Chapter-01

Introduction

1.1. Preamble

Any measure a business takes to stop unauthorized access or unintentional harm to users'
devices, sensitive information, or the network itself is known as network security. Maintaining
the network's functionality and safety for all authorized users is the aim of network security.
One essential component of preserving organizational security is responding to security
incidents. Determining the existence of an event is a crucial step in the security incident
response process. The process of detection can be carried out by employing an intrusion
detection system, performing detection analysis, or receiving reports from end users and other
participants in the company. Security professionals that work in intrusion detection (ID) must
possess a high degree of security knowledge and experience with their organization's systems.
The creation of new methods of networking is being driven by the need for omnipresent
personal communications. Since more and more people are utilizing networks for extended
periods of time, information security has emerged as a critical component of data
communication. Many strategies are used to increase the integrity of the information that's
being transferred. Background, topic discussion, research problems, aims, and thesis
organization are all presented in this chapter.

The volume of information packet transfer and the strain on the networks have increased in
recent years due to the growing need to use the Net in both methods and sectors. Because of
this, even with the abundance of internet security systems—like firewalls, which offer excellent
defence and prevention—the most sensitive data is still susceptible. After the information has
been sent, the firewall systems stop unwanted access to the systems, but they are powerless to
recognize the monitoring. It won't be able to recognize any attempt at compromise. An IDS
should be used to safeguard the network in order to keep it under observation. The intrusion is
defined as a danger to the safety, integrity, and accessibility of resources that may be caused by
unauthorised operators of networks exploiting application vulnerabilities or by authorized
networking operators misusing certain rights. According to the detection methodology, there
are two types of intrusion detection systems: anomaly-based and signature-based. The non-
stored assault was overlooked since the signature-based technique uses pre-stored concepts to
define recognized sorts of attacks. The phenomenon records ordinary activity on the networks
and builds a reference file, but any anomaly arising from these activities indicates the presence
of an assault. Many of the features of data from networks are redundant and unhelpful. One of
the trickiest issues is examining both aspects, which frequently takes time. It is therefore not
necessary to use most of the IDS features. Moreover, this kind of feature degrades the
performance of the detection network. It therefore makes an effort to select traits that improve
efficiency.

Intrusive detection is a technique for identifying actions intended to obtain unauthorized access
to a computer system. An assailant could originate internally or externally. The network
providers mentioned above are authorized to do certain things. Having stated that, they continue
to abuse their valid login credentials in order to unapproved entry. The initial set of controllers
is attempting to obtain unauthorized access to the machine description [8]. A structure for threat
detection collects and evaluates different types of networks or host information, including
phone service, document mechanism updates, mobility data, and packages with headers. The
data collected by the networks is provided by the analytical methodology in the detection of
intrusions method. This methodology looks for intrusions and discrepancies in the data. If the
IDS device detects a threat, it notifies the system controller by sending a warming document.

Figure 1.1 Effective DDOS assault operation [10]

DDOS is the main architecture that is proposed. One of the greatest and most potent tools in
the arsenal for network warfare is the DDoS attack. It indicates that hackers tried to overload
or crash systems or platforms in order to render them inaccessible. As demonstrated in Figure
1.1, the DDOS problem can be represented with an effective model. Attacks such as Distributed
Denial of Service (DDoS) exploit the advantages of accessing several attack source machines
to target server connectivity. A denial-of-service (DDOS) attack is defined as an attempt by the
user to acquire access to several networks via control and command (C & C) and make an effort
to trigger a denial of service. The principal aim of the intruder is to cause a device or server to
malfunction by sending out repeated requests for data. The control and command (C & C)
method is used by DDOS to gain access to servers and applications. C & C-influenced networks
are known as botnets or zombie networks. The person in command of the botnet algorithms is
a hacker. Figure 1.1 shows the organizational structure of a DDoS attack.

1.2. Threats from Cyberspace

An attack using network resources can occur when an attacker uses the victim's system's
network to carry out malicious behavior. in order for it to obtain access to the victim's service
request. According to Kirutika and Subbulakshmi (2017), there are a few different kinds of this
kind of attack:

1.0.1 Denial-of-service (DoS) and Distributed Denial-of-Service (DDoS) attacks

A denial-of-service attack overloads system capacity, making it unable to process new requests
for service. A denial-of-service (DDoS) attack is a similar assault on a system's resources, but
it originates from numerous host computers that have been compromised by malicious software
under the attacker's control. DoS and DDoS assaults come in several forms, but the most
popular ones are botnets, TCP SYN flood attacks, teardrop attacks, smurf attacks, and ping-of-
death attacks.

1.0.2 Man-in-the-middle (MitM) attack

When a hacker gets in the way of a client's or server's communication, it's known as a MitM
attack. Man-in-the-middle attacks frequently take the form of replay, IP spoofing, and session
hijacking.

1.0.3 Phishing and spear phishing attacks

The act of sending emails that seem to be from reliable sources in an attempt to get personal
information or persuade recipients to take action is known as phishing. It blends technological
deceit with social engineering.
1.0.4 Drive-by attack

Drive-by assaults are a popular malware distribution technique. Hackers search for vulnerable
websites and insert a malicious script into a page's PHP or HTTP code. This script has the
potential to either infect a user's computer with malware directly or send them to a website
under the hackers' control.

1.0.5 Password attack

One can find out someone's password via searching around their workstation, utilizing social
engineering, "sniffing" the network connection to discover unencrypted passwords, getting
access to a password database, or just guessing. Since passwords are the most widely used
method of user authentication in information systems, cracking passwords is a popular and
successful attack strategy.

1.0.6 SQL injection attack

When a malefactor uses input data from the client to the server to perform a SQL query against
the database, this is known as SQL injection. Predefined SQL instructions are executed by
inserting them into data-plane input. If a SQL injection exploit is successful, it can read private
information from the database, alter it (insert, update, or delete data), and carry out
administrative tasks like shutting it down.

1.3. Distributed Denial of Service Attack

Intrusion is the term used to describe any series of connected acts carried out by a hostile
adversary that leads to the compromise of a target system. According to Ramamurthy et al.
(2011), intrusive actions are extensively scalable for the identification of DOS and DDOS
assaults and are grouped according to the type of attack.

Among these four types of intrusions, denial-of-service (DDOS) and brute-force (DDOS)
assaults are the most common. They either flood or abuse computer and communication
resources to render the system unusable for authorized users. Significant amounts of data,
money, and resources are lost as a result.

When several systems overwhelm the bandwidth or resources of a targeted system, which
consists of one or more web servers, a distributed denial-of-service (DDoS) assault takes place.
A number of hacked systems inundating the targeted system with traffic is a common cause of
this kind of assault. Distributed Denial of Service attacks are distinct from other types of
assaults in that they aim to harm Internet-connected resources through the use of an effective
attack.

