Loading…
A Gated Recurrent Unit Deep Learning Model to Detect and Mitigate Distributed Denial of Service and Portscan Attacks
Nowadays, it is common for applications to require servers to run constantly and aim as close as possible to zero downtime. The slightest failure might cause significant financial losses and sometimes even lives. For this reason, security and management measures against network threats are fundament...
Saved in:
Published in: | IEEE access 2022, Vol.10, p.73229-73242 |
---|---|
Main Authors: | , , , , , |
Format: | Article |
Language: | English |
Subjects: | |
Citations: | Items that cite this one |
Online Access: | Get full text |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
cited_by | cdi_FETCH-LOGICAL-c408t-ed38b13d78896efc09af9ce07d80eb0b0ed5b1d227241f900a4a42b65ac32b3f3 |
---|---|
cites | |
container_end_page | 73242 |
container_issue | |
container_start_page | 73229 |
container_title | IEEE access |
container_volume | 10 |
creator | Brandao Lent, Daniel M. Novaes, Matheus P. Carvalho, Luiz F. Lloret, Jaime Rodrigues, Joel J. P. C. Proenca, Mario Lemes |
description | Nowadays, it is common for applications to require servers to run constantly and aim as close as possible to zero downtime. The slightest failure might cause significant financial losses and sometimes even lives. For this reason, security and management measures against network threats are fundamental and have been researched for years. Software-defined networks (SDN) are an advancement in network management due to their centralization of the control plane, as it facilitates equipment setup and administration over the local network. However, this centralization makes the controller a target to denial of service attacks (DoS). In this study, we aim to develop a network anomaly detection and mitigation system that uses gated recurrent unit (GRU) neural networks combined with fuzzy logic. The neural network is trained to forecast future traffic, and anomalies are detected when the forecasting fails. The system is designed to operate in software-defined networks since they provide network flow information and tools to manage forwarding tables. We also demonstrate how the neural network's hyperparameters affect the detection module. The system was tested using two datasets: one with emulated traffic generated by the data communication and networking research group called Orion, from computer science department at state university of Londrina, and CICDDoS2019, a well-known dataset by the anomaly detection community. The results show that GRU networks combined with fuzzy logic are a viable option to detect anomalies in SDN and possibly in other anomaly detection applications. The system was compared with other deep learning techniques. |
doi_str_mv | 10.1109/ACCESS.2022.3190008 |
format | article |
fullrecord | <record><control><sourceid>proquest_ieee_</sourceid><recordid>TN_cdi_ieee_primary_9826720</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>9826720</ieee_id><doaj_id>oai_doaj_org_article_fbf8915bd040422e98bcc63a7d33dede</doaj_id><sourcerecordid>2691875150</sourcerecordid><originalsourceid>FETCH-LOGICAL-c408t-ed38b13d78896efc09af9ce07d80eb0b0ed5b1d227241f900a4a42b65ac32b3f3</originalsourceid><addsrcrecordid>eNpNkUtrWzEQhS-lgQbXvyAbQdd2R9J9SEtjp67BISGu10KPkZHrXrmSXOi_77VvCF2NOHznzIhTVQ8U5pSC_LpYLh93uzkDxuacSgAQH6p7Rls54w1vP_73_lRNcz7CFRmkpruvyoKsdUFHXtFeUsK-kH0fClkhnskWdepDfyBP0eGJlDjIBW0hunfkKZRwGKxkFXJJwVyuKSvsgz6R6MkO059g8Ya-xFSy1T1ZlKLtz_y5uvP6lHH6NifV_tvjj-X32fZ5vVkutjNbgygzdFwYyl0nhGzRW5DaS4vQOQFowAC6xlDHWMdq6oeP61rXzLSNtpwZ7vmk2oy5LuqjOqfwS6e_KuqgbkJMB6VTCfaEyhsvJG2MgxpqxlAKY23Ldec4d-hwyPoyZp1T_H3BXNQxXlI_nK9YK6noGtrAQPGRsinmnNC_b6Wgrm2psS11bUu9tTW4HkZXQMR3hxSs7Rjwf7c0kL0</addsrcrecordid><sourcetype>Open Website</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2691875150</pqid></control><display><type>article</type><title>A Gated Recurrent Unit Deep Learning Model to Detect and Mitigate Distributed Denial of Service and Portscan Attacks</title><source>IEEE Xplore Open Access Journals</source><creator>Brandao Lent, Daniel M. ; Novaes, Matheus P. ; Carvalho, Luiz F. ; Lloret, Jaime ; Rodrigues, Joel J. P. C. ; Proenca, Mario Lemes</creator><creatorcontrib>Brandao Lent, Daniel M. ; Novaes, Matheus P. ; Carvalho, Luiz F. ; Lloret, Jaime ; Rodrigues, Joel J. P. C. ; Proenca, Mario Lemes</creatorcontrib><description>Nowadays, it