Binary classification of low-rate DoS attacks using Long Short-Term Memory Feed-forward (LSTM-FF) Intrusion Detection System (IDS)

The data and size of networks have grown substantially due to the rapid development of the Internet and other communication techniques. This has led to the development of numerous new types of attacks, making it harder for network security to detect intrusions accurately. The goal of a Denial of Service (DoS) attack is to overwhelm a target with malicious traffic, exhausting its processing power and network bandwidth. Traditional DoS attacks rely on brute force techniques, making them easier to detect, whereas low-rate and slow attacks pose a greater threat due to their stealthy nature. These attacks target application or server resources with a prolonged trickle of traffic, requiring minimal bandwidth yet making mitigation challenging. Their low resource footprint allows them to degrade or deny service to legitimate users while remaining undetected for extended periods. This research introduces an advanced Intrusion Detection System (IDS) that utilizes a hybrid Long Short-Term Memory Feedforward (LSTM-FF) Neural Network to tackle existing challenges in detecting low-rate DoS (LR-DoS) attacks. Unlike previous models, our approach combines temporal sequence learning with feature refinement, thereby improving the detection of LR-DoS. Additionally, we incorporate automated feature selection using Random Forest, which optimizes efficiency while maintaining interpretability. For model training and evaluation, we use the CIC-DOS2017 dataset, which includes eight distinct types of LR-DoS attacks. To enhance generalizability, we also utilize the CSE-CIC-IDS2018 dataset and the newly introduced LR-HR-DDOS2024 dataset, specifically designed for Software-Defined Networking (SDN)-based environments. To address the class imbalance, we implement a stratified k-fold cross-validation strategy, ensuring robust performance across various attack scenarios. To thoroughly evaluate model performance, we adopt a comprehensive set of metrics, including accuracy, precision, recall, F1-score, specificity, False Alarm Rate (FAR), and ROC-AUC. This ensures a well-rounded validation of our approach. The model surpassed all previous state-of-the-art models with an impressive accuracy of 99.70%, precision of 99.47%, specificity of 99.97%, and an F1-score of 97.52%, all while retaining a low FAR of roughly 0.03%. The LSTM-FF approach also worked well in multi-class classification, with a 99.54% accuracy rate, 93.19% precision, 99.59% specificity, 90.28% F1 score, and 0.40% FAR.

Text 124304.pdf - Published Version Available under License Creative Commons Attribution Non-commercial No Derivatives. Download (6MB) Official URL or Download Paper: https://www.sciencedirect.com/science/article/pii/...

Actions (login required)

View Item