Loading…

A Gated Recurrent Unit Deep Learning Model to Detect and Mitigate Distributed Denial of Service and Portscan Attacks

Nowadays, it is common for applications to require servers to run constantly and aim as close as possible to zero downtime. The slightest failure might cause significant financial losses and sometimes even lives. For this reason, security and management measures against network threats are fundament...

Full description

Saved in:
Bibliographic Details
Published in:IEEE access 2022, Vol.10, p.73229-73242
Main Authors: Brandao Lent, Daniel M., Novaes, Matheus P., Carvalho, Luiz F., Lloret, Jaime, Rodrigues, Joel J. P. C., Proenca, Mario Lemes
Format: Article
Language:English
Subjects:
Citations: Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by cdi_FETCH-LOGICAL-c408t-ed38b13d78896efc09af9ce07d80eb0b0ed5b1d227241f900a4a42b65ac32b3f3
cites
container_end_page 73242
container_issue
container_start_page 73229
container_title IEEE access
container_volume 10
creator Brandao Lent, Daniel M.
Novaes, Matheus P.
Carvalho, Luiz F.
Lloret, Jaime
Rodrigues, Joel J. P. C.
Proenca, Mario Lemes
description Nowadays, it is common for applications to require servers to run constantly and aim as close as possible to zero downtime. The slightest failure might cause significant financial losses and sometimes even lives. For this reason, security and management measures against network threats are fundamental and have been researched for years. Software-defined networks (SDN) are an advancement in network management due to their centralization of the control plane, as it facilitates equipment setup and administration over the local network. However, this centralization makes the controller a target to denial of service attacks (DoS). In this study, we aim to develop a network anomaly detection and mitigation system that uses gated recurrent unit (GRU) neural networks combined with fuzzy logic. The neural network is trained to forecast future traffic, and anomalies are detected when the forecasting fails. The system is designed to operate in software-defined networks since they provide network flow information and tools to manage forwarding tables. We also demonstrate how the neural network's hyperparameters affect the detection module. The system was tested using two datasets: one with emulated traffic generated by the data communication and networking research group called Orion, from computer science department at state university of Londrina, and CICDDoS2019, a well-known dataset by the anomaly detection community. The results show that GRU networks combined with fuzzy logic are a viable option to detect anomalies in SDN and possibly in other anomaly detection applications. The system was compared with other deep learning techniques.
doi_str_mv 10.1109/ACCESS.2022.3190008
format article
fullrecord <record><control><sourceid>proquest_ieee_</sourceid><recordid>TN_cdi_ieee_primary_9826720</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>9826720</ieee_id><doaj_id>oai_doaj_org_article_fbf8915bd040422e98bcc63a7d33dede</doaj_id><sourcerecordid>2691875150</sourcerecordid><originalsourceid>FETCH-LOGICAL-c408t-ed38b13d78896efc09af9ce07d80eb0b0ed5b1d227241f900a4a42b65ac32b3f3</originalsourceid><addsrcrecordid>eNpNkUtrWzEQhS-lgQbXvyAbQdd2R9J9SEtjp67BISGu10KPkZHrXrmSXOi_77VvCF2NOHznzIhTVQ8U5pSC_LpYLh93uzkDxuacSgAQH6p7Rls54w1vP_73_lRNcz7CFRmkpruvyoKsdUFHXtFeUsK-kH0fClkhnskWdepDfyBP0eGJlDjIBW0hunfkKZRwGKxkFXJJwVyuKSvsgz6R6MkO059g8Ya-xFSy1T1ZlKLtz_y5uvP6lHH6NifV_tvjj-X32fZ5vVkutjNbgygzdFwYyl0nhGzRW5DaS4vQOQFowAC6xlDHWMdq6oeP61rXzLSNtpwZ7vmk2oy5LuqjOqfwS6e_KuqgbkJMB6VTCfaEyhsvJG2MgxpqxlAKY23Ldec4d-hwyPoyZp1T_H3BXNQxXlI_nK9YK6noGtrAQPGRsinmnNC_b6Wgrm2psS11bUu9tTW4HkZXQMR3hxSs7Rjwf7c0kL0</addsrcrecordid><sourcetype>Open Website</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2691875150</pqid></control><display><type>article</type><title>A Gated Recurrent Unit Deep Learning Model to Detect and Mitigate Distributed Denial of Service and Portscan Attacks</title><source>IEEE Xplore Open Access Journals</source><creator>Brandao Lent, Daniel M. ; Novaes, Matheus P. ; Carvalho, Luiz F. ; Lloret, Jaime ; Rodrigues, Joel J. P. C. ; Proenca, Mario Lemes</creator><creatorcontrib>Brandao Lent, Daniel M. ; Novaes, Matheus P. ; Carvalho, Luiz F. ; Lloret, Jaime ; Rodrigues, Joel J. P. C. ; Proenca, Mario