Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Advancing DDoS Attack Detection: A Synergistic Approach Using Deep Residual Neural Networks and Synthetic Oversampling

Ali Alfatemi, Mohamed Rahouti, Ruhul Amin, Sarah ALJamal, Kaiqi Xiong, Yufeng Xin

TL;DR

This work tackles the challenge of detecting DDoS attacks under class imbalance by combining SMOTE oversampling with a deep residual network enhanced by attention mechanisms. It introduces a dual-phase training regime where Phase 1 trains on original data and Phase 2 refines on SMOTE-balanced data with a regularization term to preserve Phase 1 predictions, achieving high discriminative performance. On the CICIDS dataset, the approach reports an accuracy of $99.98\%$, precision $99.98\%$, recall $99.96\%$, F1 $99.97\%$, and ROC-AUC of $1.00$, outperforming traditional methods. The results underscore the practical potential of integrating targeted data augmentation with deep learning to strengthen real-world cybersecurity defenses against evolving DDoS threats.

Abstract

Distributed Denial of Service (DDoS) attacks pose a significant threat to the stability and reliability of online systems. Effective and early detection of such attacks is pivotal for safeguarding the integrity of networks. In this work, we introduce an enhanced approach for DDoS attack detection by leveraging the capabilities of Deep Residual Neural Networks (ResNets) coupled with synthetic oversampling techniques. Because of the inherent class imbalance in many cyber-security datasets, conventional methods often struggle with false negatives, misclassifying subtle DDoS patterns as benign. By applying the Synthetic Minority Over-sampling Technique (SMOTE) to the CICIDS dataset, we balance the representation of benign and malicious data points, enabling the model to better discern intricate patterns indicative of an attack. Our deep residual network, tailored for this specific task, further refines the detection process. Experimental results on a real-world dataset demonstrate that our approach achieves an accuracy of 99.98%, significantly outperforming traditional methods. This work underscores the potential of combining advanced data augmentation techniques with deep learning models to bolster cyber-security defenses.

Advancing DDoS Attack Detection: A Synergistic Approach Using Deep Residual Neural Networks and Synthetic Oversampling

TL;DR

This work tackles the challenge of detecting DDoS attacks under class imbalance by combining SMOTE oversampling with a deep residual network enhanced by attention mechanisms. It introduces a dual-phase training regime where Phase 1 trains on original data and Phase 2 refines on SMOTE-balanced data with a regularization term to preserve Phase 1 predictions, achieving high discriminative performance. On the CICIDS dataset, the approach reports an accuracy of , precision , recall , F1 , and ROC-AUC of , outperforming traditional methods. The results underscore the practical potential of integrating targeted data augmentation with deep learning to strengthen real-world cybersecurity defenses against evolving DDoS threats.

Abstract

Distributed Denial of Service (DDoS) attacks pose a significant threat to the stability and reliability of online systems. Effective and early detection of such attacks is pivotal for safeguarding the integrity of networks. In this work, we introduce an enhanced approach for DDoS attack detection by leveraging the capabilities of Deep Residual Neural Networks (ResNets) coupled with synthetic oversampling techniques. Because of the inherent class imbalance in many cyber-security datasets, conventional methods often struggle with false negatives, misclassifying subtle DDoS patterns as benign. By applying the Synthetic Minority Over-sampling Technique (SMOTE) to the CICIDS dataset, we balance the representation of benign and malicious data points, enabling the model to better discern intricate patterns indicative of an attack. Our deep residual network, tailored for this specific task, further refines the detection process. Experimental results on a real-world dataset demonstrate that our approach achieves an accuracy of 99.98%, significantly outperforming traditional methods. This work underscores the potential of combining advanced data augmentation techniques with deep learning models to bolster cyber-security defenses.
Paper Structure (30 sections, 15 equations, 3 figures, 2 tables, 1 algorithm)

This paper contains 30 sections, 15 equations, 3 figures, 2 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Related Work
  3. Research Background
  4. Synthetic Minority Over-sampling Technique (SMOTE)
  5. Deep Residual Network
  6. Attention-Augmented Residual Network
  7. Dual-Phase Training
  8. Phase 1-- Pre-training on Original Data:
  9. Phase 2-- Refinement with Augmented Data:
  10. Methodology
  11. Dataset Overview
  12. Data Preprocessing
  13. Initial Data Handling:
  14. Transformation of Categorical Data:
  15. Training and Testing Data Splitting:
  16. ...and 15 more sections

Figures (3)

  • Figure 1: Schematic representation of the data processing and analysis pipeline for DDoS attack detection. The detection workflow starts with initial data preparation. This is succeeded by synthetic oversampling via SMOTE to rectify class disproportion. Subsequently, a deep residual neural network processes the equilibrated data to recognize complex patterns, culminating in the identification of DDoS intrusions.
  • Figure 2: Training Accuracy over Epochs
  • Figure 3: Training Losses over Epochs