Deep Learning Approaches for SYN Flood Detection in Internet Service Providers Network
Keywords:
SYN Flood Attack, Deep Learning, Convolutional Neural Networks (CNNs), Recurrent Neural Networks (RNNs), Long Short-Term Memory (LSTM), Network Security, Intrusion Detection Systems (IDS), ISP Networks, Anomaly Detection, Real-Time DetectionAbstract
In the context of growing network security threats, SYN flood attacks are one of the most apparent dilemmas being encountered by Internet Service Providers (ISPs). The attacks are problematic because they outpace traditional detection mechanisms. In a research paper published by the authors, three deep learning algorithms - Convolutional Neural Networks (CNNs), Recurrent Neural Networks (RNNs) and Long Short-Term Memory (LSTM) networks are considered suitable for identifying SYN flood attacks in ISP network. In this paper, these models have been developed for classifying anomalous traffic flows with a wide variety of attack and normal behaviors in an extensive dataset. The CNN though quite computationally apt it also has an accuracy of 94.2% and a F1-score of 94.6%, detecting almost all SYN flood attacks correctly with C-NN model while keeping the computational load to harvestable levels! The RNN model (~ 91.5-accuracy, ~92.2-F1-score) digit showed shortened latency detection of the temporal pattern with higher FP-rates. This unit (LSTM) was greater than more models as cricket scored at 96.0 % with a F1 score of ninety-five, eight%, which suggests the very best ability to locate attacks without realistically any fake negatives however additionally he maximum computation useful resource needful representation We analyze trade-offs between the detection accuracy and computational efficiency, thus suggesting how these models may be practically deployed in real-world ISP environments.
References
K. Hussain, S. J. Hussain, N. Z. Jhanjhi, and M. Humayun, “SYN flood attack detection based on Bayes estimator (SFADBE) for MANET,” in 2019 International Conference on Computer and Information Sciences (ICCIS), Apr. 2019, pp. 1-4. IEEE. Available from: http://dx.doi.org/10.1109/ICCISci.2019.8716416
M. Rahouti, K. Xiong, N. Ghani, and F. Shaikh, “SYNGuard: Dynamic threshold?based SYN flood attack detection and mitigation in software?defined networks,” IET Networks, vol. 10, no. 2, pp. 76-87, 2021. Available from: http://dx.doi.org/10.1049/ntw2.12009
B. N. Ramkumar and T. Subbulakshmi, “TCP SYN flood attack detection and prevention system using adaptive thresholding method,” in ITM Web of Conferences, vol. 37, p. 01016, 2021. EDP Sciences. Available from: https://doi.org/10.1051/itmconf/20213701016
M. Bellaiche and J. C. Gregoire, “SYN flooding attack detection based on entropy computing,” in GLOBECOM 2009-2009 IEEE Global Telecommunications Conference, Nov. 2009, pp. 1-6. IEEE. Available from: http://dx.doi.org/10.1109/GLOCOM.2009.5425454
S. Evmorfos, G. Vlachodimitropoulos, N. Bakalos, and E. Gelenbe, “Neural network architectures for the detection of SYN flood attacks in IoT systems,” in Proceedings of the 13th ACM International Conference on PErvasive Technologies Related to Assistive Environments, Jun. 2020, pp. 1-4. Available from: http://dx.doi.org/10.1145/3389189.3398000
H. S. Salunkhe, S. Jadhav, and V. Bhosale, “Analysis and review of TCP SYN flood attack on network with its detection and performance metrics,” International Journal of Engineering Research & Technology (IJERT), vol. 6, no. 01, pp. 2278-0181, 2017. Available from: http://dx.doi.org/10.17577/IJERTV6IS010218
N. H. Oo and A. H. Maw, “Effective detection and mitigation of SYN flooding attack in SDN,” in 2019 19th International Symposium on Communications and Information Technologies (ISCIT), Sep. 2019, pp. 300-305. IEEE. Available from: http://dx.doi.org/10.1109/ISCIT.2019.8905209
C. Sun, C. Hu, and B. Liu, “SACK2: Effective SYN flood detection against skillful spoofs,” IET Information Security, vol. 6, no. 3, pp. 149-157, 2012. Available from: http://dx.doi.org/10.1049/iet-ifs.2010.0158
K. Geetha and N. Sreenath, “SYN flooding attack—Identification and analysis,” in International Conference on Information Communication and Embedded Systems (ICICES2014), Feb. 2014, pp. 1-7. IEEE. Available from: https://doi.org/10.1109/ICICES.2014.7033828
G. Ramadhan, Y. Kurniawan, and C. S. Kim, “Design of TCP SYN Flood DDoS attack detection using artificial immune systems,” in 2016 6th International Conference on System Engineering and Technology (ICSET), Oct. 2016, pp. 72-76. IEEE. Available from: http://dx.doi.org/10.1109/FIT.2016.7857541
X. Zhang, L. Chen, and J. Bai, “SYN Flood Attack Detection and Defense Method Based on Extended Berkeley Packet Filter,” in Advances in Natural Computation, Fuzzy Systems and Knowledge Discovery: Proceedings of the ICNC-FSKD 2021 17, Springer International Publishing, 2022, pp. 1416-1427. Available from: http://dx.doi.org/10.1007/978-3-030-89698-0_145
M. Bogdanoski, T. Suminoski, and A. Risteski, “Analysis of the SYN flood DoS attack,” International Journal of Computer Network and Information Security (IJCNIS), vol. 5, no. 8, pp. 1-11, 2013. Available from: http://dx.doi.org/10.5815/ijcnis.2013.08.01
A. Kumar, I. Sharma, N. Thapliyal, and R. S. Rawat, “Enhancing Security in HIL-based Augmented Industrial Control Systems: Insights from Dataset Analysis and Model Development,” in 2024 5th International Conference for Emerging Technology (INCET), May 2024, pp. 1-5. IEEE. Available from: http://dx.doi.org/10.1109/INCET61516.2024.10593064
A. Kumari and I. Sharma, “Integrated RNN-SVM Model for Improved Detection of Imbalanced DNS Heavy Attacks,” in 2024 2nd International Conference on Advancement in Computation & Computer Technologies (InCACCT), May 2024, pp. 337-341. IEEE. Available from: http://dx.doi.org/10.1109/InCACCT61598.2024.10550986
V. Pahuja, A. Khanna, and I. Sharma, “RansomSheild: Novel Framework for Effective Data Recovery in Ransomware Recovery Process,” in 2024 IEEE International Conference on Big Data & Machine Learning (ICBDML), Feb. 2024, pp. 240-245. IEEE. Available from: https://doi.org/10.1109/ICBDML60909.2024.10577365
T. Liu, F. Sabrina, J. Jang-Jaccard, W. Xu, and Y. Wei, “Artificial intelligence-enabled DDoS detection for blockchain-based smart transport systems,” Sensors, vol. 22, no. 1, pp. 32, 2021. Available from: https://doi.org/10.3390/s22010032
K. Bhatia, A. Khanna, and I. Sharma, “Enhancing Disaster Recovery Mechanism in SCADA using Multichain Blockchain,” in 2024 2nd International Conference on Device Intelligence, Computing and Communication Technologies (DICCT), Mar. 2024, pp. 226-231. IEEE. Available from: http://dx.doi.org/10.1109/DICCT61038.2024.10532921
