Binary classification of Low-Rate DoS attacks using Long Short-Term Memory Feed-Forward (LSTM-FF) Intrusion Detection System (IDS)

Binary classification of Low-Rate DoS attacks using Long Short-Term Memory Feed-Forward (LSTM-FF) Intrusion Detection System (IDS)

The data and size of networks have grown substantially due to the rapid development of the Internet and other communication techniques. This has led to the development of numerous new types of attacks, making it harder for network security to detect intrusions accurately. The goal of a Denial of Ser...

Full description

Saved in:
Bibliographic Details
Main Authors: Suhaila ZeinElabideen Omer, Fazirulhisyam Hashim, Aduwati Sali, Faisul Arif Ahmad
Format: Article
Language:English
Published: Elsevier 2025-06-01
Series:Engineering Science and Technology, an International Journal
Subjects:
Deep Learning (DL)
Low-Rate DoS (LR-DoS)
Intrusion Detection System (IDS)
Recurrent Neural Network (RNN)
Long-Short Term Memory (LSTM)
Online Access:http://www.sciencedirect.com/science/article/pii/S2215098625001041
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The data and size of networks have grown substantially due to the rapid development of the Internet and other communication techniques. This has led to the development of numerous new types of attacks, making it harder for network security to detect intrusions accurately. The goal of a Denial of Service (DoS) attack is to overwhelm a target with malicious traffic, exhausting its processing power and network bandwidth. Traditional DoS attacks rely on brute force techniques, making them easier to detect, whereas low-rate and slow attacks pose a greater threat due to their stealthy nature. These attacks target application or server resources with a prolonged trickle of traffic, requiring minimal bandwidth yet making mitigation challenging. Their low resource footprint allows them to degrade or deny service to legitimate users while remaining undetected for extended periods. This research introduces an advanced Intrusion Detection System (IDS) that utilizes a hybrid Long Short-Term Memory Feedforward (LSTM-FF) Neural Network to tackle existing challenges in detecting low-rate DoS (LR-DoS) attacks. Unlike previous models, our approach combines temporal sequence learning with feature refinement, thereby improving the detection of LR-DoS. Additionally, we incorporate automated feature selection using Random Forest, which optimizes efficiency while maintaining interpretability. For model training and evaluation, we use the CIC-DOS2017 dataset, which includes eight distinct types of LR-DoS attacks. To enhance generalizability, we also utilize the CSE-CIC-IDS2018 dataset and the newly introduced LR-HR-DDOS2024 dataset, specifically designed for Software-Defined Networking (SDN)-based environments. To address the class imbalance, we implement a stratified k-fold cross-validation strategy, ensuring robust performance across various attack scenarios. To thoroughly evaluate model performance, we adopt a comprehensive set of metrics, including accuracy, precision, recall, F1-score, specificity, False Alarm Rate (FAR), and ROC-AUC. This ensures a well-rounded validation of our approach. The model surpassed all previous state-of-the-art models with an impressive accuracy of 99.70%, precision of 99.47%, specificity of 99.97%, and an F1-score of 97.52%, all while retaining a low FAR of roughly 0.03%. The LSTM-FF approach also worked well in multi-class classification, with a 99.54% accuracy rate, 93.19% precision, 99.59% specificity, 90.28% F1 score, and 0.40% FAR.
ISSN:2215-0986

Similar Items