Lemes</creatorcontrib><description>Nowadays, it is common for applications to require servers to run constantly and aim as close as possible to zero downtime. The slightest failure might cause significant financial losses and sometimes even lives. For this reason, security and management measures against network threats are fundamental and have been researched for years. Software-defined networks (SDN) are an advancement in network management due to their centralization of the control plane, as it facilitates equipment setup and administration over the local network. However, this centralization makes the controller a target to denial of service attacks (DoS). In this study, we aim to develop a network anomaly detection and mitigation system that uses gated recurrent unit (GRU) neural networks combined with fuzzy logic. The neural network is trained to forecast future traffic, and anomalies are detected when the forecasting fails. The system is designed to operate in software-defined networks since they provide network flow information and tools to manage forwarding tables. We also demonstrate how the neural network's hyperparameters affect the detection module. The system was tested using two datasets: one with emulated traffic generated by the data communication and networking research group called Orion, from computer science department at state university of Londrina, and CICDDoS2019, a well-known dataset by the anomaly detection community. The results show that GRU networks combined with fuzzy logic are a viable option to detect anomalies in SDN and possibly in other anomaly detection applications. The system was compared with other deep learning techniques.</description><identifier>ISSN: 2169-3536</identifier><identifier>EISSN: 2169-3536</identifier><identifier>DOI: 10.1109/ACCESS.2022.3190008</identifier><identifier>CODEN: IAECCG</identifier><language>eng</language><publisher>Piscataway: IEEE</publisher><subject>Anomalies ; Anomaly detection ; Control equipment ; Cybersecurity ; Datasets ; Deep learning ; Denial of service attacks ; Downtime ; Feature extraction ; Fuzzy logic ; gated recurrent unit ; Logic gates ; Neural networks ; Security ; Software ; Software-defined networking ; software-defined networks</subject><ispartof>IEEE access, 2022, Vol.10, p.73229-73242</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2022</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c408t-ed38b13d78896efc09af9ce07d80eb0b0ed5b1d227241f900a4a42b65ac32b3f3</citedby><orcidid>0000-0003-1626-6922 ; 0000-0002-1343-0398 ; 0000-0001-8657-3800 ; 0000-0002-0862-0533 ; 0000-0002-0492-322X</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/9826720$$EHTML$$P50$$Gieee$$Hfree_for_read</linktohtml><link.rule.ids>314,780,784,4024,27633,27923,27924,27925,54933</link.rule.ids></links><search><creatorcontrib>Brandao Lent, Daniel M.</creatorcontrib><creatorcontrib>Novaes, Matheus P.</creatorcontrib><creatorcontrib>Carvalho, Luiz F.</creatorcontrib><creatorcontrib>Lloret, Jaime</creatorcontrib><creatorcontrib>Rodrigues, Joel J. P. C.</creatorcontrib><creatorcontrib>Proenca, Mario Lemes</creatorcontrib><title>A Gated Recurrent Unit Deep Learning Model to Detect and Mitigate Distributed Denial of Service and Portscan Attacks</title><title>IEEE access</title><addtitle>Access</addtitle><description>Nowadays, it is common for applications to require servers to run constantly and aim as close as possible to zero downtime. The slightest failure might cause significant financial losses and sometimes even lives. For this reason, security and management measures against network threats are fundamental and have been researched for years. Software-defined networks (SDN) are an advancement in network management due to their centralization of the control plane, as it facilitates equipment setup and administration over the local network. However, this centralization makes the controller a target to denial of service attacks (DoS). In this study, we aim to develop a network anomaly detection and mitigation system that uses gated recurrent unit (GRU) neural networks combined with fuzzy logic. The neural network is trained to forecast future traffic, and anomalies are detected when the forecasting fails. The system is designed to operate in software-defined networks since they provide network flow information and tools to manage forwarding tables. We also demonstrate how the neural network's hyperparameters affect the detection module. The system was tested using two datasets: one with emulated traffic generated by the data communication and networking research group called Orion, from computer science department at state university of Londrina, and CICDDoS2019, a well-known dataset by the anomaly detection community. The results show that GRU networks combined with fuzzy logic are a viable option to detect anomalies in SDN and possibly in other anomaly detection applications. The system was compared with other deep learning techniques.