1.3.1. DDOS Attack’s Phases

There are two stages to DDOS attacks (Omkar et al., 2015). The attacker first attempts to get
access to the network's weaker computers. Hacker/master: Using compromised hosts from other
networks, he creates his own network and refers to them as slaves. "Intrusion phase" is the term
for this. After deciding on the victim host or node, the attacker begins directing packets in the
victim's direction. DDOS assaults are unique in that, unlike DOS attacks, they originate from
several dynamic networks that have already been hacked, rather than from one server or
network. The term "DDOS attack phase" refers to this.

Based on how they operate, DOS and DDOS assaults are often divided into three groups (Ali
et al., 2019). These include attacks that rely on connection usage, attacks that rely on bandwidth
consumption, and attacks that exploit vulnerabilities.

Figure 1.1: SYN Flood Attack

1.3.1.1. Connection Consumption Based Attacks

One connection-oriented protocol is Transmission Control Protocol (TCP). Prior to data

exchange, it creates a connection between the server and the client. A finite amount of
connection requests can be accepted and processed by any server or computer. In order to
prevent authorized users from using the service offered by the company, the attacker creates a
large number of connections with the server or target computer. The kernel of the operating
system gets consumed by these kinds of attacks.

Resources needed to build a connection. Among the often-utilized attacks that fit within this
category is the SYN Flood attack. The SYN Flood attack, which creates a large number of
partially open TCP connections and depletes the connection pool, is illustrated in Figure 1.1.
Because of the way it operates, slow network connections can be used to slow down a cluster
of servers.

Figure 1.2: Attack depending on bandwidth utilization

1.3.1.2. Bandwidth Consumption Based Attacks

There is a bandwidth limit on every network. The reaction time of server and other machines
on the network is deteriorated if there is an excess of network traffic above the bandwidth limits
of the network. DOS and DDOS assaults are launched by taking advantage of this primary
bandwidth. As seen in Figure 1.2, the attacker utilizes preconfigured handler computers to
manage a large number of configured zombie computers connected to the internet in order to
create a massive flood. The most popular attack in this category is the UDP flood.

1.3.1.3. Attacks that Exploit Vulnerabilities

The attacker locates and takes use of the target system's weaknesses to cause it to malfunction
or operate more slowly. Since the attacker perfectly mimics the behavior of a legal user, these
attacks are extremely difficult to detect. Figure 1.3 illustrates how Slow HTTP Request attacks
cause portions of an HTTP header to be delivered to the HTTP server at a very slow rate,
increasing the amount of time needed to serve a single request.

As a result, the resources are used for a longer period of time. In a slow read attack, the attacker
notifies the server of a tiny TCP window size after requesting a huge file from it. In response,
the server reserves resources for an extended period of time and sends data to the client at a
slow rate. A big cluster of servers with machines that have dial-up or sluggish connections may
become slower as a result of such attacks.

Figure 1.3: A sluggish HTTP attack using a vulnerability

Figure 1.4: System for Detecting Intrusions

1.4. System for Detecting Intrusions

Network intrusion detection systems, or IDSs, are a class of security software that are intended
to automatically notify administrators when hostile activity or policy violations attempt to
breach an information system. It is a defensive mechanism and proactive monitoring system
that guards vital IT infrastructures against harmful activities that could jeopardize vital
applications and sensitive data through cyberattacks. IDS often keep an eye on, gather, and
examine network traffic, user activity, and logs in order to spot unusual activity. When there is
a risk of exposure due to an attack, an IDS can send out an early alarm.

1.4.1. Host-Based IDS (HIDS)

A system for intrusion detection that watches the network of computers that it is installed on,
analyzes traffic, and logs malicious activity is known as a host-based IDS. Additionally, HIDS
provides deep visibility by unambiguously keeping an eye on the systems' vital security.

1.4.2. Network-Based IDS (NIDS)

An intentional location is used for a network-based intrusion detection system (NIDS), a tool
for monitoring network traffic. It examines subnet traffic and finds intrusions in the guise of
known attacks.

Any activity that deviates from the typical usage patterns or profile will be flagged as an
intrusion by anomaly-based detection. Anomaly detection can identify undiscovered assaults,
but it also has the risk of producing a large number of false alarms.

1.4.3. Obstacles IDS Faces

IDS do not have the necessary incident response capabilities. Rapid remediation can be
challenging to accomplish since there is sometimes a significant gap between the individuals in
charge of monitoring warnings and those in charge of infrastructure management in many
organizations. A significant issue that IDS encounters is the vast quantity of false positive alerts
that are incorrectly categorized as regular traffic because of security breaches. False or pointless
warnings are not generated by an ideal IDS. It was discovered that, in reality, signature-based
intrusion detection systems generate a higher number of false alarms than anticipated. This is a
result of the extremely generic signatures and absence of an internal verification mechanism to
confirm the attack's success (Hung et al., 2013). Remedial action for real positives (i.e.,
successful attacks) is labor-intensive and delayed due to the large number of false positives in
the alert log.

The Intrusion Detection System (IDS) has developed into a potent instrument for spotting
suspected attacks by monitoring harmful activity and sending out notifications. Due to the
nonlinear behavior of the intrusions, network traffic is unpredictable on the system. The security
concept of confidentiality, integrity, and availability is violated by intrusions and/or assaults
such as spoofing, traffic analysis, cyberattacks, and other detrimental weaknesses, which is why
an intrusion detection system (IDS) is required. The Intrusion Detection System (IDS) is
divided into two main categories: anomaly-based and signature-based. Another name for the
signature-based intrusion detection system is a misuse-based detection system. This method
looks for matches in the signatures of the recognized activities and sends out an alert whenever
one is discovered. As a result, these systems have a low false alarm rate and can diagnose
perceived threats. Systems that rely on anomalies are vulnerable to zero-day attacks. This
method looks for patterns and sounds an alert.

Host Based Intrusion Detection System (HIDS) and Network Based Intrusion Detection System
(IDS) are two more subtypes of intrusion detection systems (IDS). The former monitors
individual hosts and generates warnings based on host actions, log files, application logs, and
local host system calls. Network NIDS, on the other hand, keeps an eye on all network traffic
flowing through the system; if it detects any malicious activity that coincides with known
network assaults, an alarm is triggered and forwarded to the administrator, who may then take
the necessary action. based on log files, application logs, local host system calls, and other host
activity, raises the alarms. Network NIDS, on the other hand, keeps an eye on all network traffic
flowing through the system; if it detects any malicious activity that coincides with known
network assaults, an alarm is triggered and forwarded to the administrator, who may then take
the necessary action. The system's complexity rises as the number of characteristics does as
well. As a result, the IDS finds it challenging to review the substantial amount of data.