is common for applications to require servers to run constantly and aim as close as possible to zero downtime. The slightest failure might cause significant financial losses and sometimes even lives. For this reason, security and management measures against network threats are fundamental and have been researched for years. Software-defined networks (SDN) are an advancement in network management due to their centralization of the control plane, as it facilitates equipment setup and administration over the local network. However, this centralization makes the controller a target to denial of service attacks (DoS). In this study, we aim to develop a network anomaly detection and mitigation system that uses gated recurrent unit (GRU) neural networks combined with fuzzy logic. The neural network is trained to forecast future traffic, and anomalies are detected when the forecasting fails. The system is designed to operate in software-defined networks since they provide network flow information and tools to manage forwarding tables. We also demonstrate how the neural network's hyperparameters affect the detection module. The system was tested using two datasets: one with emulated traffic generated by the data communication and networking research group called Orion, from computer science department at state university of Londrina, and CICDDoS2019, a well-known dataset by the anomaly detection community. The results show that GRU networks combined with fuzzy logic are a viable option to detect anomalies in SDN and possibly in other anomaly detection applications. The system was compared with other deep learning techniques.</description><identifier>ISSN: 2169-3536</identifier><identifier>EISSN: 2169-3536</identifier><identifier>DOI: 10.1109/ACCESS.2022.3190008</identifier><identifier>CODEN: IAECCG</identifier><language>eng</language><publisher>Piscataway: IEEE</publisher><subject>Anomalies ; Anomaly detection ; Control equipment ; Cybersecurity ; Datasets ; Deep learning ; Denial of service attacks ; Downtime ; Feature extraction ; Fuzzy logic ; gated recurrent unit ; Logic gates ; Neural networks ; Security ; Software ; Software-defined networking ; software-defined networks</subject><ispartof>IEEE access, 2022, Vol.10, p.73229-73242</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2022</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c408t-ed38b13d78896efc09af9ce07d80eb0b0ed5b1d227241f900a4a42b65ac32b3f3</citedby><orcidid>0000-0003-1626-6922 ; 0000-0002-1343-0398 ; 0000-0001-8657-3800 ; 0000-0002-0862-0533 ; 0000-0002-0492-322X</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/9826720$$EHTML$$P50$$Gieee$$Hfree_for_read</linktohtml><link.rule.ids>314,780,784,4024,27633,27923,27924,27925,54933</link.rule.ids></links><search><creatorcontrib>Brandao Lent, Daniel M.</creatorcontrib><creatorcontrib>Novaes, Matheus P.</creatorcontrib><creatorcontrib>Carvalho, Luiz F.</creatorcontrib><creatorcontrib>Lloret, Jaime</creatorcontrib><creatorcontrib>Rodrigues, Joel J. P. C.</creatorcontrib><creatorcontrib>Proenca, Mario Lemes</creatorcontrib><title>A Gated Recurrent Unit Deep Learning Model to Detect and Mitigate Distributed Denial of Service and Portscan Attacks</title><title>IEEE access</title><addtitle>Access</addtitle><description>Nowadays, it is common for applications to require servers to run constantly and aim as close as possible to zero downtime. The slightest failure might cause significant financial losses and sometimes even lives. For this reason, security and management measures against network threats are fundamental and have been researched for years. Software-defined networks (SDN) are an advancement in network management due to their centralization of the control plane, as it facilitates equipment setup and administration over the local network. However, this centralization makes the controller a target to denial of service attacks (DoS). In this study, we aim to develop a network anomaly detection and mitigation system that uses gated recurrent unit (GRU) neural networks combined with fuzzy logic. The neural network is trained to forecast future traffic, and anomalies are detected when the forecasting fails. The system is designed to operate in software-defined networks since they provide network flow information and tools to manage forwarding tables. We also demonstrate how the neural network's hyperparameters affect the detection module. The system was tested using two datasets: one with emulated traffic generated by the data communication and networking research group called Orion, from computer science department at state university of Londrina, and CICDDoS2019, a well-known dataset by the anomaly detection community. The results show that GRU networks combined with fuzzy logic are a viable option to detect anomalies in SDN and possibly in other anomaly detection applications. The system was compared with other deep learning techniques.