A Gated Recurrent Unit Deep Learning Model to Detect and Mitigate Distributed Denial of Service and Portscan Attacks
Nowadays, it is common for applications to require servers to run constantly and aim as close as possible to zero downtime. The slightest failure might cause significant financial losses and sometimes even lives. For this reason, security and management measures against network threats are fundament...
Main Authors: | , , , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
IEEE
2022-01-01
|
Series: | IEEE Access |
Subjects: | |
Online Access: | https://ieeexplore.ieee.org/document/9826720/ |
_version_ | 1811296052933820416 |
---|---|
author | Daniel M. Brandao Lent Matheus P. Novaes Luiz F. Carvalho Jaime Lloret Joel J. P. C. Rodrigues Mario Lemes Proenca |
author_facet | Daniel M. Brandao Lent Matheus P. Novaes Luiz F. Carvalho Jaime Lloret Joel J. P. C. Rodrigues Mario Lemes Proenca |
author_sort | Daniel M. Brandao Lent |
collection | DOAJ |
description | Nowadays, it is common for applications to require servers to run constantly and aim as close as possible to zero downtime. The slightest failure might cause significant financial losses and sometimes even lives. For this reason, security and management measures against network threats are fundamental and have been researched for years. Software-defined networks (SDN) are an advancement in network management due to their centralization of the control plane, as it facilitates equipment setup and administration over the local network. However, this centralization makes the controller a target to denial of service attacks (DoS). In this study, we aim to develop a network anomaly detection and mitigation system that uses gated recurrent unit (GRU) neural networks combined with fuzzy logic. The neural network is trained to forecast future traffic, and anomalies are detected when the forecasting fails. The system is designed to operate in software-defined networks since they provide network flow information and tools to manage forwarding tables. We also demonstrate how the neural network’s hyperparameters affect the detection module. The system was tested using two datasets: one with emulated traffic generated by the data communication and networking research group called Orion, from computer science department at state university of Londrina, and CICDDoS2019, a well-known dataset by the anomaly detection community. The results show that GRU networks combined with fuzzy logic are a viable option to detect anomalies in SDN and possibly in other anomaly detection applications. The system was compared with other deep learning techniques. |
first_indexed | 2024-04-13T05:43:36Z |
format | Article |
id | doaj.art-fbf8915bd040422e98bcc63a7d33dede |
institution | Directory Open Access Journal |
issn | 2169-3536 |
language | English |
last_indexed | 2024-04-13T05:43:36Z |
publishDate | 2022-01-01 |
publisher | IEEE |
record_format | Article |
series | IEEE Access |
spelling | doaj.art-fbf8915bd040422e98bcc63a7d33dede2022-12-22T03:00:02ZengIEEEIEEE Access2169-35362022-01-0110732297324210.1109/ACCESS.2022.31900089826720A Gated Recurrent Unit Deep Learning Model to Detect and Mitigate Distributed Denial of Service and Portscan AttacksDaniel M. Brandao Lent0https://orcid.org/0000-0002-1343-0398Matheus P. Novaes1https://orcid.org/0000-0003-1626-6922Luiz F. Carvalho2Jaime Lloret3https://orcid.org/0000-0002-0862-0533Joel J. P. C. Rodrigues4https://orcid.org/0000-0001-8657-3800Mario Lemes Proenca5https://orcid.org/0000-0002-0492-322XComputer Science Department, State University of Londrina, Londrina, BrazilElectrical Engineering Department, State University of Londrina, Londrina, BrazilComputer Engineering Department, Federal Technology University of Paraná, Apucarana, BrazilIntegrated Management Coastal Research Institute, Universitat Politecnica de Valencia, Valencia, SpainCollege of Computer Science and Technology, China University of Petroleum (East China), Qingdao, ChinaComputer Science Department, State University of Londrina, Londrina, BrazilNowadays, it is common for applications to require servers to run constantly and aim as close as possible to zero downtime. The slightest failure might cause significant financial losses and sometimes even lives. For this reason, security