1.5. Methods for Detecting Network Anomalies

Finding aberrant or abnormal data in a dataset is a crucial part of the data analysis process
known as anomaly detection. Finding captivating and uncommon patterns in data makes it an
intriguing field of data mining research. It is also known as the detection of outliers, novelty
identification, deviation detection, and exception mining. It has been extensively researched in
the fields of statistics and machine learning. Numerous application domains, including the
processing of images, sensor networks, industrial damage, fraud detection, public health,
medical including public well-being, robot behavior, and astronomical data, have seen
extensive use of it. Figure 1.5 shows the general structure for anomaly detection.

Because the input data are of diverse types—for instance, IP addresses are stacked, protocols
are categorical, and port numbers are numerical—processing is necessary. Methods of
processing are according to the distinct anomaly detecting methods. Next, the data is subjected
to anomaly detection algorithms, which can be broadly divided into two categories: supervised
and unsupervised. Two methods are employed to evaluate the output: labels or scores.

Figure 1.5: A general structure for network anomaly detection

1.5.1. Problems with Anomaly Detection

Despite the seemingly simple nature of network anomaly identification, we must identify the
data that deviate from typical behavioral patterns. The research hurdles are as follows,
notwithstanding the wide range of available approaches (Xiaoling et al., 2018). Absence of an
anomaly detection method that can be used everywhere; for instance, an intrusion detection
method in a wired network may not be very useful application within a wireless mesh. Data
contains noise, which makes it challenging to separate as it frequently represents a genuine
anomaly. insufficient tagged data collection available to the general public for use in detecting
network anomalies. Given the dynamic nature of normal activity, it is possible that present
intrusion detection algorithms will become obsolete in the future. Because the invaders are
already aware of the current procedures, there is a need for more advanced and novel
approaches.

Figure 1.6: Techniques for Classification of Network Anomaly Identification

1.5.2. Classification Of Network Anomaly Identification Methods

Techniques for detecting network anomalies rely on the in-depth expertise of experts. The
detection system may identify an assault with an established pattern as soon as it is initiated
when an internet expert supplies the characteristics. As a result, picture illustrates the structure
of classification for network detecting anomalies techniques, which is dependent on the type of
algorithms utilized. Establishing a suitable categorization scheme for network anomaly
detection systems and approaches is a challenging task, mainly due to the significant overlap
between the techniques employed in different classes within the specific schemes that are
chosen. Four main classes of methods and systems have been selected. According to Xiaodan
et al. (2019), we refer to them as information theory based, statistical based, clustering and
outlier based, and classification based. These technique classes can be described in more detail
in the subsections below.

1.6. Scope of Study

The IT industry faces a serious security risk from DDoS attacks. By obstructing normal traffic,
hundreds of thousands of vulnerable machines would quickly overwhelm the victims' websites.
DDoS assaults are dangerous, network-based operations that deplete user energy or network
bandwidth. A DDoS assault is defended against using a number of particular security indicators.
While several academics have put forth strategies to counter denial-of-service (DDOS) attacks,
such as halting the attack, retracing the attack, responding to the attack, identifying the attack,
and characterizing the attack, the likelihood of DDOS attacks is rising every year. A
comprehensive solution for DDoS attacks is required, as opposed to a specialized one that
addresses the past and possible flaws of DDoS attacks. Understanding every component that
can enable hackers to create zombies and conduct a DDoS assault is necessary in order to
construct such a solution. The best solution to this puzzle up to this point has been disregarded.
Although specific signature and anomaly-based methods have been employed in the past to
identify DDoS threats, very few of them have concentrated on the existence of anomalies.
Despite having a high detection accuracy and fewer errors, most recognition algorithms lack
reliable real-time recognition. The definition of known threats was the main goal of this topic's
research in order to give students a better knowledge of denial-of-service attacks.

1.7. Motivation

An essential part of networks is cyber security. A robust network intrusion detection system is
needed to move data from a single system to another without any intrusions. While several
intrusion detection systems (IDS) can identify network intrusions, their efficacy is limited by
factors such as prediction accuracy and detection latency.

The current research study was driven by two factors: the adoption of machine learning-based
intrusion detection systems to detect network intrusions. Optimized weight is passed through
the layers of an artificial neural network (ANN) to shorten the training time while classifying
data as normal and attacked. Even though various intrusion detection systems are built using
machine learning models to identify network intrusions, those models have constraints during
the ANN's training phase. A well-organized technique is required to improve the weight in
artificial neural networks in order to identify intrusions in the network, taking into account the
implementation pain spots and obstacles of current intrusion detection systems.

DDoS threats, also known as distributed denial of service attacks, are among the most popular
network cyberweapons used exclusively for personal gain by anyone in today's world, from
organizations and hackers to irate gamers and thrill-seekers. The threats prevent users from
accessing websites and servers or take them offline completely by using incorporated internet
technologies like zombies as well as servers or Internet of Things bot network infrastructure
that overwhelm users with web traffic. DDOS attacks aim to take network connections offline
on a chosen server or servers until the network's amenities are no longer operational, despite
the fact that their social and personal motivations can differ. DDoS targets range from
individuals to corporate entities and organizational agencies, including stock exchanges, banks,
e-commerce sites, gaming websites, credit agencies, and network service providers.

On the other hand, one can comprehend the losses in terms of money, privacy, or policymaking
if they are able to view this component of the DDOS danger from a corporate or personal
perspective. Although it may appear simpler, these attacks have the potential to cause structural
and intellectual disruption to persons or organizations. It is more important to identify the
remedies in order to counter such attacks. In the same case, solving this problem won't be so
simple without first understanding the many causes or features of DDOS threats. This
circumstance inspired and made it clear how important it is to examine the different kinds of
threats that are connected to denial-of-service attacks. While recognizing the DDOS threat may
be the primary goal of the study, classifying and evaluating the different DDOS threat types are
equally important components of this investigation. By analyzing several aspects of the DDOS
threat, this research produces recommendations that can be used to counteract these threats and
ultimately provide the best potential solution.

However, the security problems associated with its use prevent it from being widely adopted,
even in spite of the advantages in terms of adaptation, cost savings, and support for new
services. Currently, there are no universal methods available for identifying network-based
attacks because the amount of data being generated is growing daily. Certain intrusion detection
systems have been created that can manage data streaming in real time. These systems of
detection are designed to operate in scenarios with a restricted variety of network connections.
Certain methods identify new assaults, but they also take a lot of memory processing capacity
and have significant false positive rates. As a result, these are inappropriate for networks with
various connection types.

1.8. Organization of the Thesis

• Chapter 1 Introduction, objectives and scope of the research work, challenges and
strategies for the detection of anomalies in DDOS attack was discussed. The remaining
thesis is organized as follows.

