Abstract
Log files are a great way to find out what's wrong with a system and how secure it is. They can be very large and have a complicated structure, which is why they are so useful. We use Machine Learning (ML) to find network anomalies and build different models that are driven by data to find DDoS attacks. The main goal of this article is to reduce the number of times that DDoS detection is wrongly labeled. In this paper, we describe a method for security analysis that uses Deep Learning techniques like simple LSTM, LSTM with embedding, and Seq-to-Seq LSTM on several systems log files to find and extract data that may be related to distributed denial of service (DDoS) attacks made by malicious users who want to break into a system. Through a process of learning, these data will help to find attacks, predict attacks, or find intrusions. In this study, we looked at how different optimizers, the size of the hidden state, and the number of layers affected the same architecture to find the best way to set it up. When compared to other models, the proposed model was able to correctly identify DoS/DDoS packets that had never been seen before with a 98.95% level of accuracy.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
AImajali, M.H., Ghazwi, M., Alqudah, F.T., ALmahasnah, M.J., Alajarmeh, H.H., Masarweh, A.A.: The legal aspects and the enhanced role of cybersecurity in protecting the electronic voting process in the context of Jordan Parliament election law no. (4) of 2022. Inf. Sci. Lett. 12(8), 2839–2848 (2023)
Yihunie, F., Abdelfattah, E., Odeh, A.: Analysis of ping of death DoS and DDoS attacks. In: 2018 IEEE Long Island Systems, Applications and Technology Conference, LISAT 2018 (2018). https://doi.org/10.1109/LISAT.2018.8378010
Eliyan, L.F., Di Pietro, R.: DoS and DDoS attacks in software defined networks: a survey of existing solutions and research challenges. Future Gener. Comput. Syst. 122, 149–171 (2021). https://doi.org/10.1016/j.future.2021.03.011
Zebari, R.R., Zeebaree, S.R.M., Jacksi, K.: Impact ANALYSIS of HTTP and SYN flood DDoS attacks on apache 2 and IIS 10.0 web servers. In: ICOASE 2018 - International Conference on Advanced Science and Engineering (2018). https://doi.org/10.1109/ICOASE.2018.8548783
Haider, S., et al.: A deep CNN ensemble framework for efficient DDoS attack detection in software defined networks. IEEE Access 8, 53972–53983 (2020). https://doi.org/10.1109/ACCESS.2020.2976908
Elbarougy, R., Aboghrara, E., Behery, G.M., Younes, Y.M., El-Badry, N.M.: COVID-19 detection on chest x-ray images by combining histogram-oriented gradient and convolutional neural network features. Inf. Sci. Lett. 12(5), 2247–2260 (2023)
Cheng, J., Liu, Y., Tang, X., Sheng, V.S., Li, M., Li, J.: DDoS attack detection via multi-scale convolutional neural network. Comput. Mater. Continua 62(3), 1317–1333 (2020). https://doi.org/10.32604/cmc.2020.06177
Wani, A.R., Rana, Q.P., Saxena, U., Pandey, N.: Analysis and detection of DDoS attacks on cloud computing environment using machine learning techniques. In: Proceedings - 2019 Amity International Conference on Artificial Intelligence, AICAI 2019 (2019). https://doi.org/10.1109/AICAI.2019.8701238
Saied, A., Overill, R.E., Radzik, T.: Detection of known and unknown DDoS attacks using Artificial Neural Networks. Neurocomputing 172, 385–393 (2016). https://doi.org/10.1016/j.neucom.2015.04.101
Peraković, D., Periša, M., Cvitić, I., Husnjak, S.: Model for detection and classification of DDoS traffic based on artificial neural network. Telfor J. 9(1), 26–31 (2017). https://doi.org/10.5937/telfor1701026P
Dar, S.A., Palanivel, S., Geetha, M.K., Balasubramanian, M.: Mouth image based person authentication using DWLSTM and GRU. Inf. Sci. Lett. 11(3), 853–862 (2022)
Hussein, S., et al.: Diagnosis of COVID-19 from X-rays using recurrent neural network. Inf. Sci. Lett. 11(6), 2279–2284 (2022)
Yuan, X., Li, C., Li, X.: DeepDefense: identifying DDoS attack via deep learning. In: 2017 IEEE International Conference on Smart Computing, SMARTCOMP 2017 (2017). https://doi.org/10.1109/SMARTCOMP.2017.7946998
Eltahir, M.E., Ahmed, O.S.: Cybersecurity awareness in African higher education institutions: a case study of Sudan. Inf. Sci. Lett. 12(1), 171–183 (2023)
Alghenaim, M.F., Abu-Bakar, N.A., Abdul-Rahim, F.B.: Reviewing cybersecurity awareness training tools used to address phishing attack at the workplace. Inf. Sci. Lett. 11(2), 391–398 (2022)
Wang, H., Xu, L., Gu, G.: FloodGuard: a DoS attack prevention extension in software-defined networks. In: Proceedings of the International Conference on Dependable Systems and Networks, vol. 2015-September (2015). https://doi.org/10.1109/DSN.2015.27
