分布式拒绝服务(Distributed Denial of Service,DDoS)攻击已经成为网络安全的主要威胁之一,其中应用层DDoS攻击是主要的攻击手段。应用层DDoS攻击是针对具体应用服务的攻击,其在网络层行为表现正常,传统安全设备无法有效抵御。同时,现...分布式拒绝服务(Distributed Denial of Service,DDoS)攻击已经成为网络安全的主要威胁之一,其中应用层DDoS攻击是主要的攻击手段。应用层DDoS攻击是针对具体应用服务的攻击,其在网络层行为表现正常,传统安全设备无法有效抵御。同时,现有的针对应用层DDoS攻击的检测方法检测能力不足,难以适应攻击模式的变化。为此,文章提出一种基于时空图神经网络(Spatio-Temporal Graph Neural Network,STGNN)的应用层DDoS攻击检测方法,利用应用层服务的特征,从应用层数据和应用层协议交互信息出发,引入注意力机制并结合多个GraphSAGE层,学习不同时间窗口下的实体交互模式,进而计算检测流量与正常流量的偏差,完成攻击检测。该方法仅利用时间、源IP、目的IP、通信频率、平均数据包大小5维数据便可有效识别应用层DDoS攻击。由实验结果可知,该方法在攻击样本数量较少的情况下,与对比方法相比可获得较高的Recall和F1分数。展开更多
Since its inception,the Internet has been rapidly evolving.With the advancement of science and technology and the explosive growth of the population,the demand for the Internet has been on the rise.Many applications i...Since its inception,the Internet has been rapidly evolving.With the advancement of science and technology and the explosive growth of the population,the demand for the Internet has been on the rise.Many applications in education,healthcare,entertainment,science,and more are being increasingly deployed based on the internet.Concurrently,malicious threats on the internet are on the rise as well.Distributed Denial of Service(DDoS)attacks are among the most common and dangerous threats on the internet today.The scale and complexity of DDoS attacks are constantly growing.Intrusion Detection Systems(IDS)have been deployed and have demonstrated their effectiveness in defense against those threats.In addition,the research of Machine Learning(ML)and Deep Learning(DL)in IDS has gained effective results and significant attention.However,one of the challenges when applying ML and DL techniques in intrusion detection is the identification of unknown attacks.These attacks,which are not encountered during the system’s training,can lead to misclassification with significant errors.In this research,we focused on addressing the issue of Unknown Attack Detection,combining two methods:Spatial Location Constraint Prototype Loss(SLCPL)and Fuzzy C-Means(FCM).With the proposed method,we achieved promising results compared to traditional methods.The proposed method demonstrates a very high accuracy of up to 99.8%with a low false positive rate for known attacks on the Intrusion Detection Evaluation Dataset(CICIDS2017)dataset.Particularly,the accuracy is also very high,reaching 99.7%,and the precision goes up to 99.9%for unknown DDoS attacks on the DDoS Evaluation Dataset(CICDDoS2019)dataset.The success of the proposed method is due to the combination of SLCPL,an advanced Open-Set Recognition(OSR)technique,and FCM,a traditional yet highly applicable clustering technique.This has yielded a novel method in the field of unknown attack detection.This further expands the trend of applying DL and ML techniques in the development of intrusion detection systems and cybersecurity.Finally,implementing the proposed method in real-world systems can enhance the security capabilities against increasingly complex threats on computer networks.展开更多
Cyberspace is extremely dynamic,with new attacks arising daily.Protecting cybersecurity controls is vital for network security.Deep Learning(DL)models find widespread use across various fields,with cybersecurity being...Cyberspace is extremely dynamic,with new attacks arising daily.Protecting cybersecurity controls is vital for network security.Deep Learning(DL)models find widespread use across various fields,with cybersecurity being one of the most crucial due to their rapid cyberattack detection capabilities on networks and hosts.The capabilities of DL in feature learning and analyzing extensive data volumes lead to the recognition of network traffic patterns.This study presents novel lightweight DL models,known as Cybernet models,for the detection and recognition of various cyber Distributed Denial of Service(DDoS)attacks.These models were constructed to have a reasonable number of learnable parameters,i.e.,less than 225,000,hence the name“lightweight.”This not only helps reduce the number of computations required but also results in faster training and inference times.Additionally,these models were designed to extract features in parallel from 1D Convolutional