• Chapter 2 reviews about the contribution made by the researchers for various Intrusion
Detection Systems (IDS), anomaly detection in network using supervised and
unsupervised machine learning algorithms, DDOS attack detection using data mining
techniques, and cryptographic schemes-based data securing. The gaps were identified and
the objectives of the research study and motivation were stated.

• Chapter 3 discussed the proposed model of Intrusion detection system using Machine
learning technique which uses the (i) Optimized weight in DLNN, to detect the DDoS
Attack, (ii) to store the data in network MCSA-ECC method is used.

• Chapter 4 discusses the results obtained from (i) Optimized Deep Learning Neural
networks detects the DDoS attack as normal and attacked data using the classifier
evaluation in confusion matrix (ii) to evaluate the performance of ODLNN, performance
metrics compared (iii) to predicts the accuracy of the DDoS detection parameters of the
performance used.

• Chapter 5 discusses the Interpretation of algorithm results and compares the present
results with the state-of-the-art methods.

• Chapter 6 summarizes the findings of the study and how the study fills the gap. discusses
the benefits of application and future enhancements.

1.9.
Chapter-02
 Literature Review

2.1. Preamble

Network safety procedures are set up to safeguard information, facilitate regulatory compliance,
preserve consumer privacy, and establish standards for user and device authentication. Network
security has emerged as a key concern for many internet users and experts as the need for
network systems rises. Thus, it is essential to provide an efficient intrusion detection system in
order to safeguard the network data.

A system that detects intrusions assists in identifying needless data alterations made by hostile
attackers in computer system files (Liao et al., 2013). A network system's intrusion detection
system can be used to identify a variety of attacks, the most common of which is the Distributed
Denial of Service attack, which has the potential to undermine the network system's security
and credibility. Such assaults result in server-based attacks such privilege violation and
unauthorised logins, as well as vulnerabilities in network services and data driven alteration by
applications. By monitoring system activity and categorising it as either regular or anomalous,
a system based on anomaly detection can identify computer and network intrusions as well as
misuse. The primary difficulty in anomaly detection lies in choosing the right classification and
detection strategy to minimise false positives and boost accuracy.

In contrast to other techniques utilised in detecting network intrusions, anomaly-based intrusion

detection systems (IDS) that incorporate intelligent method of classification for the detection
of denial-of-service (DDOS) attacks have been shown to be successful at intrusion detection,
despite the fact that many methods have been put forward in the literature on security in
networks in recent years. This chapter offers a thorough analysis of the literature on anomaly-
based intrusion detection systems for denial-of-service attacks, along with pertinent debates.

2.2. Literature Review

Distributed denial of service (DDoS) assaults is becoming a more serious danger to

organizations and governmental institutions, according to Sheeraz Ahmed et al. (2023). They
hurt company branding, restrict access to information and services, and hurt online companies.
Because they mimic real users, attackers deploy application layer DDoS attacks, which are
difficult to identify. We analyze the properties of incoming packets, such as the size of HTTP
frame packets, the number of Internet Protocol (IP) addresses sent, port mappings that are
constant, and the number of IP addresses utilizing proxy IP, in order to combat unique
application layer DDoS attacks in this study. Using standard datasets, the CTU-13 dataset, real
weblogs (dataset) from our organization, and experimentally constructed datasets from DDoS
attack tools (Slow Lairs, Hulk, Golden Eyes, and Xerex), we examined client behavior in public
attacks. Metrics-based attack detection is assessed using a deep learning method called a
multilayer perceptron (MLP). The suggested MLP classification system has a 98.99% detection
efficiency for DDoS attacks, according to simulation findings. In comparison to conventional
classifiers such as Naïve Bayes, Decision Stump, Logistic Model Tree, Naïve Bayes
Updateable, Naïve Bayes Multinomial Text, AdaBoostM1, Attribute Selected Classifier,
Iterative Classifier, and OneR, our suggested technique yielded the lowest value of false
positives, at 2.11%.

Distributed denial of service (DDoS) assaults is a serious cybersecurity threat to computer

networks, according to Mohammad Najafimehr et al. (2023). Creating a strong defence against
these attacks is essential, but difficult because of the variety of attack methods, heterogeneity
of networks and computing platforms, and intricate communication protocols. Furthermore, the
development of novel DDoS attack techniques poses a serious risk to the effectiveness of
current defences. Numerous machine learning approaches have demonstrated potential in
identifying DDoS assaults with high detection rates and low false-positive rates. This survey
study provides a thorough taxonomy of machine learning-based techniques for identifying
DDoS attacks, as well as an analysis of the associated difficulties and a discussion of supervised,
unsupervised, and hybrid approaches. up addition, we examine pertinent datasets, stressing their
advantages and disadvantages, and suggest avenues for future study to fill up the gaps in this
field. The purpose of this paper is to give readers a thorough grasp of DDoS attack detection
mechanisms so that academics and practitioners can create cybersecurity defences against these
types of attacks. Because DDoS attacks are multifaceted and a serious threat to computer
networks, this research is crucial because several machine learning algorithms have
demonstrated promise in identifying them. Among its ramifications are insights that can guide
the creation of strong defences against DDoS attacks.

Mahmood A. Al-Shareeda et al. (2023) Distributed denial of service (DDoS) assaults pose a
severe danger to internet security. A denial-of-service attack (DDoS) aims to stop legitimate
users from utilizing a service by sending a massive number of messages or requests to the
central server, overloading it to the point of failure. This attack is dangerous because it relies
on a large number of bots that are controlled (infected) by a single botmaster using a fictitious
IP address. It also requires little effort or extra tools. This paper will go over some machine
learning (ML) and deep learning (DL) strategies for detecting and assessing DDoS attacks. To
help decide when to employ which of these techniques, this study also compares and analyzes
the important differences between ML and DL techniques.

İsa Avcl et al. (2023) The Internet of Things (IoT) in smart buildings is expanding at a rapid
rate, which makes it necessary to continuously assess potential dangers and their consequences.
Innovative solutions are required since traditional techniques are becoming less and less
effective at assessing risk and reducing related hazards. IoT cybersecurity solutions are essential
for many facets of daily life, not just Building Management System (BMS) applications.
assaults using botnets to perform Distributed Denial of Service (DDoS) assaults against key
BMS software can seriously jeopardize assets and user safety. In this research, we offer a novel
technique that combines the support vector machine (SVM) algorithm, an artificial neural
network (ANN) predictor, and the Slime Mould Optimization technique (SMOA) for feature
selection. In the context of BMS, our improved algorithm estimates DDoS attack risk variables
with an exceptional accuracy of 97.44%. It also demonstrates an astounding 99.19% accuracy
rate in anticipating DDoS attacks, thereby averting system interruptions, and handling cyber
threats. We do a comparative analysis with the K-Nearest Neighbour Classifier (KNN), which
produces an accuracy rate of 96.46%, in order to further validate our work. The Canadian
Institute for Cybersecurity (CIC) IoT Dataset 2022 is used to train our model, which allows for
behavioural analysis and vulnerability testing on a variety of IoT devices using several
protocols, including IEEE 802.11, Zigbee-based, and Z-Wave.

