Authors: Hanene Mennour; Sihem Mostefai
Addresses: MISC Laboratory, University Abdelhamid Mehri, Constantine 2, Compus Ali Mendjeli, 25000 Constantine, Algeria ' MISC Laboratory, University Abdelhamid Mehri, Constantine 2, Compus Ali Mendjeli, 25000 Constantine, Algeria
Abstract: The nuisance of distributed denial-of-service (DDoS) attacks has extended unremittingly nowadays. Thus, guaranteeing system availability in this open-ended pandemic is a crucial task. In this work, we propose three different deep learning strategies as a network anomaly-based intrusion detection system (N-IDS) for a DDoS multi-classification task. We built a deep convolutional neural network (CNN), a stacked long short-term memory (S-LSTM) neural network which is a distinct artificial recurrent neural network (RNN), the third model is a hybridisation between CNN and LSTM. Then, we evaluated them on three up to date flow-based datasets: CICIDS2017, CICDDoS2019 and BoT-IoT benchmarks. The outcomes demonstrate that hybrid CNN-LSTM outperforms the existing state-of-the-art schemes in almost all the validation metrics.
Keywords: deep learning; intrusion detection system; IDS; network intrusion detection system; NIDS; anomaly-based; distributed denial-of-service; DDoS; multi-classification; convolutional neural network; CNN; long short-term memory; LSTM; flow-based; CICDDoS2019.
International Journal of Networking and Virtual Organisations, 2022 Vol.26 No.1/2, pp.80 - 103
Received: 31 Aug 2020
Accepted: 23 Aug 2021
Published online: 23 Mar 2022 *