</description><subject>Anomalies</subject><subject>Anomaly detection</subject><subject>Control equipment</subject><subject>Cybersecurity</subject><subject>Datasets</subject><subject>Deep learning</subject><subject>Denial of service attacks</subject><subject>Downtime</subject><subject>Feature extraction</subject><subject>Fuzzy logic</subject><subject>gated recurrent unit</subject><subject>Logic gates</subject><subject>Neural networks</subject><subject>Security</subject><subject>Software</subject><subject>Software-defined networking</subject><subject>software-defined networks</subject><issn>2169-3536</issn><issn>2169-3536</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2022</creationdate><recordtype>article</recordtype><sourceid>ESBDL</sourceid><sourceid>DOA</sourceid><recordid>eNpNkUtrWzEQhS-lgQbXvyAbQdd2R9J9SEtjp67BISGu10KPkZHrXrmSXOi_77VvCF2NOHznzIhTVQ8U5pSC_LpYLh93uzkDxuacSgAQH6p7Rls54w1vP_73_lRNcz7CFRmkpruvyoKsdUFHXtFeUsK-kH0fClkhnskWdepDfyBP0eGJlDjIBW0hunfkKZRwGKxkFXJJwVyuKSvsgz6R6MkO059g8Ya-xFSy1T1ZlKLtz_y5uvP6lHH6NifV_tvjj-X32fZ5vVkutjNbgygzdFwYyl0nhGzRW5DaS4vQOQFowAC6xlDHWMdq6oeP61rXzLSNtpwZ7vmk2oy5LuqjOqfwS6e_KuqgbkJMB6VTCfaEyhsvJG2MgxpqxlAKY23Ldec4d-hwyPoyZp1T_H3BXNQxXlI_nK9YK6noGtrAQPGRsinmnNC_b6Wgrm2psS11bUu9tTW4HkZXQMR3hxSs7Rjwf7c0kL0</recordid><startdate>2022</startdate><enddate>2022</enddate><creator>Brandao Lent, Daniel M.</creator><creator>Novaes, Matheus P.</creator><creator>Carvalho, Luiz F.</creator><creator>Lloret, Jaime</creator><creator>Rodrigues, Joel J. P. C.</creator><creator>Proenca, Mario Lemes</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>ESBDL</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>7SR</scope><scope>8BQ</scope><scope>8FD</scope><scope>JG9</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>DOA</scope><orcidid>https://orcid.org/0000-0003-1626-6922</orcidid><orcidid>https://orcid.org/0000-0002-1343-0398</orcidid><orcidid>https://orcid.org/0000-0001-8657-3800</orcidid><orcidid>https://orcid.org/0000-0002-0862-0533</orcidid><orcidid>https://orcid.org/0000-0002-0492-322X</orcidid></search><sort><creationdate>2022</creationdate><title>A Gated Recurrent Unit Deep Learning Model to Detect and Mitigate Distributed Denial of Service and Portscan Attacks</title><author>Brandao Lent, Daniel M. ; Novaes, Matheus P. ; Carvalho, Luiz F. ; Lloret, Jaime ; Rodrigues, Joel J. P. C. ; Proenca, Mario Lemes</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c408t-ed38b13d78896efc09af9ce07d80eb0b0ed5b1d227241f900a4a42b65ac32b3f3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2022</creationdate><topic>Anomalies</topic><topic>Anomaly detection</topic><topic>Control equipment</topic><topic>Cybersecurity</topic><topic>Datasets</topic><topic>Deep learning</topic><topic>Denial of service attacks</topic><topic>Downtime</topic><topic>Feature extraction</topic><topic>Fuzzy logic</topic><topic>gated recurrent unit</topic><topic>Logic gates</topic><topic>Neural networks</topic><topic>Security</topic><topic>Software</topic><topic>Software-defined networking</topic><topic>software-defined networks</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Brandao Lent, Daniel M.</creatorcontrib><creatorcontrib>Novaes, Matheus P.</creatorcontrib><creatorcontrib>Carvalho, Luiz F.</creatorcontrib><creatorcontrib>Lloret, Jaime</creatorcontrib><creatorcontrib>Rodrigues, Joel J. P. C.</creatorcontrib><creatorcontrib>Proenca, Mario Lemes</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE Xplore Open Access Journals</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library Online</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics & Communications Abstracts</collection><collection>Engineered Materials Abstracts</collection><collection>METADEX</collection><collection>Technology Research Database</collection><collection>Materials Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>Directory of Open Access Journals</collection><jtitle>IEEE access</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Brandao Lent, Daniel M.