In comparison to traditional networks, software-defined networking, or SDN, offers

programmability, manageability, flexibility, and efficiency (Naziya Aslam et al., 2024). These
result from the control and data planes of an SDN being separated or operating independently
of one another. The centralized structure of SDN and the decoupling of two planes improve
defence against DDoS attacks by making it simpler to set network device regulations. The
controller's global network view is responsible for its capacity to filter network traffic and
identify harmful flows. Although the separation of the control and data planes had many
advantages, it also presented a new difficulty because of its vulnerability to DDoS attacks. One
of the biggest risks to SDN is DDoS attacks, in which the attacker interferes with ordinary users'
services. When it comes to detecting DDoS attacks, machine learning (ML) and deep learning
(DL) have proven to be superior to statistical or policy-based approaches. A comprehensive
taxonomy of DDoS defence systems has been developed by us. 132 of the 260 research articles
that we surveyed focused on ML- and/or DL-based methods for detecting DDoS attacks in
SDN. We go over the previous studies that have used feature selection algorithms on the dataset
to identify the most useful and ideal attributes for DDoS attack detection. We showcase the
characteristics of many publicly accessible DDoS datasets. Additionally, we make the case that
feature selection techniques should be used after SDN-specific datasets have been created in
order to improve DDoS attack detection. In conclusion, we outline the research issues related
to SDN security that may aid future studies and the creation of fresh approaches to SDN
security.

Distributed Denial of Service Attacks are currently the most dangerous cyber threat, according
to Kimmi Kumari et al. (2022). The impacted server slows down its resources, such bandwidth
and buffer size, by making it more difficult for it to serve legitimate clients. This work proposes
a mathematical model for distributed denial-of-service attacks. To identify assaults and typical
situations, machine learning algorithms like Logistic Regression and Naive Bayes are
employed. The experimental study makes use of the CAIDA 2007 Dataset. This dataset is used
to test and train machine learning algorithms, and the results validate the learned algorithms.
The Weka data mining platform is employed in this investigation, and the outcomes are
analyzed and contrasted. The current study is contrasted with alternative machine learning
methods utilized in relation to denial-of-service attacks.

Sharmin Aktar et al. (2023) Various network assaults have been on the rise lately as a result of
the cyber world's widespread use and expansion. One of the most dangerous dangers to the
Internet today is the distributed denial-of-service (DDoS) assault, in which the attacker
bombards the target system with enormous volumes of packets in an attempt to prevent
authorized users from accessing online services. To protect against these threats, accurate attack
detection measurement is essential. In order to identify abnormalities, a contractive
autoencoder-based deep learning model is proposed in this research. Using the compacted
representation of the input data, we train our model to identify the typical traffic pattern. To
identify the attack, we subsequently employ a stochastic threshold technique. CIC-IDS2017,
NSL-KDD, and CIC-DDoS2019 are three well-known intrusion detection system datasets that
were used in the evaluation process. To demonstrate the effectiveness of our model, we have
compared the outcomes with those of a simple autoencoder and various deep learning
techniques. Our findings show that the suggested method successfully detected intrusions on
the CIC-DDoS2019 dataset, with an accuracy ranging from 93.41% to 97.58%. Furthermore,
using the NSL-KDD and CIC-IDS2017 datasets, it obtained accuracy rates of 96.08% and
92.45%, respectively.

Software-defined networking (SDN), according to Bahashwan AA et al. (2023), is a ground-

breaking advancement in network technology with a number of appealing advantages, such as
flexibility and manageability. Notwithstanding these benefits, distributed denial of service
(DDoS) attacks can compromise SDN, and because of the damage they can cause to the SDN
network, they pose a serious risk. Even with a variety of security techniques, DDoS attack
detection is still an open research problem. In order to methodically examine and critically
evaluate the current DDoS attack strategies based on machine learning (ML), deep learning
(DL), or hybrid approaches published between 2014 and 2022, this study offers a systematic
literature review (SLR). To thoroughly cover pertinent studies, we used eight internet databases
and a predetermined SLR technique, which we followed in two steps. Seventy studies are
recognized as definite primary research after two steps of automatic and manual searching. The
trend suggests that over the past few years, there has been a significant increase in the number
of studies on SDN DDoS attacks. The investigation revealed that single, hybrid, and ensemble
ML-DL are the main methods used in the detection techniques now in use. To test those
methodologies, private generated datasets are most commonly utilized, followed by unrealistic
datasets. Furthermore, the review makes the case that further attention is needed to address the
unresolved problems and unanswered questions raised in this SLR because of the paucity of
available material.

According to Devrim Akgun et al. (2022), when communicating across a network, data is
subject to several threats. Finding network communication intrusions is becoming more and
more important. Researchers create efficient intrusion detection systems by using machine
learning techniques. In this work, we suggested an intrusion detection system that detects DDoS
attacks using a deep learning model and preprocessing steps. In order to do this, a number of
models built on Long Short-Term Memory (LSTM), Convolutional Neural Networks (CNN),
and Deep Neural Networks (DNN) have been assessed for real-time and detection performance.
We used the CIC-DDoS2019 dataset, which is widely used in the literature, to test the proposed
model. To the CIC-DDoS2019 dataset, we used preprocessing methods such feature removal,
random subset selection, feature selection, duplication removal, and normalization. Better
recognition performance was thus attained for the testing and training assessments. The CNN-
based inception-like model produced the best results among the suggested models, with 99.99%
for binary and 99.30% for multiclass accuracy, according to the test findings. In addition, the
suggested model's inference time appears promising for different test data sizes when compared
to baseline models with less trainable parameters. When compared to state-of-the-art
investigations, the suggested IDS system and the preprocessing techniques yield superior
results.