</description><subject>Anomalies</subject><subject>Anomaly detection</subject><subject>Control equipment</subject><subject>Cybersecurity</subject><subject>Datasets</subject><subject>Deep learning</subject><subject>Denial of service attacks</subject><subject>Downtime</subject><subject>Feature extraction</subject><subject>Fuzzy logic</subject><subject>gated recurrent unit</subject><subject>Logic gates</subject><subject>Neural networks</subject><subject>Security</subject><subject>Software</subject><subject>Software-defined networking</subject><subject>software-defined networks</subject><issn>2169-3536</issn><issn>2169-3536</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2022</creationdate><recordtype>article</recordtype><sourceid>ESBDL</sourceid><sourceid>DOA</sourceid><recordid>eNpNkUtrWzEQhS-lgQbXvyAbQdd2R9J9SEtjp67BISGu10KPkZHrXrmSXOi_77VvCF2NOHznzIhTVQ8U5pSC_LpYLh93uzkDxuacSgAQH6p7Rls54w1vP_73_lRNcz7CFRmkpruvyoKsdUFHXtFeUsK-kH0fClkhnskWdepDfyBP0eGJlDjIBW0hunfkKZRwGKxkFXJJwVyuKSvsgz6R6MkO059g8Ya-xFSy1T1ZlKLtz_y5uvP6lHH6NifV_tvjj-X32fZ5vVkutjNbgygzdFwYyl0nhGzRW5DaS4vQOQFowAC6xlDHWMdq6oeP61rXzLSNtpwZ7vmk2oy5LuqjOqfwS6e_KuqgbkJMB6VTCfaEyhsvJG2MgxpqxlAKY23Ldec4d-hwyPoyZp1T_H3BXNQxXlI_nK9YK6noGtrAQPGRsinmnNC_b6Wgrm2psS11bUu9tTW4HkZXQMR3hxSs7Rjwf7c0kL0</recordid><startdate>2022</startdate><enddate>2022</enddate><creator>Brandao Lent, Daniel M.</creator><creator>Novaes, Matheus P.</creator><creator>Carvalho, Luiz F.</creator><creator>Lloret, Jaime</creator><creator>Rodrigues, Joel J. P. C.</creator><creator>Proenca, Mario Lemes</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>ESBDL</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>7SR</scope><scope>8BQ</scope><scope>8FD</scope><scope>JG9</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>DOA</scope><orcidid>https://orcid.org/0000-0003-1626-6922</orcidid><orcidid>https://orcid.org/0000-0002-1343-0398</orcidid><orcidid>https://orcid.org/0000-0001-8657-3800</orcidid><orcidid>https://orcid.org/0000-0002-0862-0533</orcidid><orcidid>https://orcid.org/0000-0002-0492-322X</orcidid></search><sort><creationdate>2022</creationdate><title>A Gated Recurrent Unit Deep Learning Model to Detect and Mitigate Distributed Denial of Service and Portscan Attacks</title><author>Brandao Lent, Daniel M. ; Novaes, Matheus P. ; Carvalho, Luiz F. ; Lloret, Jaime ; Rodrigues, Joel J. P. C. ; Proenca, Mario Lemes</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c408t-ed38b13d78896efc09af9ce07d80eb0b0ed5b1d227241f900a4a42b65ac32b3f3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2022</creationdate><topic>Anomalies</topic><topic>Anomaly detection</topic><topic>Control equipment</topic><topic>Cybersecurity</topic><topic>Datasets</topic><topic>Deep learning</topic><topic>Denial of service attacks</topic><topic>Downtime</topic><topic>Feature extraction</topic><topic>Fuzzy logic</topic><topic>gated recurrent unit</topic><topic>Logic gates</topic><topic>Neural networks</topic><topic>Security</topic><topic>Software</topic><topic>Software-defined networking</topic><topic>software-defined networks</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Brandao Lent, Daniel M.</creatorcontrib><creatorcontrib>Novaes, Matheus P.</creatorcontrib><creatorcontrib>Carvalho, Luiz F.</creatorcontrib><creatorcontrib>Lloret, Jaime</creatorcontrib><creatorcontrib>Rodrigues, Joel J. P. C.</creatorcontrib><creatorcontrib>Proenca, Mario Lemes</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE Xplore Open Access Journals</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library Online</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics &amp; Communications Abstracts</collection><collection>Engineered Materials Abstracts</collection><collection>METADEX</collection><collection>Technology Research Database</collection><collection>Materials Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>Directory of Open Access Journals</collection><jtitle>IEEE access</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Brandao Lent, Daniel M.