A Recommender System to Detect Distributed Denial of Service Attacks with Network and Transport Layer Features

Kağan Özgüna; Ayşe Tosun; Mehmet Tahir Sandıkkaya

doi:10.5220/0012350100003648

A Recommender System to Detect Distributed Denial of Service Attacks with Network and Transport Layer Features

Kağan Özgüna, Ayşe Tosun, Mehmet Tahir Sandıkkaya

Department of Computer Engineering

Istanbul Technical University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Citation (Scopus)

Abstract

Detecting Distributed Denial of Service (DDoS) attacks are crucial for ensuring the security of applications and computer networks. The ability to mitigate potential attacks before they happen could significantly reduce security costs. This study aims to address two research questions concerning the early detection of DDoS attacks. First, we explore the feasibility of detecting DDoS attacks in advance using machine learning approaches. Second, we focus on whether DDoS attacks could be successfully detected using a Long ShortTerm Memory (LSTM) based approach. We have developed rule-based, Gaussian Naive Bayes (GNB), and LSTM models that were trained and assessed on two datasets, namely UNSW-NB15 and CIC-DDoS2019. The results of the experiments show that 82–99% of DDoS attacks can be successfully detected 300 seconds prior to their arrival using both GNB and LSTM models. The LSTM model, on the other hand, is significantly better at distinguishing attacks from benign packets. Additionally, incident response teams could utilize a two-level alert mechanism that ranks the attack detection results, and take actions such as blocking the traffic before the attack occurs if our proposed system generates a high risk alert.

Original language	English
Title of host publication	Proceedings of the 10th International Conference on Information Systems Security and Privacy
Editors	Gabriele Lenzini, Paolo Mori, Steven Furnell
Publisher	Science and Technology Publications, Lda
Pages	390-397
Number of pages	8
ISBN (Print)	9789897586835
DOIs	https://doi.org/10.5220/0012350100003648
Publication status	Published - 2024
Event	10th International Conference on Information Systems Security and Privacy, ICISSP 2024 - Rome, Italy Duration: 26 Feb 2024 → 28 Feb 2024

Publication series

Name	International Conference on Information Systems Security and Privacy
Volume	1
ISSN (Electronic)	2184-4356

Conference

Conference	10th International Conference on Information Systems Security and Privacy, ICISSP 2024
Country/Territory	Italy
City	Rome
Period	26/02/24 → 28/02/24

Bibliographical note

Publisher Copyright:
© 2024 by SCITEPRESS – Science and Technology Publications, Lda.

Keywords

Attack Detection
Distributed Denial of Service Attacks
Gaussian Naive Bayes
LSTM
Network Traffic

Access to Document

10.5220/0012350100003648

Cite this

Özgüna, K., Tosun, A., & Sandıkkaya, M. T. (2024). A Recommender System to Detect Distributed Denial of Service Attacks with Network and Transport Layer Features. In G. Lenzini, P. Mori, & S. Furnell (Eds.), Proceedings of the 10th International Conference on Information Systems Security and Privacy (pp. 390-397). (International Conference on Information Systems Security and Privacy; Vol. 1). Science and Technology Publications, Lda. https://doi.org/10.5220/0012350100003648

Özgüna, Kağan ; Tosun, Ayşe ; Sandıkkaya, Mehmet Tahir. / A Recommender System to Detect Distributed Denial of Service Attacks with Network and Transport Layer Features. Proceedings of the 10th International Conference on Information Systems Security and Privacy. editor / Gabriele Lenzini ; Paolo Mori ; Steven Furnell. Science and Technology Publications, Lda, 2024. pp. 390-397 (International Conference on Information Systems Security and Privacy).

@inproceedings{11241af1c03d4be99fb73d3ddbc82595,

title = "A Recommender System to Detect Distributed Denial of Service Attacks with Network and Transport Layer Features",

abstract = "Detecting Distributed Denial of Service (DDoS) attacks are crucial for ensuring the security of applications and computer networks. The ability to mitigate potential attacks before they happen could significantly reduce security costs. This study aims to address two research questions concerning the early detection of DDoS attacks. First, we explore the feasibility of detecting DDoS attacks in advance using machine learning approaches. Second, we focus on whether DDoS attacks could be successfully detected using a Long ShortTerm Memory (LSTM) based approach. We have developed rule-based, Gaussian Naive Bayes (GNB), and LSTM models that were trained and assessed on two datasets, namely UNSW-NB15 and CIC-DDoS2019. The results of the experiments show that 82–99% of DDoS attacks can be successfully detected 300 seconds prior to their arrival using both GNB and LSTM models. The LSTM model, on the other hand, is significantly better at distinguishing attacks from benign packets. Additionally, incident response teams could utilize a two-level alert mechanism that ranks the attack detection results, and take actions such as blocking the traffic before the attack occurs if our proposed system generates a high risk alert.",

keywords = "Attack Detection, Distributed Denial of Service Attacks, Gaussian Naive Bayes, LSTM, Network Traffic",

author = "Kağan {\"O}zg{\"u}na and Ay{\c s}e Tosun and Sandıkkaya, {Mehmet Tahir}",

note = "Publisher Copyright: {\textcopyright} 2024 by SCITEPRESS – Science and Technology Publications, Lda.; 10th International Conference on Information Systems Security and Privacy, ICISSP 2024 ; Conference date: 26-02-2024 Through 28-02-2024",

year = "2024",

doi = "10.5220/0012350100003648",

language = "English",

isbn = "9789897586835",

series = "International Conference on Information Systems Security and Privacy",

publisher = "Science and Technology Publications, Lda",

pages = "390--397",

editor = "Gabriele Lenzini and Paolo Mori and Steven Furnell",

booktitle = "Proceedings of the 10th International Conference on Information Systems Security and Privacy",

