Abstract
A DDoS (Distributed Denial of Service) attack is a malicious attempt to disrupt the normal functioning of a targeted server, service, or network by overwhelming it with a flood of internet traffic.
This thesis presents a modern intelligent DDoS attack detection model based on federated learning and neural networks. This model is shortly called the DDoS-FLNN model. The proposed DDoS-FLNN uses a modern data set called “CIC-Bell-DNS-EXF-Dataset” that is characterized by the diversity of attack behavior that allowed the derivation of five sub-data sets to suit the application of the Federated Learning approaches.
The DDoS-FLNN proposed a hybrid LSTM+CNN (Long Short-Term Memory+ convolution neural network )classification DDoS attack model by combining both models, with LSTM capturing temporal patterns from sequential data and CNN capturing spatial patterns for input data. The proposed hybrid LSTM+CNN aims to achieve optimal accuracy in DDoS attack detection.
The proposed DDoS-FLNN model includes several stages: loading datasets, cleaning and preprocessing datasets such as label feature encoding, one-hot coding, exploratory data analysis (EDA) techniques, and data normalization; creating five subsets of datasets (“Attach-heavy,” “Attack-heavy-benign, “Attack-light,” “Attack-light-benign,” and “benign); splitting datasets into 80% training and d 20% testing; Train local client-level based on four classification models (LSTM, CNN, proposed hybrid LSTM+CNN, and Transformer learning), select the best model, apply federate learning based on the best model with its update parameters, and finally evaluate federate learning at the local client-level .
As a result of the experiments at five local client levels based on four classification models, it was proven that the proposed hybrid LSTM+CNN model outperformed the rest of the models. The hybrid LSTM+CNN has optimal accuracy, precision, recall, and F1-score across five datasets. Based on these results, the proposed DDoS-FNLL selects a hybrid LSTM+CNN as the optimal model and uploads it to the central server at the global level to apply federated learning.
