A Recommender System to Detect Distributed Denial of Service Attacks with Network and Transport Layer Features
Kağan Özgün, Ayşe Tosun, Mehmet Tahir Sandıkkaya
2024
Abstract
Detecting Distributed Denial of Service (DDoS) attacks are crucial for ensuring the security of applications and computer networks. The ability to mitigate potential attacks before they happen could significantly reduce security costs. This study aims to address two research questions concerning the early detection of DDoS attacks. First, we explore the feasibility of detecting DDoS attacks in advance using machine learning approaches. Second, we focus on whether DDoS attacks could be successfully detected using a Long Short-Term Memory (LSTM) based approach. We have developed rule-based, Gaussian Naive Bayes (GNB), and LSTM models that were trained and assessed on two datasets, namely UNSW-NB15 and CIC-DDoS2019. The results of the experiments show that 82–99% of DDoS attacks can be successfully detected 300 seconds prior to their arrival using both GNB and LSTM models. The LSTM model, on the other hand, is significantly better at distinguishing attacks from benign packets. Additionally, incident response teams could utilize a two-level alert mechanism that ranks the attack detection results, and take actions such as blocking the traffic before the attack occurs if our proposed system generates a high risk alert.
DownloadPaper Citation
in Harvard Style
Özgün K., Tosun A. and Tahir Sandıkkaya M. (2024). A Recommender System to Detect Distributed Denial of Service Attacks with Network and Transport Layer Features. In Proceedings of the 10th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP; ISBN 978-989-758-683-5, SciTePress, pages 390-397. DOI: 10.5220/0012350100003648
in Bibtex Style
@conference{icissp24,
author={Kağan Özgün and Ayşe Tosun and Mehmet Tahir Sandıkkaya},
title={A Recommender System to Detect Distributed Denial of Service Attacks with Network and Transport Layer Features},
booktitle={Proceedings of the 10th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP},
year={2024},
pages={390-397},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012350100003648},
isbn={978-989-758-683-5},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 10th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP
TI - A Recommender System to Detect Distributed Denial of Service Attacks with Network and Transport Layer Features
SN - 978-989-758-683-5
AU - Özgün K.
AU - Tosun A.
AU - Tahir Sandıkkaya M.
PY - 2024
SP - 390
EP - 397
DO - 10.5220/0012350100003648
PB - SciTePress