Adaptive machine learning and signal processing detection schemes for DDoS attacks
Loading...
Date
2022-01-20
Authors
Ghanbari, Maryam
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
When cybersecurity flaws cause devices to be vulnerable to cyber-attacks, the functionality of these physical devices can be compromised which ultimately affects society. To prevent these attacks, intrusion detection systems (IDSs) can be used.
In the first stage of this research, the feature extraction methods are designed as creating a mother wavelet and improving the VFD to enhance detection rate. The adaptive mother wavelet for a specific application, DDoS attacks, is created to achieve the highest similarity and adaptability to the input data. Since an Internet traffic data with distributed denial of service attacks (DDoS ITD) is a long-range dependence signal, a multiscale analysis that measures a signal with various scales is created to extract the hidden characteristics of each scale of the DDoS ITD. This research uses and expands a method that works with online variance fractal dimension. This dimension is based on a polyscale analysis, which measures a signal with various scales and its outcome correlation requires all the scales to be used simultaneously. Therefore, the hidden features of the DDoS ITD are extracted in each scale. As a result, the DDoS attacks can be detected with a higher detection rate with the polyscale analysis. In the second stage of this research, an IDS based on a convolutional neural network (CNN) is developed to enhance the sensitivity of DDoS attacks detection. As such, a weighted cost function is developed for evaluating the artificial neural network and the CNN structure. Moreover, an adaptive structure for the CNN is designed and created. For designing the IDS, the weighted cost function and the adaptive CNN structure are applied. The IDS produces 95% accuracy of detection rate. In the third stage of this research, a realistic IDS for real world is designed and implemented because the real-world data is unlabeled, so supervised learning methods are not realistic. To obtain a more realistic IDS, the proposed structure of the polyscale convolutional neural network (PCNN) regarding the policy gradient based deep reinforcement learning (DRL) is used to design and implement the IDS for unlabeled data. The IDS detects the anomalies with 93% accuracy.
Description
Keywords
Internet traffic time series, Distributed denial of service (DDoS) attacks, Artificial neural network, Convolutional neural network, Policy gradient based deep reinforcement learning (PGDRL), Genetic algorithm, Adaptive mother wavelet, Designing adaptive wavelet, Weighted cost function
Citation
IEEE