Sidra Abbas et al. (2024) The Internet of Things (IoT) is a rapidly emerging technology that has
great promise for addressing various societal issues. It is expected to play a major role in the
future. The ability to control and monitor physical items via the Internet forms the basis of the
Internet of Things. Because more aspects of the IoT network architecture can be accessed
online, it is more susceptible to attackers and hackers. The intricacy of cyberattacks has
increased, making both public and private sector entities more vulnerable. They damage
company branding, jeopardize Internet operations, and impose restrictions on data and facility
access. Because machine learning (ML) and deep learning (DL) have so much potential across
a wide range of fields, businesses and academics are thinking about utilizing them to prevent
cyberattacks. A number of deep learning techniques are applied to extract different patterns
from numerous annotated datasets. When it comes to identifying cyberattacks, DL is a useful
technique. Thus, it is now more important than ever to separate and detect network data early
in order to mitigate intrusions. The study uses a variety of deep-learning model types, such as
recurrent neural networks (RNNs), convolutional neural networks (CNNs), and deep neural
networks (DNNs), to detect cyberattacks on various network traffic streams. The effectiveness
of the suggested strategy is evaluated using the CICDIoT2023 dataset from the Canadian
Institute for Cybersecurity. Data preprocessing, reliable scalar and label encoding methods for
categorical variables, and deep learning models for model prediction are all included in the
suggested approach. The results of the experiment show that the RNN model had the highest
accuracy, at 96.56%. According to the test results, the suggested strategy for spotting
cyberattacks in a real-world Internet of Things environment is more effective than alternative
approaches.

Meenakshi Mittal et al. (2022): Technology is becoming an essential aspect of living in the
modern world. In actuality, everything has moved from offline to online during the Covid-19
pandemic, including businesses and educational institutions. As a result, attacks and incursions
using Internet-based technology proliferate exponentially. The Distributed Denial of Service
(DDoS) assault is a deadly danger that can quickly bring down Internet-based services and
applications. Because the attackers are always changing their skill techniques, they manage to
avoid detection by the current systems. The amount of data created and stored has multiplied,
making it impossible for conventional detection techniques to identify new DDoS attacks. In
order to detect DDoS, this study thoroughly explores the important literature, particularly in the
field of deep learning. For the purpose of looking for contemporary literature, the writers have
investigated four widely used digital libraries (IEEE, ACM, ScienceDirect, and Springer) as
well as one academic search engine (Google Scholar). After a thorough analysis of pertinent
literature, the results of the SLR were divided into five main research areas: (i) the various deep
learning approaches for detecting DDoS attacks; (ii) the approaches, advantages, and
disadvantages of these approaches; (iii) benchmarked datasets and attack classes in the datasets
used in the literature; and (iv) the preprocessing strategies, hyperparameter values, experimental
setups, and performance metrics used in the literature.

There are further difficulties with distributed cloud computing and its reliance on internet
access, according to Marram Amitha et al. (2023). As per the cloud service providers, these
assets provide a great deal of flexibility and may be accessed via the Internet utilizing
commonly used formats, protocols, and needs for networking. assaults that seriously damage
the cloud and reduce its performance are common, and include distributed denial of service
assaults. Firewalls and other conventional methods of detection are not effective in identifying
internal threats. Because of the growing volume of data generated and stored, attackers
regularly alter their skill schemes, making it difficult for traditional detection tools to spot new
DDoS attacks. Artificial neural networks of the radial basis function (RBF) type are frequently
employed for problems involving function approximation, pattern recognition, and
classification. They are not commonly employed directly within convolutional neural networks
(CNNs) for DDoS (Distributed Denial of Service) detection, despite their use in a variety of
domains. In order to improve the overall security of cloud computing infrastructures, this
research provides a hybrid model of Radial Basis Function (RBF) and LSTM networks-based
technique for DDoS attack detection and mitigation. The efficacy of our suggested approach in
detecting DDoS attacks and lessening their effects on cloud systems is assessed using the
benchmark dataset CICDDoS2019.
According to Li Xinlong et al. (2022), a Distributed Denial of Service (DDoS) attack happens
when a network or server receives a high volume of traffic directed at it from hundreds,
thousands, or even millions of other computers with the intention of crashing the system and
interfering with its operation. These kinds of attacks are frequently used to momentarily stop
websites or applications. It is frequently necessary to use models that can handle the time
information present in network traffic flows to solve such issues. Using any dependencies
between the various components of a data stream, we employ a Hybrid Deep Learning
technique in this study to detect fraudulent web traffic in the form of DDoS attacks, managing
the web flow of information reaching a server. A novel and state-of-the-art hybrid Hierarchical
Temporal Memory (HTM) model has been put forth. This model's functioning is mostly based
on the neocortex, a region of the cerebral cortex. The perception of senses, language
understanding, and motor control are among the basic brain activities that are controlled by the
neocortex. An LSTM shell is added to the hybrid implementation in order to enable it to encode
time sequences that include incoming data.

Rao, G. S. et al. (2023) DoS attacks are a serious problem for network security. Computer
networks and the internet are indispensable to our day-to-day activities and enterprises. Harmful
acts have increased in tandem with our reliance on technology and communication networks.
Modern communication is plagued by network dangers. Network traffic flow needs to be
watched out for malicious behavior and attacks in order to maintain networks operating
efficiently and users' data secure. Attacks known as denial-of-service (DoS) are designed to
take down a website, web service, or network server. DDoS and DoS attacks can target
computer networks and services. Maybe the easiest DDoS attack is flooding. DDoS attacks
send enormous volumes of pointless data to a site or network. The goal of the study is to secure
the network, preserve service continuity, and fortify network infrastructures against various
attacks. Attacks known as denial-of-service (DoS) block the access and usage of information
systems and resources by authorized users. Figure B illustrates DoS/DDoS assaults with UDP,
ICMP, and the more common TCP flood attacks. These strikes need to be identified right away
and terminated. During COVID-19, schools and businesses went online. Traditional Machine
Learning-based DoS/DDoS attack detection techniques are ineffective due to the massive
amount of data that is generated and kept. SVM, MLP, and LSTM algorithms are used in this
work for deep learning. The Deep Learning model that has been suggested can differentiate
between network attack activity and regular traffic by learning and constructing binary and
multiclass classification models. We search traffic patterns and data for anomalies and attack
signals. Our deep learning model is thoroughly and precisely examined. During detection, the
system looks for routine network data or attacks. This model finds things 97% of the time with
the use of the MLP Algorithm. Performance comparison of the proposed system is done using
LSVM ML classification. The topic of this essay is traffic behavior. Traffic filtering was also
used in this investigation to get rid of suspicious or attack-signature traffic. Next, we used rate-
limiting to restrict traffic coming from designated sources and places. Network packet data is
captured for analysis and repair using Linux Sniffer and Python SCAPY. compared the analysis
and mitigation of packet capture using Scapy and Wireshark. The study looks at how to prevent
network DoS/DDoS attacks. These methods identify and counteract flood-related denial-of-
service attacks to maintain network security and system functionality. You have to constantly
research and create new strategies in order to stay on top of DoS attacks and the threat
landscape.

