A Deep Learning-Based Intrusion Detection and Preventation System for Detecting and Preventing Denial-of-Service Attacks

This document classifies, selects and trains a deep learning algorithm to create an IDS/IPS (Intrusion Prevention/Detection System) called Dique, which can detect and prevent denial of service (DoS) attacks. To mitigate DoS attacks, the IDS/IPS system, using the proposed deep learning model, classifies incoming packets to the web server into two classes: benign (which are normal traffic packets) and malicious (which the system considers to contain possible DoS attacks). Dique has a Graphical User Interface (GUI) where “in real time” you can display graphically and textually the information of captured and classified packets, and allows you to switch between the IDS mode and the IPS mode of the system operation. The proposed DoS attack classification model uses a multi-layered Deep Feed Forward neural network, the CICDDoS2019 Dataset was used for training and an accuracy of 0.994 was achieved. In addition, an offensive system called Diluvio was developed to verify the functioning of the Dique system. In Diluvio seven different types of DoS attacks were implemented (five contents in the training Datset and two that are not in said dataset) that users can selectively launch against a web server.