Detection of Unknown DDoS Attack Using Reconstruct Error and One-Class SVM Featuring Stochastic Gradient Descent
The network system has become an indispensable component of modern infrastructure. DDoS attacks and their variants remain a potential and persistent cybersecurity threat. DDoS attacks block services to legitimate users by incorporating large amounts of malicious traffic in a short period or depletin...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2022-12-01
|
| Series: | Mathematics |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2227-7390/11/1/108 |
| _version_ | 1827617377677737984 |
|---|---|
| author | Chin-Shiuh Shieh Thanh-Tuan Nguyen Chun-Yueh Chen Mong-Fong Horng |
| author_facet | Chin-Shiuh Shieh Thanh-Tuan Nguyen Chun-Yueh Chen Mong-Fong Horng |
| author_sort | Chin-Shiuh Shieh |
| collection | DOAJ |
| description | The network system has become an indispensable component of modern infrastructure. DDoS attacks and their variants remain a potential and persistent cybersecurity threat. DDoS attacks block services to legitimate users by incorporating large amounts of malicious traffic in a short period or depleting system resources through methods specific to each client, causing the victim to lose reputation, finances, and potential customers. With the advancement and maturation of artificial intelligence technology, machine learning and deep learning are widely used to detect DDoS attacks with significant success. However, traditional supervised machine learning must depend on the categorized training sets, so the recognition rate plummets when the model encounters patterns outside the dataset. In addition, DDoS attack techniques continue to evolve, rendering training based on conventional data models unable to meet contemporary requirements. Since closed-set classifiers have excellent performance in cybersecurity and are quite mature, this study will investigate the identification of open-set recognition issues where the attack pattern does not accommodate the distribution learned by the model. This research proposes a framework that uses reconstruction error and distributes hidden layer characteristics to detect unknown DDoS attacks. This study will employ deep hierarchical reconstruction nets (DHRNet) architecture and reimplement it with a 1D integrated neural network employing loss function combined with spatial location constraint prototype loss (SLCPL) as a solution for open-set risks. At the output, a one-class SVM (one-class support vector machine) based on a random gradient descent approximation is used to recognize the unknown patterns in the subsequent stage. The model achieves an impressive detection rate of more than 99% in testing. Furthermore, the incremental learning module utilizing unknown traffic labeled by telecom technicians during tracking has enhanced the model’s performance by 99.8% against unknown threats based on the CICIDS2017 Friday open dataset. |
| first_indexed | 2024-03-09T09:45:04Z |
| format | Article |
| id | doaj.art-b9b37f5e00a14ee69b0c1a5b85273294 |
| institution | Directory Open Access Journal |
| issn | 2227-7390 |
| language | English |
| last_indexed | 2024-03-09T09:45:04Z |
| publishDate | 2022-12-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Mathematics |
| spelling | doaj.art-b9b37f5e00a14ee69b0c1a5b852732942023-12-02T00:38:42ZengMDPI AGMathematics2227-73902022-12-0111110810.3390/math11010108Detection of Unknown DDoS Attack Using Reconstruct Error and One-Class SVM Featuring Stochastic Gradient DescentChin-Shiuh Shieh0Thanh-Tuan Nguyen1Chun-Yueh Chen2Mong-Fong Horng3Department of Electronic Engineering, National Kaohsiung University of Science and Technology, Kaohsiung 807618, TaiwanDepartment of Electronic Engineering, National Kaohsiung University of Science and Technology, Kaohsiung 807618, TaiwanDepartment of Electronic Engineering, National Kaohsiung University of Science and Technology, Kaohsiung 807618, TaiwanDepartment of Electronic Engineering, National Kaohsiung University of Science and Technology, Kaohsiung 807618, TaiwanThe network system has become an indispensable component of modern infrastructure. DDoS attacks and their variants remain a potential and persistent cybersecurity threat. DDoS attacks block services to legitimate users by incorporating large amounts of malicious traffic in a short period or depleting system resources through methods specific to each client, causing the victim to lose reputation, finances, and potential customers. With the advancement and maturation of artificial intelligence technology, machine learning and deep learning are widely used to detect DDoS attacks with significant success. However, traditional supervised machine learning must depend on the categorized training sets, so the recognition rate plummets when the model encounters patterns outside the dataset. In addition, DDoS attack techniques continue to evolve, rendering training based on conventional data models unable to meet contemporary requirements. Since closed-set classifiers have excellent performance in cybersecurity and are quite mature, this study will investigate the identification of open-set recognition issues where the attack pattern does not accommodate the distribution learned by the model. This research proposes a framework that uses reconstruction error and distributes hidden layer characteristics to detect unknown DDoS attacks. This study will employ deep hierarchical reconstruction nets (DHRNet) architecture and reimplement it with a 1D integrated neural network employing loss function combined with spatial location constraint prototype loss (SLCPL) as a solution for open-set risks. At the output, a one-class SVM (one-class support vector machine) based on a random gradient descent approximation is used to recognize the unknown patterns in the subsequent stage. The model achieves an impressive detection rate of more than 99% in testing. Furthermore, the incremental learning module utilizing unknown traffic labeled by telecom technicians during tracking has enhanced the model’s performance by 99.8% against unknown threats based on the CICIDS2017 Friday open dataset.https://www.mdpi.com/2227-7390/11/1/108distributed denial of service (DDoS)deep learningopen-set recognition (OSR)one-class support vector machinereconstruct errorincremental learning |
| spellingShingle | Chin-Shiuh Shieh Thanh-Tuan Nguyen Chun-Yueh Chen Mong-Fong Horng Detection of Unknown DDoS Attack Using Reconstruct Error and One-Class SVM Featuring Stochastic Gradient Descent Mathematics distributed denial of service (DDoS) deep learning open-set recognition (OSR) one-class support vector machine reconstruct error incremental learning |
| title | Detection of Unknown DDoS Attack Using Reconstruct Error and One-Class SVM Featuring Stochastic Gradient Descent |
| title_full | Detection of Unknown DDoS Attack Using Reconstruct Error and One-Class SVM Featuring Stochastic Gradient Descent |
| title_fullStr | Detection of Unknown DDoS Attack Using Reconstruct Error and One-Class SVM Featuring Stochastic Gradient Descent |
| title_full_unstemmed | Detection of Unknown DDoS Attack Using Reconstruct Error and One-Class SVM Featuring Stochastic Gradient Descent |
| title_short | Detection of Unknown DDoS Attack Using Reconstruct Error and One-Class SVM Featuring Stochastic Gradient Descent |
| title_sort | detection of unknown ddos attack using reconstruct error and one class svm featuring stochastic gradient descent |
| topic | distributed denial of service (DDoS) deep learning open-set recognition (OSR) one-class support vector machine reconstruct error incremental learning |
| url | https://www.mdpi.com/2227-7390/11/1/108 |
| work_keys_str_mv | AT chinshiuhshieh detectionofunknownddosattackusingreconstructerrorandoneclasssvmfeaturingstochasticgradientdescent AT thanhtuannguyen detectionofunknownddosattackusingreconstructerrorandoneclasssvmfeaturingstochasticgradientdescent AT chunyuehchen detectionofunknownddosattackusingreconstructerrorandoneclasssvmfeaturingstochasticgradientdescent AT mongfonghorng detectionofunknownddosattackusingreconstructerrorandoneclasssvmfeaturingstochasticgradientdescent |