Neural Networks(CNN)and Long Short-Term Memory(LSTM),which makes them unique compared to earlier existing architectures and results in better performance measures.To validate their robustness and effectiveness,they were tested on the CIC-DDoS2019 dataset,which is an imbalanced and large dataset that contains different types of DDoS attacks.Experimental results revealed that bothmodels yielded promising results,with 99.99% for the detectionmodel and 99.76% for the recognition model in terms of accuracy,precision,recall,and F1 score.Furthermore,they outperformed the existing state-of-the-art models proposed for the same task.Thus,the proposed models can be used in cyber security research domains to successfully identify different types of attacks with a high detection and recognition rate.展开更多
As the scale of the networks continually expands,the detection of distributed denial of service(DDoS)attacks has become increasingly vital.We propose an intelligent detection model named IGED by using improved general...As the scale of the networks continually expands,the detection of distributed denial of service(DDoS)attacks has become increasingly vital.We propose an intelligent detection model named IGED by using improved generalized entropy and deep neural network(DNN).The initial detection is based on improved generalized entropy to filter out as much normal traffic as possible,thereby reducing data volume.Then the fine detection is based on DNN to perform precise DDoS detection on the filtered suspicious traffic,enhancing the neural network’s generalization capabilities.Experimental results show that the proposed method can efficiently distinguish normal traffic from DDoS traffic.Compared with the benchmark methods,our method reaches 99.9%on low-rate DDoS(LDDoS),flooded DDoS and CICDDoS2019 datasets in terms of both accuracy and efficiency in identifying attack flows while reducing the time by 17%,31%and 8%.展开更多
In the era of the Internet of Things(IoT),the proliferation of connected devices has raised security concerns,increasing the risk of intrusions into diverse systems.Despite the convenience and efficiency offered by Io...In the era of the Internet of Things(IoT),the proliferation of connected devices has raised security concerns,increasing the risk of intrusions into diverse systems.Despite the convenience and efficiency offered by IoT technology,the growing number of IoT devices escalates the likelihood of attacks,emphasizing the need for robust security tools to automatically detect and explain threats.This paper introduces a deep learning methodology for detecting and classifying distributed denial of service(DDoS)attacks,addressing a significant security concern within IoT environments.An effective procedure of deep transfer learning is applied to utilize deep learning backbones,which is then evaluated on two benchmarking datasets of DDoS attacks in terms of accuracy and time complexity.By leveraging several deep architectures,the study conducts thorough binary and multiclass experiments,each varying in the complexity of classifying attack types and demonstrating real-world scenarios.Additionally,this study employs an explainable artificial intelligence(XAI)AI technique to elucidate the contribution of extracted features in the process of attack detection.The experimental results demonstrate the effectiveness of the proposed method,achieving a recall of 99.39%by the XAI bidirectional long short-term memory(XAI-BiLSTM)model.展开更多
The primary concern of modern technology is cyber attacks targeting the Internet of Things.As it is one of the most widely used networks today and vulnerable to attacks.Real-time threats pose with modern cyber attacks...The primary concern of modern technology is cyber attacks targeting the Internet of Things.As it is one of the most widely used networks today and vulnerable to attacks.Real-time threats pose with modern cyber attacks that pose a great danger to the Internet of Things(IoT)networks,as devices can be monitored or service isolated from them and affect users in one way or another.Securing Internet of Things networks is an important matter,as it requires the use of modern technologies and methods,and real and