Loading…

A Wrapper Feature Selection Based Hybrid Deep Learning Model for DDoS Detection in a Network with NFV Behaviors

Network function virtualization (NFV) is a rapidly growing technology that permits network operators to issue their virtualized network functions (VNFs) with cheaper commodity servers. There are various VNFs, namely firewalls, switches, and virtual routers. However, detecting denial of service (DDoS...

Full description

Saved in:
Bibliographic Details
Published in:Wireless personal communications 2023-11, Vol.133 (1), p.481-506
Main Authors: Tikhe, Gajanan Nanaji, Patheja, Pushpinder Singh
Format: Article
Language:English
Subjects:
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Network function virtualization (NFV) is a rapidly growing technology that permits network operators to issue their virtualized network functions (VNFs) with cheaper commodity servers. There are various VNFs, namely firewalls, switches, and virtual routers. However, detecting denial of service (DDoS) attacked VNFs is challenging as VNF behaviors are complicated and dynamic due to network traffic in the cloud. Therefore, the proposed work implemented an intrusion detection system (IDS) to detect DDoS attacks in the network. The proposed IDS is named a wrapper feature selection-based hybrid deep learning model (WF-HDL). The DDoS detection model undergoes three stages: pre-processing, feature selection, and detection. The pre-processing is achieved by the z-score normalization technique, followed by a wrapper-based feature selection achieved using the Pelican optimization algorithm (POA). Finally, the DDoS attacks are detected using deep auto-encoder-convolutional gated recurrent unit (DAE-CGRU). The proposed model detected the network's normal and attacked VNF behaviors more accurately. It can train different kinds of VNF behaviour models. In the proposed work, two VNF models, a virtual firewall and a virtual router are trained using a CIC-DDoS2019 dataset. The proposed attack detection model achieves high accuracy at 99.69%, precision at 99.03%, recall at 99.07%, f1-score at 99.05%, and receiver operating characteristic curve (ROC curve) at 99.85%.
ISSN:0929-6212
1572-834X
DOI:10.1007/s11277-023-10775-9