</au><au>Novaes, Matheus P.</au><au>Carvalho, Luiz F.</au><au>Lloret, Jaime</au><au>Rodrigues, Joel J. P. C.</au><au>Proenca, Mario Lemes</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>A Gated Recurrent Unit Deep Learning Model to Detect and Mitigate Distributed Denial of Service and Portscan Attacks</atitle><jtitle>IEEE access</jtitle><stitle>Access</stitle><date>2022</date><risdate>2022</risdate><volume>10</volume><spage>73229</spage><epage>73242</epage><pages>73229-73242</pages><issn>2169-3536</issn><eissn>2169-3536</eissn><coden>IAECCG</coden><abstract>Nowadays, it is common for applications to require servers to run constantly and aim as close as possible to zero downtime. The slightest failure might cause significant financial losses and sometimes even lives. For this reason, security and management measures against network threats are fundamental and have been researched for years. Software-defined networks (SDN) are an advancement in network management due to their centralization of the control plane, as it facilitates equipment setup and administration over the local network. However, this centralization makes the controller a target to denial of service attacks (DoS). In this study, we aim to develop a network anomaly detection and mitigation system that uses gated recurrent unit (GRU) neural networks combined with fuzzy logic. The neural network is trained to forecast future traffic, and anomalies are detected when the forecasting fails. The system is designed to operate in software-defined networks since they provide network flow information and tools to manage forwarding tables. We also demonstrate how the neural network's hyperparameters affect the detection module. The system was tested using two datasets: one with emulated traffic generated by the data communication and networking research group called Orion, from computer science department at state university of Londrina, and CICDDoS2019, a well-known dataset by the anomaly detection community. The results show that GRU networks combined with fuzzy logic are a viable option to detect anomalies in SDN and possibly in other anomaly detection applications. The system was compared with other deep learning techniques.</abstract><cop>Piscataway</cop><pub>IEEE</pub><doi>10.1109/ACCESS.2022.3190008</doi><tpages>14</tpages><orcidid>https://orcid.org/0000-0003-1626-6922</orcidid><orcidid>https://orcid.org/0000-0002-1343-0398</orcidid><orcidid>https://orcid.org/0000-0001-8657-3800</orcidid><orcidid>https://orcid.org/0000-0002-0862-0533</orcidid><orcidid>https://orcid.org/0000-0002-0492-322X</orcidid><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 2169-3536
ispartof IEEE access, 2022, Vol.10, p.73229-73242
issn 2169-3536
2169-3536
language eng
recordid cdi_ieee_primary_9826720
source IEEE Xplore Open Access Journals
subjects Anomalies
Anomaly detection
Control equipment
Cybersecurity
Datasets
Deep learning
Denial of service attacks
Downtime
Feature extraction
Fuzzy logic
gated recurrent unit
Logic gates
Neural networks
Security
Software
Software-defined networking
software-defined networks
title A Gated Recurrent Unit Deep Learning Model to Detect and Mitigate Distributed Denial of Service and Portscan Attacks
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-25T22%3A38%3A59IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_ieee_&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=A%20Gated%20Recurrent%20Unit%20Deep%20Learning%20Model%20to%20Detect%20and%20Mitigate%20Distributed%20Denial%20of%20Service%20and%20Portscan%20Attacks&rft.jtitle=IEEE%20access&rft.au=Brandao%20Lent,%20Daniel%20M.&rft.date=2022&rft.volume=10&rft.spage=73229&rft.epage=73242&rft.pages=73229-73242&rft.issn=2169-3536&rft.eissn=2169-3536&rft.coden=IAECCG&rft_id=info:doi/10.1109/ACCESS.2022.3190008&rft_dat=%3Cproquest_ieee_%3E2691875150%3C/proquest_ieee_%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c408t-ed38b13d78896efc09af9ce07d80eb0b0ed5b1d227241f900a4a42b65ac32b3f3%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=2691875150&rft_id=info:pmid/&rft_ieee_id=9826720&rfr_iscdi=true