}

Özgüna, K, Tosun, A & Sandıkkaya, MT 2024, A Recommender System to Detect Distributed Denial of Service Attacks with Network and Transport Layer Features. in G Lenzini, P Mori & S Furnell (eds), Proceedings of the 10th International Conference on Information Systems Security and Privacy. International Conference on Information Systems Security and Privacy, vol. 1, Science and Technology Publications, Lda, pp. 390-397, 10th International Conference on Information Systems Security and Privacy, ICISSP 2024, Rome, Italy, 26/02/24. https://doi.org/10.5220/0012350100003648

A Recommender System to Detect Distributed Denial of Service Attacks with Network and Transport Layer Features. / Özgüna, Kağan; Tosun, Ayşe; Sandıkkaya, Mehmet Tahir.
Proceedings of the 10th International Conference on Information Systems Security and Privacy. ed. / Gabriele Lenzini; Paolo Mori; Steven Furnell. Science and Technology Publications, Lda, 2024. p. 390-397 (International Conference on Information Systems Security and Privacy; Vol. 1).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A Recommender System to Detect Distributed Denial of Service Attacks with Network and Transport Layer Features

AU - Özgüna, Kağan

AU - Tosun, Ayşe

AU - Sandıkkaya, Mehmet Tahir

PY - 2024

Y1 - 2024

N2 - Detecting Distributed Denial of Service (DDoS) attacks are crucial for ensuring the security of applications and computer networks. The ability to mitigate potential attacks before they happen could significantly reduce security costs. This study aims to address two research questions concerning the early detection of DDoS attacks. First, we explore the feasibility of detecting DDoS attacks in advance using machine learning approaches. Second, we focus on whether DDoS attacks could be successfully detected using a Long ShortTerm Memory (LSTM) based approach. We have developed rule-based, Gaussian Naive Bayes (GNB), and LSTM models that were trained and assessed on two datasets, namely UNSW-NB15 and CIC-DDoS2019. The results of the experiments show that 82–99% of DDoS attacks can be successfully detected 300 seconds prior to their arrival using both GNB and LSTM models. The LSTM model, on the other hand, is significantly better at distinguishing attacks from benign packets. Additionally, incident response teams could utilize a two-level alert mechanism that ranks the attack detection results, and take actions such as blocking the traffic before the attack occurs if our proposed system generates a high risk alert.

AB - Detecting Distributed Denial of Service (DDoS) attacks are crucial for ensuring the security of applications and computer networks. The ability to mitigate potential attacks before they happen could significantly reduce security costs. This study aims to address two research questions concerning the early detection of DDoS attacks. First, we explore the feasibility of detecting DDoS attacks in advance using machine learning approaches. Second, we focus on whether DDoS attacks could be successfully detected using a Long ShortTerm Memory (LSTM) based approach. We have developed rule-based, Gaussian Naive Bayes (GNB), and LSTM models that were trained and assessed on two datasets, namely UNSW-NB15 and CIC-DDoS2019. The results of the experiments show that 82–99% of DDoS attacks can be successfully detected 300 seconds prior to their arrival using both GNB and LSTM models. The LSTM model, on the other hand, is significantly better at distinguishing attacks from benign packets. Additionally, incident response teams could utilize a two-level alert mechanism that ranks the attack detection results, and take actions such as blocking the traffic before the attack occurs if our proposed system generates a high risk alert.

KW - Attack Detection

KW - Distributed Denial of Service Attacks

KW - Gaussian Naive Bayes

KW - LSTM

KW - Network Traffic

UR - http://www.scopus.com/inward/record.url?scp=85190878284&partnerID=8YFLogxK

U2 - 10.5220/0012350100003648

DO - 10.5220/0012350100003648

M3 - Conference contribution

AN - SCOPUS:85190878284

SN - 9789897586835

T3 - International Conference on Information Systems Security and Privacy

SP - 390

EP - 397

BT - Proceedings of the 10th International Conference on Information Systems Security and Privacy

A2 - Lenzini, Gabriele

A2 - Mori, Paolo

A2 - Furnell, Steven

PB - Science and Technology Publications, Lda

T2 - 10th International Conference on Information Systems Security and Privacy, ICISSP 2024

Y2 - 26 February 2024 through 28 February 2024

ER -

Özgüna K, Tosun A, Sandıkkaya MT. A Recommender System to Detect Distributed Denial of Service Attacks with Network and Transport Layer Features. In Lenzini G, Mori P, Furnell S, editors, Proceedings of the 10th International Conference on Information Systems Security and Privacy. Science and Technology Publications, Lda. 2024. p. 390-397. (International Conference on Information Systems Security and Privacy). doi: 10.5220/0012350100003648

A Recommender System to Detect Distributed Denial of Service Attacks with Network and Transport Layer Features

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Cite this