up-to-date data to design and train systems to keep pace with the modernity that attackers use to confront these attacks.One of the most common types of attacks against IoT devices is Distributed Denial-of-Service(DDoS)attacks.Our paper makes a unique contribution that differs from existing studies,in that we use recent data that contains real traffic and real attacks on IoT networks.And a hybrid method for selecting relevant features,And also how to choose highly efficient algorithms.What gives the model a high ability to detect distributed denial-of-service attacks.the model proposed is based on a two-stage process:selecting essential features and constructing a detection model using the K-neighbors algorithm with two classifier algorithms logistic regression and Stochastic Gradient Descent classifier(SGD),combining these classifiers through ensemble machine learning(stacking),and optimizing parameters through Grid Search-CV to enhance system accuracy.Experiments were conducted to evaluate the effectiveness of the proposed model using the CIC-IoT2023 and CIC-DDoS2019 datasets.Performance evaluation demonstrated the potential of our model in robust intrusion detection in IoT networks,achieving an accuracy of 99.965%and a detection time of 0.20 s for the CIC-IoT2023 dataset,and 99.968%accuracy with a detection time of 0.23 s for the CIC-DDoS 2019 dataset.Furthermore,a comparative analysis with recent related works highlighted the superiority of our methodology in intrusion detection,showing improvements in accuracy,recall,and detection time.展开更多
The increasing prevalence of Internet of Things(IoT)devices has introduced a new phase of connectivity in recent years and,concurrently,has opened the floodgates for growing cyber threats.Among the myriad of potential...The increasing prevalence of Internet of Things(IoT)devices has introduced a new phase of connectivity in recent years and,concurrently,has opened the floodgates for growing cyber threats.Among the myriad of potential attacks,Denial of Service(DoS)attacks and Distributed Denial of Service(DDoS)attacks remain a dominant concern due to their capability to render services inoperable by overwhelming systems with an influx of traffic.As IoT devices often lack the inherent security measures found in more mature computing platforms,the need for robust DoS/DDoS detection systems tailored to IoT is paramount for the sustainable development of every domain that IoT serves.In this study,we investigate the effectiveness of three machine learning(ML)algorithms:extreme gradient boosting(XGB),multilayer perceptron(MLP)and random forest(RF),for the detection of IoTtargeted DoS/DDoS attacks and three feature engineering methods that have not been used in the existing stateof-the-art,and then employed the best performing algorithm to design a prototype of a novel real-time system towards detection of such DoS/DDoS attacks.The CICIoT2023 dataset was derived from the latest real-world IoT traffic,incorporates both benign and malicious network traffic patterns and after data preprocessing and feature engineering,the data was fed into our models for both training and validation,where findings suggest that while all threemodels exhibit commendable accuracy in detectingDoS/DDoS attacks,the use of particle swarmoptimization(PSO)for feature selection has made great improvements in the performance(accuracy,precsion recall and F1-score of 99.93%for XGB)of the ML models and their execution time(491.023 sceonds for XGB)compared to recursive feature elimination(RFE)and randomforest feature importance(RFI)methods.The proposed real-time system for DoS/DDoS attack detection entails the implementation of an platform capable of effectively processing and analyzing network traffic in real-time.This involvesemploying the best-performing ML algorithmfor detection and the integration of warning mechanisms.We believe this approach will significantly enhance the field of security research and continue to refine it based on future insights and developments.展开更多
基金This research was partly supported by the National Science and Technology Council,Taiwan with Grant Numbers 112-2221-E-992-045,112-2221-E-992-057-MY3 and 112-2622-8-992-009-TD1.