Tennakoon C. et al. (2022) Distributed denial of service (DDoS) attacks are a significant danger
in the field of cybersecurity because they can interfere with legitimate users' access to online
services, thereby affecting their availability. The potential financial ramifications of such
attacks are enormous, as the high availability of internet services is essential to their operation.
Due to attackers' ability to constantly innovate and uncover flaws in intrusion detection models
or mitigation measures, the intensity of DDoS attacks is on the rise. The history of DDoS attacks
shows that the attackers initially targeted the network and transport layers of the OSI model.
However, more recent history in the cybersecurity field demonstrates that the attack momentum
has shifted toward the application layer of the OSI model, which makes it difficult to distinguish
between malicious and benign traffic, making application-layer DDoS attack defence a complex
task. Any DDoS detection technique must aim for high accuracy with high DDoS classification
recall in order to maintain the system's dependability and credibility. This research proposes a
deep learning strategy for application-layer DDoS detection using deep neural networks for
attack categorization and autoencoders for feature selection. The most attractive elements from
the packet flows are extracted, and the result is a popular benchmark dataset called CIC DoS
2017. The suggested model has the highest accuracy rate among the literature that has been
evaluated thus far, achieving 99.83% accuracy with a detection rate of 99.84% while retaining
a false-negative rate of 0.17%.
According to Wei Guo et al. (2022), the first line of defence against distributed denial of service
(DDoS) attacks, which are the most prevalent type of hack against infrastructure, is detection.
To increase categorization performance, the present DDoS detection mostly leverages machine
learning and deep learning techniques, either combined or improved. Topological connection
changes are not taken into account when training classifiers, as most of them rely solely on
statistical flow features. This one-sidedness reduces the accuracy of detection and makes it
impossible to distribute attack sources for the deployment of defences. In this work, we propose
a topological and flow feature-based deep learning method (GLD-Net) that utilizes graph
attention network (GAT) to mine correlations between non-Euclidean features to fuse flow and
topological features while simultaneously extracting flow and topological features from time-
series flow data. The node neighbourhood relationship is obtained by the long short-term
memory (LSTM) network connected behind GAT, and feature dimension reduction and traffic
type mapping are accomplished by using the fully connected layer. The GLD-Net method's
detection accuracy for two classifications (normal and DDoS flow) and three classifications
(normal, rapid DDoS flow, and slow DDoS flow) is 0.993 and 0.942, respectively, according to
experiments conducted on the NSL-KDD2009 and CIC-IDS2017 datasets. Its average
improvement over the current DDoS attack detection systems is 0.11 and 0.081, respectively.
Furthermore, the attack source distribution can be inferred based on the correlation coefficient,
which varies from 0.7 to 0.83 between the attack flow detection accuracy and the four source
distribution indicators. Notably, we are the first to apply graph-style neural networks to combine
topology and flow data and accomplish high-performance DDoS attack intrusion detection. The
development of network security solutions in other sectors and related research will be
significantly impacted by the findings of this study.

Najafimehr, M. et al. (2022) Distributed Denial of Service (DDoS) assaults are becoming a
more frequent danger to computer networks, where service availability is essential. A popular
and promising method for detecting DDoS attacks that produces good results for known attacks
is machine learning (ML). They nearly never identify malicious traffic that is unknown to them,
though. In this research, a novel approach that combines supervised and unsupervised
algorithms is proposed. Using a number of flow-based criteria, a clustering algorithm first
distinguishes the abnormal traffic from the regular data. The clusters are then labelled using a
classification algorithm and specific statistical criteria. We assess the suggested approach using
a big data processing framework by testing on an alternative set of assaults from the more recent
CICDDoS2019 dataset and training on the CICIDS2017 dataset. The outcomes show that, in
comparison to the ML classification methods, our method's Positive Likelihood Ratio (LR+) is
almost 198% greater.

Distributed denial-of-service assaults, or DDoS attacks, are among the most prevalent types of
network attacks that occur nowadays (Jiangtao Pei et al., 2019). As computer and
communication technology advance quickly, the damage caused by DDoS attacks is become
increasingly severe. As a result, the study of DDoS attack detection gains significance. These
days, some relevant study has been conducted and advancements have been achieved. However,
as of yet, there hasn't been a detection technique with adequate detection accuracy because of
the variety of DDoS attack tactics and the fluctuating volume of attack traffic. In light of this,
this research suggests a machine learning-based DDoS assault detection strategy that consists
of two steps: feature extraction and model detection. Comparing the data packages categorized
using rules allows for the extraction of a significant amount of the characteristics of DDoS
attack traffic during the feature extraction stage. During the model detection phase, the attack
detection model is trained using the random forest technique using the extracted features as
machine learning input features. The experimental findings demonstrate that the machine
learning-based DDoS attack detection method that has been developed has a good detection
rate for the most common DDoS attacks at the moment.

According to Tariq Emad Ali et al. (2023), recent developments in security techniques have
greatly improved the capacity to recognize and counteract threats and attacks in any kind of
network infrastructure, including software-defined networks (SDNs), and shield internet
security architectures from a range of dangers. Among the most widely used methods for
thwarting distributed denial-of-service (DDoS) assaults on any sort of network are machine
learning (ML) and deep learning (DL). This systematic review's goals are to find, assess, and
talk about recent developments in ML/DL-based DDoS attack detection techniques for SDN
networks. In order to accomplish our goal, we carried out a systematic review in which we
searched for papers that, between 2018 and the start of November 2022, employed ML/DL
techniques to detect DDoS attacks in SDN networks. We have made considerable use of one
academic search engine (Google Scholar) and other digital libraries (including IEEE, ACM,
Springer, and other digital libraries) to search the contemporary literature. The relevant
literature has been examined, and the SLR results have been grouped into five categories: (i)
the various DDoS attack detection methods in ML/DL approaches; (ii) the approaches,
advantages, and disadvantages of the DDoS attack detection ML/DL approaches currently in
use; (iii) benchmarked datasets and classes of attacks in datasets used in the literature; (iv) the
preprocessing strategies, hyperparameter values, experimental setups, and performance metrics
used in the literature; and (v) promising future directions and research gaps.

Hailye Tekleselassie (2021) This study offers a revolutionary mixed learning approach for
creating a fresh DDoS model that takes advantage of deep learning's flexible and extensible
properties. This technique can improve DDoS detection issues and present practices. For DDoS
detection, a deep learning and knowledge-graph categorization algorithm is coupled. While a
classifier model is created using a deep learning algorithm, the knowledge-graph system allows
for the model's flexibility and expansion. Ten-fold cross validation is used to analytically verify
it using the CICIDS2017 dataset, which has 53,127 complete occurrences. The results of the
experiment show that, following connecting, 99.97% of performance is recorded. It's interesting
to see that fundamental DDoS detection and prevention techniques differ in key knowledge
ironic learning. Therefore, it is advised that security experts integrate DDoS detection into their
network and internet.