</au><au>Novaes, Matheus P.</au><au>Carvalho, Luiz F.</au><au>Lloret, Jaime</au><au>Rodrigues, Joel J. P. C.</au><au>Proenca, Mario Lemes</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>A Gated Recurrent Unit Deep Learning Model to Detect and Mitigate Distributed Denial of Service and Portscan Attacks</atitle><jtitle>IEEE access</jtitle><stitle>Access</stitle><date>2022</date><risdate>2022</risdate><volume>10</volume><spage>73229</spage><epage>73242</epage><pages>73229-73242</pages><issn>2169-3536</issn><eissn>2169-3536</eissn><coden>IAECCG</coden><abstract>Nowadays, it is common for applications to require servers to run constantly and aim as close as possible to zero downtime. The slightest failure might cause significant financial losses and sometimes even lives. For this reason, security and management measures against network threats are fundamental and have been researched for years. Software-defined networks (SDN) are an advancement in network management due to their centralization of the control plane, as it facilitates equipment setup and administration over the local network. However, this centralization makes the controller a target to denial of service attacks (DoS). In this study, we aim to develop a network anomaly detection and mitigation system that uses gated recurrent unit (GRU) neural networks combined with fuzzy logic. The neural network is trained to forecast future traffic, and anomalies are detected when the forecasting fails. The system is designed to operate in software-defined networks since they provide network flow information and tools to manage forwarding tables. We also demonstrate how the neural network's hyperparameters affect the detection module. The system was tested using two datasets: one with emulated traffic generated by the data communication and networking research group called Orion, from computer science department at state university of Londrina, and CICDDoS2019, a well-known dataset by the anomaly detection community. The results show that GRU networks combined with fuzzy logic are a viable option to detect anomalies in SDN and possibly in other anomaly detection applications. The system was compared with other deep learning techniques.</abstract><cop>Piscataway</cop><pub>IEEE</pub><doi>10.1109/ACCESS.2022.3190008</doi><tpages>14</tpages><orcidid>https://orcid.org/0000-0003-1626-6922</orcidid><orcidid>https://orcid.org/0000-0002-1343-0398</orcidid><orcidid>https://orcid.org/0000-0001-8657-3800</orcidid><orcidid>https://orcid.org/0000-0002-0862-0533</orcidid><orcidid>https://orcid.org/0000-0002-0492-322X</orcidid><oa>free_for_read</oa></addata></record> |
fulltext | fulltext |
identifier | ISSN: 2169-3536 |
ispartof | IEEE access, 2022, Vol.10, p.73229-73242 |
issn | 2169-3536 2169-3536 |
language | eng |
recordid | cdi_ieee_primary_9826720 |
source | IEEE Xplore Open Access Journals |
subjects | Anomalies Anomaly detection Control equipment Cybersecurity Datasets Deep learning Denial of service attacks Downtime Feature extraction Fuzzy logic gated recurrent unit Logic gates Neural networks Security Software Software-defined networking software-defined networks |
title | A Gated Recurrent Unit Deep Learning Model to Detect and Mitigate Distributed Denial of Service and Portscan Attacks |
url | http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-25T22%3A38%3A59IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_ieee_&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=A%20Gated%20Recurrent%20Unit%20Deep%20Learning%20Model%20to%20Detect%20and%20Mitigate%20Distributed%20Denial%20of%20Service%20and%20Portscan%20Attacks&rft.jtitle=IEEE%20access&rft.au=Brandao%20Lent,%20Daniel%20M.&rft.date=2022&rft.volume=10&rft.spage=73229&rft.epage=73242&rft.pages=73229-73242&rft.issn=2169-3536&rft.eissn=2169-3536&rft.coden=IAECCG&rft_id=info:doi/10.1109/ACCESS.2022.3190008&rft_dat=%3Cproquest_ieee_%3E2691875150%3C/proquest_ieee_%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c408t-ed38b13d78896efc09af9ce07d80eb0b0ed5b1d227241f900a4a42b65ac32b3f3%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=2691875150&rft_id=info:pmid/&rft_ieee_id=9826720&rfr_iscdi=true |