文摘Since its inception,the Internet has been rapidly evolving.With the advancement of science and technology and the explosive growth of the population,the demand for the Internet has been on the rise.Many applications in education,healthcare,entertainment,science,and more are being increasingly deployed based on the internet.Concurrently,malicious threats on the internet are on the rise as well.Distributed Denial of Service(DDoS)attacks are among the most common and dangerous threats on the internet today.The scale and complexity of DDoS attacks are constantly growing.Intrusion Detection Systems(IDS)have been deployed and have demonstrated their effectiveness in defense against those threats.In addition,the research of Machine Learning(ML)and Deep Learning(DL)in IDS has gained effective results and significant attention.However,one of the challenges when applying ML and DL techniques in intrusion detection is the identification of unknown attacks.These attacks,which are not encountered during the system’s training,can lead to misclassification with significant errors.In this research,we focused on addressing the issue of Unknown Attack Detection,combining two methods:Spatial Location Constraint Prototype Loss(SLCPL)and Fuzzy C-Means(FCM).With the proposed method,we achieved promising results compared to traditional methods.The proposed method demonstrates a very high accuracy of up to 99.8%with a low false positive rate for known attacks on the Intrusion Detection Evaluation Dataset(CICIDS2017)dataset.Particularly,the accuracy is also very high,reaching 99.7%,and the precision goes up to 99.9%for unknown DDoS attacks on the DDoS Evaluation Dataset(CICDDoS2019)dataset.The success of the proposed method is due to the combination of SLCPL,an advanced Open-Set Recognition(OSR)technique,and FCM,a traditional yet highly applicable clustering technique.This has yielded a novel method in the field of unknown attack detection.This further expands the trend of applying DL and ML techniques in the development of intrusion detection systems and cybersecurity.Finally,implementing the proposed method in real-world systems can enhance the security capabilities against increasingly complex threats on computer networks.
文摘Cyberspace is extremely dynamic,with new attacks arising daily.Protecting cybersecurity controls is vital for network security.Deep Learning(DL)models find widespread use across various fields,with cybersecurity being one of the most crucial due to their rapid cyberattack detection capabilities on networks and hosts.The capabilities of DL in feature learning and analyzing extensive data volumes lead to the recognition of network traffic patterns.This study presents novel lightweight DL models,known as Cybernet models,for the detection and recognition of various cyber Distributed Denial of Service(DDoS)attacks.These models were constructed to have a reasonable number of learnable parameters,i.e.,less than 225,000,hence the name“lightweight.”This not only helps reduce the number of computations required but also results in faster training and inference times.Additionally,these models were designed to extract features in parallel from 1D Convolutional Neural Networks(CNN)and Long Short-Term Memory(LSTM),which makes them unique compared to earlier existing architectures and results in better performance measures.To validate their robustness and effectiveness,they were tested on the CIC-DDoS2019 dataset,which is an imbalanced and large dataset that contains different types of DDoS attacks.Experimental results revealed that bothmodels yielded promising results,with 99.99% for the detectionmodel and 99.76% for the recognition model in terms of accuracy,precision,recall,and F1 score.Furthermore,they outperformed the existing state-of-the-art models proposed for the same task.Thus,the proposed models can be used in cyber security research domains to successfully identify different types of attacks with a high detection and recognition rate.
基金This work is supported by the National Natural Science Foundation of China(Grant Nos.U22B2005,62072109)the Natural Science Foundation of Fujian Province(Grant No.2021J01625)the Major Science and Technology Project of Fuzhou(Grant No.2023-ZD-003).
文摘As the scale of the networks continually expands,the detection of distributed denial of service(DDoS)attacks has become increasingly vital.We propose an intelligent detection model named IGED by using improved generalized entropy and deep neural network(DNN).The initial detection is based on improved generalized entropy to filter out as much normal traffic as possible,thereby reducing data volume.Then the fine detection is based on DNN to perform precise DDoS detection on the filtered suspicious traffic,enhancing the neural network’s generalization capabilities.Experimental results show that the proposed method can efficiently distinguish normal traffic from DDoS traffic.Compared with the benchmark methods,our method reaches 99.9%on low-rate DDoS(LDDoS),flooded DDoS and CICDDoS2019 datasets in terms of both accuracy and efficiency in identifying attack flows while reducing the time by 17%,31%and 8%.
文摘In the era of the Internet of Things(IoT),the proliferation of connected devices has raised security concerns,increasing the risk of intrusions into diverse systems.Despite the convenience and efficiency offered by IoT technology,the growing number of IoT devices escalates the likelihood of attacks,emphasizing the need for robust security tools to automatically detect and explain threats.This paper introduces a deep learning methodology for detecting and classifying distributed denial of service(DDoS)attacks,addressing a significant security concern within IoT environments.An effective procedure of deep transfer learning is applied to utilize deep learning backbones,which is then evaluated on two benchmarking datasets of DDoS attacks in terms of accuracy and time complexity.By leveraging several deep architectures,the study conducts thorough binary and multiclass experiments,each varying in the complexity of classifying attack types and demonstrating real-world scenarios.Additionally,this study employs an explainable artificial intelligence(XAI)AI technique to elucidate the contribution of extracted features in the process of attack detection.The experimental results demonstrate the effectiveness of the proposed method,achieving a recall of 99.39%by the XAI bidirectional long short-term memory(XAI-BiLSTM)model.
