TY - GEN
T1 - A long short-term memory enabled framework for DDoS detection
AU - Liang, Xiaoyu
AU - Znati, Taieb
N1 - Publisher Copyright:
© 2019 IEEE.
PY - 2019/12
Y1 - 2019/12
N2 - The proliferation of attack-for-hire services, coupled with the advent of Internet of Things (IoT)-enabled botnets, is driving the increase of the frequency and intensity of Distributed Denial of Services (DDoS) attacks, at an alarming rate. Inspired by the success of machine learning in a variety of fields and domain applications, numerous intelligent schemes have been proposed to effectively defend against and mitigate the impact of these attacks. Traditional machine learning methods, however, are limited by the use of an expensive and error-prone feature engineering process. Feature engineering is fundamental to the application of machine learning, and is both difficult and expensive. Furthermore, the ability of these schemes to successfully detect previously unknown attacks is limited. To address these limitations, a novel DDoS detection scheme, based on Long Short-Term Memory (LSTM), is proposed. The basic tenet of the LSTM scheme is its ability to distinguish between attack and legitimate flows by only examining a relatively small number of a network flow packets. The performance evaluation results show that the LSTM-based scheme successfully learns the complex flow-level feature representations embedded in raw input traffic. Furthermore, the results show that the scheme performs better than other approaches that use sophisticated flow-level statistical features. Lastly, the results show the ability of the proposed scheme to accurately capture the dynamic behaviors of unknown network traffic exceeds that of traditional machine learning methods.
AB - The proliferation of attack-for-hire services, coupled with the advent of Internet of Things (IoT)-enabled botnets, is driving the increase of the frequency and intensity of Distributed Denial of Services (DDoS) attacks, at an alarming rate. Inspired by the success of machine learning in a variety of fields and domain applications, numerous intelligent schemes have been proposed to effectively defend against and mitigate the impact of these attacks. Traditional machine learning methods, however, are limited by the use of an expensive and error-prone feature engineering process. Feature engineering is fundamental to the application of machine learning, and is both difficult and expensive. Furthermore, the ability of these schemes to successfully detect previously unknown attacks is limited. To address these limitations, a novel DDoS detection scheme, based on Long Short-Term Memory (LSTM), is proposed. The basic tenet of the LSTM scheme is its ability to distinguish between attack and legitimate flows by only examining a relatively small number of a network flow packets. The performance evaluation results show that the LSTM-based scheme successfully learns the complex flow-level feature representations embedded in raw input traffic. Furthermore, the results show that the scheme performs better than other approaches that use sophisticated flow-level statistical features. Lastly, the results show the ability of the proposed scheme to accurately capture the dynamic behaviors of unknown network traffic exceeds that of traditional machine learning methods.
KW - DDoS Detection
KW - Deep Learning
KW - LSTM
UR - http://www.scopus.com/inward/record.url?scp=85081979073&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85081979073&partnerID=8YFLogxK
U2 - 10.1109/GLOBECOM38437.2019.9013450
DO - 10.1109/GLOBECOM38437.2019.9013450
M3 - Conference contribution
AN - SCOPUS:85081979073
T3 - 2019 IEEE Global Communications Conference, GLOBECOM 2019 - Proceedings
BT - 2019 IEEE Global Communications Conference, GLOBECOM 2019 - Proceedings
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2019 IEEE Global Communications Conference, GLOBECOM 2019
Y2 - 9 December 2019 through 13 December 2019
ER -