and management measures against network threats are fundamental and have been researched for years. Software-defined networks (SDN) are an advancement in network management due to their centralization of the control plane, as it facilitates equipment setup and administration over the local network. However, this centralization makes the controller a target to denial of service attacks (DoS). In this study, we aim to develop a network anomaly detection and mitigation system that uses gated recurrent unit (GRU) neural networks combined with fuzzy logic. The neural network is trained to forecast future traffic, and anomalies are detected when the forecasting fails. The system is designed to operate in software-defined networks since they provide network flow information and tools to manage forwarding tables. We also demonstrate how the neural network’s hyperparameters affect the detection module. The system was tested using two datasets: one with emulated traffic generated by the data communication and networking research group called Orion, from computer science department at state university of Londrina, and CICDDoS2019, a well-known dataset by the anomaly detection community. The results show that GRU networks combined with fuzzy logic are a viable option to detect anomalies in SDN and possibly in other anomaly detection applications. The system was compared with other deep learning techniques.https://ieeexplore.ieee.org/document/9826720/Anomaly detectiondeep learningfuzzy logicgated recurrent unitsoftware-defined networks |
spellingShingle | Daniel M. Brandao Lent Matheus P. Novaes Luiz F. Carvalho Jaime Lloret Joel J. P. C. Rodrigues Mario Lemes Proenca A Gated Recurrent Unit Deep Learning Model to Detect and Mitigate Distributed Denial of Service and Portscan Attacks IEEE Access Anomaly detection deep learning fuzzy logic gated recurrent unit software-defined networks |
title | A Gated Recurrent Unit Deep Learning Model to Detect and Mitigate Distributed Denial of Service and Portscan Attacks |
title_full | A Gated Recurrent Unit Deep Learning Model to Detect and Mitigate Distributed Denial of Service and Portscan Attacks |
title_fullStr | A Gated Recurrent Unit Deep Learning Model to Detect and Mitigate Distributed Denial of Service and Portscan Attacks |
title_full_unstemmed | A Gated Recurrent Unit Deep Learning Model to Detect and Mitigate Distributed Denial of Service and Portscan Attacks |
title_short | A Gated Recurrent Unit Deep Learning Model to Detect and Mitigate Distributed Denial of Service and Portscan Attacks |
title_sort | gated recurrent unit deep learning model to detect and mitigate distributed denial of service and portscan attacks |
topic | Anomaly detection deep learning fuzzy logic gated recurrent unit software-defined networks |
url | https://ieeexplore.ieee.org/document/9826720/ |
work_keys_str_mv | AT danielmbrandaolent agatedrecurrentunitdeeplearningmodeltodetectandmitigatedistributeddenialofserviceandportscanattacks AT matheuspnovaes agatedrecurrentunitdeeplearningmodeltodetectandmitigatedistributeddenialofserviceandportscanattacks AT luizfcarvalho agatedrecurrentunitdeeplearningmodeltodetectandmitigatedistributeddenialofserviceandportscanattacks AT jaimelloret agatedrecurrentunitdeeplearningmodeltodetectandmitigatedistributeddenialofserviceandportscanattacks AT joeljpcrodrigues agatedrecurrentunitdeeplearningmodeltodetectandmitigatedistributeddenialofserviceandportscanattacks AT mariolemesproenca agatedrecurrentunitdeeplearningmodeltodetectandmitigatedistributeddenialofserviceandportscanattacks AT danielmbrandaolent gatedrecurrentunitdeeplearningmodeltodetectandmitigatedistributeddenialofserviceandportscanattacks AT matheuspnovaes gatedrecurrentunitdeeplearningmodeltodetectandmitigatedistributeddenialofserviceandportscanattacks AT luizfcarvalho gatedrecurrentunitdeeplearningmodeltodetectandmitigatedistributeddenialofserviceandportscanattacks AT jaimelloret gatedrecurrentunitdeeplearningmodeltodetectandmitigatedistributeddenialofserviceandportscanattacks AT joeljpcrodrigues gatedrecurrentunitdeeplearningmodeltodetectandmitigatedistributeddenialofserviceandportscanattacks AT mariolemesproenca gatedrecurrentunitdeeplearningmodeltodetectandmitigatedistributeddenialofserviceandportscanattacks |