A long short-term memory enabled framework for DDoS detection

Xiaoyu Liang, Taieb Znati

Research output: Chapter in Book/Report/Conference proceedingConference contribution

41 Citations (Scopus)


The proliferation of attack-for-hire services, coupled with the advent of Internet of Things (IoT)-enabled botnets, is driving the increase of the frequency and intensity of Distributed Denial of Services (DDoS) attacks, at an alarming rate. Inspired by the success of machine learning in a variety of fields and domain applications, numerous intelligent schemes have been proposed to effectively defend against and mitigate the impact of these attacks. Traditional machine learning methods, however, are limited by the use of an expensive and error-prone feature engineering process. Feature engineering is fundamental to the application of machine learning, and is both difficult and expensive. Furthermore, the ability of these schemes to successfully detect previously unknown attacks is limited. To address these limitations, a novel DDoS detection scheme, based on Long Short-Term Memory (LSTM), is proposed. The basic tenet of the LSTM scheme is its ability to distinguish between attack and legitimate flows by only examining a relatively small number of a network flow packets. The performance evaluation results show that the LSTM-based scheme successfully learns the complex flow-level feature representations embedded in raw input traffic. Furthermore, the results show that the scheme performs better than other approaches that use sophisticated flow-level statistical features. Lastly, the results show the ability of the proposed scheme to accurately capture the dynamic behaviors of unknown network traffic exceeds that of traditional machine learning methods.

Original languageEnglish
Title of host publication2019 IEEE Global Communications Conference, GLOBECOM 2019 - Proceedings
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781728109626
Publication statusPublished - Dec 2019
Externally publishedYes
Event2019 IEEE Global Communications Conference, GLOBECOM 2019 - Waikoloa, United States
Duration: Dec 9 2019Dec 13 2019

Publication series

Name2019 IEEE Global Communications Conference, GLOBECOM 2019 - Proceedings


Conference2019 IEEE Global Communications Conference, GLOBECOM 2019
Country/TerritoryUnited States


  • DDoS Detection
  • Deep Learning
  • LSTM

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Hardware and Architecture
  • Information Systems
  • Signal Processing
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality
  • Media Technology
  • Health Informatics


Dive into the research topics of 'A long short-term memory enabled framework for DDoS detection'. Together they form a unique fingerprint.

Cite this