Applying AI-based techniques for DDoS anomaly detection and classification using large-scale datasets : a thesis submitted in partial fulfilment of the requirements for the degree of Doctor of Philosophy (Ph.D.) in Computer Science, Massey University
Loading...
Files
Date
2024-01-11
DOI
Open Access Location
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Massey University
Rights
The Author
Abstract
A Distributed Denial-of-Service (DDoS) attack is a type of malicious attempt to disrupt the normal traffic of a targeted server, service, or network by sending a flood of traffic to overwhelm the target or its surrounding infrastructure. DDoS attacks expose significant security vulnerabilities in network devices, allowing for malicious propagation. This presents serious security risks, including potential data loss and financial consequences. To identify and mitigate the impact of DDoS attacks, Artificial Intelligence (AI)-based techniques (e.g. machine learning or deep learning) can be deployed with the aim of improving decision-making in networked infrastructures to enhance reliability, interoperability, trust, security, and stability. Many of the studies that have deployed detection frameworks for DDoS attacks have suffered from the limitations of low detection rates, high false alarm rates, and a lack of scalability. In this context, it is important to apply AI-based techniques for classification and anomaly detection that can detect, prevent, and mitigate DDoS attacks.
This research focuses on studying the detection of DDoS attacks. Traditional shallow machine learning-based techniques for DDoS attack classification tend to be ineffective when the volume and features of network traffic, potentially carrying malicious DDoS payloads, increase exponentially as they cannot extract high-importance features automatically. To overcome the limitations in extracting high-importance features, we first investigate the classification of different DDoS attacks based on a hybrid deep learning technique that combines Autoencoder (AE) and Multi-Layer Perceptron (MLP). We propose a hybrid deep learning-based approach to extract the most important features and feed them into the classifier to obtain a multi-class classification of different DDoS attacks. Then, we provide a hybrid deep learning anomaly detection technique called Long Short-Term Memory and Autoencoder (LSTM-AE) based on multivariate time series sequences that can effectively detect potential DDoS attacks. We evaluate the effectiveness of DDoS attack classification and anomaly detection. To evaluate whether the proposed hybrid deep learning-based anomaly detection is more promising, we apply the aforementioned hybrid deep learning-based LSTM-AE anomaly detection technique based on time series sequence analysis to the real-world IoT sensor data (the IoT sensor dataset of Indoor Air Quality (IAQ) from SKOol MOnitoring BOx (SKOMOBO) units deployed on a large scale across the classrooms of primary schools in New Zealand). We demonstrate the proposed hybrid deep learning-based techniques that can effectively detect anomalies in the large-scale IoT dataset.
Finally, the outcomes of machine learning or deep learning performance lack transparency, posing challenges in both explaining the results to users and instilling trust in them. To address this issue, we propose a framework that can efficiently classify legitimate traffic and malicious traffic and explain the decision-making of machine learning/deep learning models by deploying Explainable Artificial Intelligence (XAI) techniques.
Description
Keywords
cybersecurity, machine learning, deep learning, anomaly detection, classification, explainable artificial intelligence