Singh, S., Khan, R.A., Agrawal, A.: Prevention mechanism for infrastructure based Denial-of-Service attack over software Defined Network. In: International Conference on Computing, Communication and Automation, ICCCA 2015 (2015). https://doi.org/10.1109/CCAA.2015.7148442
Al-Sherideh, A.S., et al.: Development of a secure model for mobile government applications in Jordan. J. Stat. Appl. Pro. 13(1), 145–155 (2024)
Abuasal, S., Alsarayra, K., Alyabroodie, Z.: Designing a standard-based approach for security of healthcare systems. J. Stat. Appl. Pro. 13(1), 419–434 (2024)
Bedi, H., Roy, S., Shiva, S.: Mitigating congestion-based denial of service attacks with active queue management. In: GLOBECOM - IEEE Global Telecommunications Conference (2013). https://doi.org/10.1109/GLOCOM.2013.6831276
Giotis, K., Androulidakis, G., Maglaris, V.: A scalable anomaly detection and mitigation architecture for legacy networks via an OpenFlow middlebox. Secur. Commun. Netw. 9(13), 1958–1970 (2016). https://doi.org/10.1002/sec.1368
Yevsieieva, O., Helalat, S.M.: Analysis of the impact of the slow HTTP DOS and DDOS attacks on the cloud environment. In: 2017 4th International Scientific-Practical Conference Problems of Infocommunications Science and Technology, PIC S and T 2017 - Proceedings, vol. 2018-January (2017). https://doi.org/10.1109/INFOCOMMST.2017.8246453
Mahadev, Kumar, V., Kumar, K.: Classification of DDoS attack tools and its handling techniques and strategy at application layer. In: Proceedings - 2016 International Conference on Advances in Computing, Communication and Automation (Fall), ICACCA 2016 (2016). https://doi.org/10.1109/ICACCAF.2016.7749002
Ivanova, V., Tashev, T., Draganov, I.: Detection of IoT based DDoS attacks by network traffic analysis using feedforward neural networks. Int. J. Circuits Syst. Signal Process. 16, 653–662 (2022). https://doi.org/10.46300/9106.2022.16.81
Lamkuche, H.S., Pramod, D., Onker, V., Katiya, S.A., Lamkuche, G.S., Hiremath, G.R.: SAL – a lightweight symmetric cipher for Internet-of-Things. Int. J. Innov. Technol. Explor. Eng. 8(11), 521–528 (2019). https://doi.org/10.35940/ijitee.K1088.09811S19
Bhardwaj, A., Mangat, V., Vig, R.: Hyperband tuned deep neural network with well posed stacked sparse autoencoder for detection of ddos attacks in cloud. IEEE Access 8, 181916–181929 (2020). https://doi.org/10.1109/ACCESS.2020.3028690
Lamkuche, H.S., Pramod, D.: CSL: FPGA implementation of lightweight block cipher for power-constrained devices. Int. J. Inf. Comput. Secur. 12(2–3), 349–377 (2020). https://doi.org/10.1504/IJICS.2020.105185
Sarma, S.N.S., Lamkuche, H.H., Umamaheswari, S.: A review of secret sharing schemes. Res. J. Inf. Technol. 5(2) (2013). https://doi.org/10.3923/rjit.2013.67.72
Church, K.W.: Word2Vec. Nat. Lang. Eng. 23(1) (2017). https://doi.org/10.1017/s1351324916000334
Sutskever, I., Vinyals, O., Le, Q.V.: Sequence to sequence learning with neural networks. Adv. Neural Inf. Process. Syst. 4(January) (2014)
Ramesh, A., Pradhan, V., Lamkuche, H.: Understanding and analysing resource utilization, costing strategies and pricing models in cloud computing. In: Journal of Physics: Conference Series, vol. 1964, no. 4 (2021). https://doi.org/10.1088/1742-6596/1964/4/042049
Kumar, S., Kumar, D., Lamkuche, H.S.: TPA auditing to enhance the privacy and security in cloud systems. J. Cyber Secur. Mobility 10(3), 537–568 (2021). https://doi.org/10.13052/jcsm2245-1439.1033
Lamkuche, H.S., Kondaveety, V.B., Sapparam, V.L., Singh, S., Rajpurkar, R.D.: Enhancing the security and performance of cloud for e-governance infrastructure: Secure E-MODI. Int. J. Cloud Appl. Comput. 12(1) (2022). https://doi.org/10.4018/IJCAC.2022010108
Lamkuche, H.S., Singh, K., Shirkhedkar, K.: A lightweight block cipher for cloud-based healthcare systems. In Computing, Communication and Learning: First International Conference, CoCoLe 2022, Warangal, India, 27–29 October 2022, Proceedings, pp. 3–14. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-21750-0_1
Agarwal, D., Gurele, S., Lamkuche, H.S.: SAILFISH-I: a lightweight block cipher for cloud-enabled fog devices. In 2022 IEEE 6th Conference on Information and Communication Technology (CICT), pp. 1–6. IEEE (2022)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Parmar, A., Lamkuche, H. (2024). Distributed Denial of Service Attack Detection Using Sequence-To-Sequence LSTM. In: M. A. Musleh Al-Sartawi, A., Helmy Abd Wahab, M., Hussainey, K. (eds) Global Economic Revolutions: Big Data Governance and Business Analytics for Sustainability. ICGER 2023. Communications in Computer and Information Science, vol 1999. Springer, Cham. https://doi.org/10.1007/978-3-031-50518-8_4
Download citation
DOI: https://doi.org/10.1007/978-3-031-50518-8_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-50517-1
Online ISBN: 978-3-031-50518-8
eBook Packages: Computer ScienceComputer Science (R0)