文摘The primary concern of modern technology is cyber attacks targeting the Internet of Things.As it is one of the most widely used networks today and vulnerable to attacks.Real-time threats pose with modern cyber attacks that pose a great danger to the Internet of Things(IoT)networks,as devices can be monitored or service isolated from them and affect users in one way or another.Securing Internet of Things networks is an important matter,as it requires the use of modern technologies and methods,and real and up-to-date data to design and train systems to keep pace with the modernity that attackers use to confront these attacks.One of the most common types of attacks against IoT devices is Distributed Denial-of-Service(DDoS)attacks.Our paper makes a unique contribution that differs from existing studies,in that we use recent data that contains real traffic and real attacks on IoT networks.And a hybrid method for selecting relevant features,And also how to choose highly efficient algorithms.What gives the model a high ability to detect distributed denial-of-service attacks.the model proposed is based on a two-stage process:selecting essential features and constructing a detection model using the K-neighbors algorithm with two classifier algorithms logistic regression and Stochastic Gradient Descent classifier(SGD),combining these classifiers through ensemble machine learning(stacking),and optimizing parameters through Grid Search-CV to enhance system accuracy.Experiments were conducted to evaluate the effectiveness of the proposed model using the CIC-IoT2023 and CIC-DDoS2019 datasets.Performance evaluation demonstrated the potential of our model in robust intrusion detection in IoT networks,achieving an accuracy of 99.965%and a detection time of 0.20 s for the CIC-IoT2023 dataset,and 99.968%accuracy with a detection time of 0.23 s for the CIC-DDoS 2019 dataset.Furthermore,a comparative analysis with recent related works highlighted the superiority of our methodology in intrusion detection,showing improvements in accuracy,recall,and detection time.
文摘The increasing prevalence of Internet of Things(IoT)devices has introduced a new phase of connectivity in recent years and,concurrently,has opened the floodgates for growing cyber threats.Among the myriad of potential attacks,Denial of Service(DoS)attacks and Distributed Denial of Service(DDoS)attacks remain a dominant concern due to their capability to render services inoperable by overwhelming systems with an influx of traffic.As IoT devices often lack the inherent security measures found in more mature computing platforms,the need for robust DoS/DDoS detection systems tailored to IoT is paramount for the sustainable development of every domain that IoT serves.In this study,we investigate the effectiveness of three machine learning(ML)algorithms:extreme gradient boosting(XGB),multilayer perceptron(MLP)and random forest(RF),for the detection of IoTtargeted DoS/DDoS attacks and three feature engineering methods that have not been used in the existing stateof-the-art,and then employed the best performing algorithm to design a prototype of a novel real-time system towards detection of such DoS/DDoS attacks.The CICIoT2023 dataset was derived from the latest real-world IoT traffic,incorporates both benign and malicious network traffic patterns and after data preprocessing and feature engineering,the data was fed into our models for both training and validation,where findings suggest that while all threemodels exhibit commendable accuracy in detectingDoS/DDoS attacks,the use of particle swarmoptimization(PSO)for feature selection has made great improvements in the performance(accuracy,precsion recall and F1-score of 99.93%for XGB)of the ML models and their execution time(491.023 sceonds for XGB)compared to recursive feature elimination(RFE)and randomforest feature importance(RFI)methods.The proposed real-time system for DoS/DDoS attack detection entails the implementation of an platform capable of effectively processing and analyzing network traffic in real-time.This involvesemploying the best-performing ML algorithmfor detection and the integration of warning mechanisms.We believe this approach will significantly enhance the field of security research and continue to refine it based on future insights and developments.