Research On DDoS Detection Model Based On Deep Learning

Since the 21st century,while the Internet is developing rapidly,the increasingly serious DDoS attacks have brought great challenges to cyberspace security.DDoS detection is an important part of DDoS defense work,however,traditional detection methods prove challenging to adapt to the intricate network environment in the era of big data,unable to extract deep features from the original traffic data,and there exist issues such as low detection accuracy,weak generalization ability and inadequate capacity to detect unknown types of DDoS attacks.Therefore,this paper constructs deep learning-based DDoS detection models to improve DDoS detection capability.The main work of this paper is as follows.For the problems of poor deep feature extraction ability,single feature extraction mode and low detection accuracy of existing DDoS detection models,this paper proposes the AttCNN-BiLSTM model.The model exploits the spatial similarity of DDoS traffic,extracts the one-dimensional and two-dimensional spatial features of traffic data by multi-dimensional convolution of CNN respectively,and incorporates the channel attention mechanism to enhance the representation of spatial features.Furthermore,to reduce the number of parameters and the training overhead,the model utilizes global average pooling to integrate two spatial features.In addition to spatial similarity,there is also temporal correlation between traffic data.The model extracts the bidirectional temporal features between traffic data using Bi LSTM,and integrates the spatial and temporal features for DDoS detection.In the experiments,a fusion dataset Mix-DATA is used to simulate the real network environment by introducing diverse traffic.The experimental results show that the DDoS detection capability of AttCNN-BiLSTM outperforms the comparison models,and both spatial and temporal feature extraction modules contribute positively to the detection effect.The raw traffic data contains many features that are irrelevant,redundant or noisy for DDoS detection,and these features can impact the effectiveness of the model.To address this issue,this paper proposes a feature selection method based on XGBoost.This method uses the process of XGBoost to generate forests to evaluate the importance of features and generate a feature subset for training the deep learning model.The experimental results demonstrate that this method effectively enhances the model’s accuracy in detecting DDoS attacks.Furthermore,DDoS attacks generate massive amounts of traffic when they occur,so the distance between traffic with temporal correlation is significantly stretched.Although the Bi LSTM used in the previous work has a certain long-term memory capability,the effectiveness of capturing temporal correlation decreases with increasing distance,and the ability to extract temporal features between traffic data is limited.Therefore,this paper proposes the XGB-Trans model based on Transformer.Compared with the sequence model,Transformer has obvious advantages in dealing with the long-distance dependence problem,and can ignore the influence of distance when extracting the temporal features among traffic data,which is more suitable for DDoS detection.In addition to Mix-DATA,the experiments also introduced CIC-DDoS2019 to verify the performance of the model in different datasets and set up three sets of unknown attack datasets to verify the detection ability of the model for unknown types of DDoS attacks.The experimental results show that XGB-Trans outperforms the comparison models in detecting both known and unknown types of DDoS attacks.Building upon the above research,this paper implements a DDoS detection system based on deep learning to provide researchers with a more convenient research tool.The system contains five modules: user management module,dataset management module,data preprocessing module,model management module,and log management module.System supports users to select different datasets,deep learning models,or parameters for DDoS detection experiments,and provides several practical functions to assist in research.