zhu, Junhu
Wang, Qingxian
author_sort Guo, Wei
collection PubMed
description Distributed denial of service (DDoS) attacks are the most common means of cyberattacks against infrastructure, and detection is the first step in combating them. The current DDoS detection mainly uses the improvement or fusion of machine learning and deep learning methods to improve classification performance. However, most classifiers are trained with statistical flow features as input, ignoring topological connection changes. This one-sidedness affects the detection accuracy and cannot provide a basis for the distribution of attack sources for defense deployment. In this study, we propose a topological and flow feature-based deep learning method (GLD-Net), which simultaneously extracts flow and topological features from time-series flow data and exploits graph attention network (GAT) to mine correlations between non-Euclidean features to fuse flow and topological features. The long short-term memory (LSTM) network connected behind GAT obtains the node neighborhood relationship, and the fully connected layer is utilized to achieve feature dimension reduction and traffic type mapping. Experiments on the NSL-KDD2009 and CIC-IDS2017 datasets show that the detection accuracy of the GLD-Net method for two classifications (normal and DDoS flow) and three classifications (normal, fast DDoS flow, and slow DDoS flow) reaches 0.993 and 0.942, respectively. Compared with the existing DDoS attack detection methods, its average improvement is 0.11 and 0.081, respectively. In addition, the correlation coefficient between the detection accuracy of attack flow and the four source distribution indicators ranges from 0.7 to 0.83, which lays a foundation for the inference of attack source distribution. Notably, we are the first to fuse topology and flow features and achieve high-performance DDoS attack intrusion detection through graph-style neural networks. This study has important implications for related research and development of network security systems in other fields.
format Online
Article
Text
id pubmed-9398712
institution National Center for Biotechnology Information
language English
publishDate 2022
publisher Hindawi
record_format MEDLINE/PubMed
spelling pubmed-93987122022-08-24 GLD-Net: Deep Learning to Detect DDoS Attack via Topological and Traffic Feature Fusion Guo, Wei Qiu, Han Liu, Zimian Zhu, Junhu Wang, Qingxian Comput Intell Neurosci Research Article Distributed denial of service (DDoS) attacks are the most common means of cyberattacks against infrastructure, and detection is the first step in combating them. The current DDoS detection mainly uses the improvement or fusion of machine learning and deep learning methods to improve classification performance. However, most classifiers are trained with statistical flow features as input, ignoring topological connection changes. This one-sidedness affects the detection accuracy and cannot provide a basis for the distribution of attack sources for defense deployment. In this study, we propose a topological and flow feature-based deep learning method (GLD-Net), which simultaneously extracts flow and topological features from time-series flow data and exploits graph attention network (GAT) to mine correlations between non-Euclidean features to fuse flow and topological features. The long short-term memory (LSTM) network connected behind GAT obtains the node neighborhood relationship, and the fully connected layer is utilized to achieve feature dimension reduction and traffic type mapping. Experiments on the NSL-KDD2009 and CIC-IDS2017 datasets show that the detection accuracy of the GLD-Net method for two classifications (normal and DDoS flow) and three classifications (normal, fast DDoS flow, and slow DDoS flow) reaches 0.993 and 0.942, respectively. Compared with the existing DDoS attack detection methods, its average improvement is 0.11 and 0.081, respectively. In addition, the correlation coefficient between the detection accuracy of attack flow and the four source distribution indicators ranges from 0.7 to 0.83, which lays a foundation for the inference of attack source distribution. Notably, we are the first to fuse topology and flow features and achieve high-performance DDoS attack intrusion detection through graph-style neural networks. This study has important implications for related research and development of network security systems in other fields. Hindawi 2022-08-16 /pmc/articles/PMC9398712/ /pubmed/36017461 http://dx.doi.org/10.1155/2022/4611331 Text en Copyright © 2022 Wei Guo et al. https://creativecommons.org/licenses/by/4.0/This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
spellingShingle Research Article
Guo, Wei
Qiu, Han
Liu, Zimian
Zhu, Junhu
Wang, Qingxian
GLD-Net: Deep Learning to Detect DDoS Attack via Topological and Traffic Feature Fusion
title GLD-Net: Deep Learning to Detect DDoS Attack via Topological and Traffic Feature Fusion
title_full GLD-Net: Deep Learning to Detect DDoS Attack via Topological and Traffic Feature Fusion
title_fullStr GLD-Net: Deep Learning to Detect DDoS Attack via Topological and Traffic Feature Fusion
title_full_unstemmed GLD-Net: Deep Learning to Detect DDoS Attack via Topological and Traffic Feature Fusion
title_short GLD-Net: Deep Learning to Detect DDoS Attack via Topological and Traffic Feature Fusion
title_sort gld-net: deep learning to detect ddos attack via topological and traffic feature fusion
topic Research Article
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9398712/
https://www.ncbi.nlm.nih.gov/pubmed/36017461
http://dx.doi.org/10.1155/2022/4611331
work_keys_str_mv AT guowei gldnetdeeplearningtodetectddosattackviatopologicalandtrafficfeaturefusion
AT qiuhan gldnetdeeplearningtodetectddosattackviatopologicalandtrafficfeaturefusion
AT liuzimian gldnetdeeplearningtodetectddosattackviatopologicalandtrafficfeaturefusion
AT zhujunhu gldnetdeeplearningtodetectddosattackviatopologicalandtrafficfeaturefusion
AT wangqingxian gldnetdeeplearningtodetectddosattackviatopologicalandtrafficfeaturefusion

Ejemplares similares