A long short-term memory enabled framework for DDoS detection

Xiaoyu Liang, Taieb Znati

Research output: Contribution to journalConference articlepeer-review

43 Citations (Scopus)


The proliferation of attack-for-hire services, coupled with the advent of Internet of Things (IoT)-enabled botnets, is driving the increase of the frequency and intensity of Distributed Denial of Services (DDoS) attacks, at an alarming rate. Inspired by the success of machine learning in a variety of fields and domain applications, numerous intelligent schemes have been proposed to effectively defend against and mitigate the impact of these attacks. Traditional machine learning methods, however, are limited by the use of an expensive and error-prone feature engineering process. Feature engineering is fundamental to the application of machine learning, and is both difficult and expensive. Furthermore, the ability of these schemes to successfully detect previously unknown attacks is limited. To address these limitations, a novel DDoS detection scheme, based on Long Short-Term Memory (LSTM), is proposed. The basic tenet of the LSTM scheme is its ability to distinguish between attack and legitimate flows by only examining a relatively small number of a network flow packets. The performance evaluation results show that the LSTM-based scheme successfully learns the complex flow-level feature representations embedded in raw input traffic. Furthermore, the results show that the scheme performs better than other approaches that use sophisticated flow-level statistical features. Lastly, the results show the ability of the proposed scheme to accurately capture the dynamic behaviors of unknown network traffic exceeds that of traditional machine learning methods.

Original languageEnglish
Article number9013450
JournalProceedings - IEEE Global Communications Conference, GLOBECOM
Publication statusPublished - 2019
Externally publishedYes
Event2019 IEEE Global Communications Conference, GLOBECOM 2019 - Waikoloa, United States
Duration: Dec 9 2019Dec 13 2019


  • DDoS Detection
  • Deep Learning
  • LSTM

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computer Networks and Communications
  • Hardware and Architecture
  • Signal Processing


Dive into the research topics of 'A long short-term memory enabled framework for DDoS detection'. Together they form a unique fingerprint.

Cite this