Firas Mohammed Aswad et al. (2023) The Internet of Things (IoT) has become increasingly
important and helpful to daily life in many ways due to the current era's rapid rise in informatics
systems technology. The availability of several devices that serve as IoT enablers, such as
smartwatches, smartphones, security cameras, and smart sensors, has led to an increase in the
popularity of IoT applications compared to earlier times. However, distributed denial-of-service
(DDoS) assaults are one of the challenges brought on by the unsecured nature of IoT devices.
IoT systems' disreputability features, such as dynamic communication between IoT devices,
provide a number of security challenges. The devices' limited resources, namely their
processing units and data storage, led to the dynamic communications. A lot of work has been
done lately to create intelligent models that can defend IoT networks from DDoS attacks. The
primary area of continuing study is creating a model that can detect legal traffic and prevent
false alarms by safeguarding the network against different types of DDoS attacks. In order to
create a bidirectional CNN-BiLSTM DDoS detection model, this study suggests merging three
deep learning algorithms: convolutional neural network (CNN), long short-term memory
(LSTM)-RNN, and recurrent neural network (RNN). In order to identify the most efficient
model against DDoS attacks that can precisely detect and discriminate DDoS from legal traffic,
the RNN, CNN, LSTM, and CNN-BiLSTM are tested and put into practice. To achieve more
realistic detection, the intrusion detection assessment dataset (CICIDS2017) is employed. The
CICIDS2017 dataset closely resembles real-world Packet Capture data and contains benign and
current instances of common threats. Confusion Metrix is used to test and evaluate the four
models in relation to four widely-used criteria: F-measure, accuracy, precision, and recall. With
the exception of the CNN model, which achieves an accuracy of 98.82%, the models perform
quite effectively, obtaining an accuracy rate of about 99.00%. With a precision of 98.90% and
accuracy of 99.76%, the CNN-BiLSTM performs best.

According to Mouli Prasad J et al. (2023), Distributed Denial of Service (DDoS) attacks involve
an attacker flooding a server or network with traffic from several sources, the majority of which
are compromised devices. Sensitive data could be lost and a lot of bandwidth could be wasted
by these attacks. Consequently, the significance of precisely and effectively identifying DDoS
attacks has grown in the past few years. Prior research has examined DDoS detection as a binary
classification problem, aiming to determine whether or not a given packet of network traffic is
indicative of a DDoS attack. Therefore, in order to effectively counter a DDoS attack, it is
imperative to know which kind of attack is being targeted. A unique strategy to overcome this
issue turns the detection problem into a multilabel classification via the use of an ensemble
classifier. The suggested Ensemble Classifier combines the best algorithms from various AI and
ML approaches. This technique is effective in recognizing different DDoS attacks and
classifying them into relevant groups. The multilabel classification method offers a more
thorough and precise detection mechanism by concurrently identifying the existence of
numerous attack types. When compared to other AI and ML algorithms, the Ensemble Classifier
performs better than the other algorithms in terms of accuracy and efficiency, demonstrating
the success of the suggested strategy. The suggested method may efficiently identify different
kinds of such attacks and increase detection accuracy by employing the top-performing
algorithms. DDoS assaults must be detected and prevented because they have the potential to
seriously harm networks and companies. Because the proposed Ensemble Classifier approach
merges state-of-the-art algorithms and converts the detection problem into a multilabel
classification, it provides a practical and efficient means of identifying different types of DDoS
attacks.

According to Wadee Alhalabi et al. (2023), as intelligent information systems have proliferated,
so too has the threat posed by distributed denial of service (DDoS) attacks. Conventional DDoS
detection approaches are insufficient for the Internet of Things due to the vast number of linked
devices, continuously changing network conditions, and the requirement for immediate
response. In light of this, the study's objective is to review the state of the art in the field by
reading pertinent publications from the Scopus database. It also provides a brief overview of
DDoS and the Internet of Things while examining neural networks and how they might be used
for DDoS detection. Ultimately, a model based on decision trees is created to identify DDoS
attacks. The analysis identifies areas for future research and throws light on current problems
and trends in this subject.

Amrish, R. et al. (2022) A cyberattack known as a Distributed Denial of Service (DDoS) assault
aims to overwhelm a targeted server in order to stop normal traffic on that server. Instead of
serving real users, the DDoS-attacked server is still busy processing requests from the bots.
These attacks are becoming more frequent and difficult to identify. This research uses a machine
learning technique to distinguish between DDoS attack traffic and regular traffic. Four methods
for machine learning classification are used to identify DDoS attacks. The Canadian Institute
of Cyber Security's CICDDoS2019 dataset is used to test and train machine learning algorithms.
The results produced by the Artificial Neural Network (ANN) outperform those of KNN,
Decision Tree, and Random Forest.

According to Anjali M et al. (2023), network assaults are a serious security risk in the modern
world because of how quickly technology and the internet are developing. DoS assaults are
sophisticated and challenging to defend against. Because DDoS attacks have the potential to
cause major disruptions, they are considerably more dangerous. They are especially difficult
since they can swiftly and suddenly destroy a victim's computer or communication capabilities.
DDoS attacks are a dynamic threat that is becoming harder to identify and successfully counter.
To address this menace, we have studied numerous methodologies and methods on the DDoS
attack dataset i.e. dataset unique to SDNs. By applying a variety of algorithms, such as Decision
Trees, Support Vector Machine, Naive Bayes, KNearest Neighbour, Multilayer Perceptron,
Quadratic Discriminant, Stochastic Gradient Descent (SGD), Logistic Regression, XGBoost,
and deep learning techniques like Deep Neural Networks (DNN), machine learning has
improved DDoS detection. Accuracy criteria have been used in a thorough comparison analysis
of various algorithms to assess their performance.

According to Dhairya Lunkad et al. (2020), Distributed Denial of Service (DDoS) attacks pose
a serious threat to businesses that have integrated their technology with public networks. These
attacks enable multiple attackers to access data or provide services to large corporations or
nations. The attacks impair the availability of Web services for an indefinite amount of time,
flooding the company's servers with fraudulent requests while denying requests from legitimate
users. This results in financial losses due to unavailable rendered services. With the selected
attributes, various machine learning models, like Navies Bayes, SVM, and proposed methods
based on Navies Bayes, are developed for efficient detection of DDoS attacks. Accordingly, the
aim of this paper is to demonstrate the process of detection prototype DDoS attacks using a
supervised learning model by Support Vector Machines (SVM), which captures network traffic,
filters HTTP headers, normalizes the data on the basis of the operational variables: rate of false
positives, rate of false negatives, and rate of classification. The information is then sent to
corresponding training and testing sets. Subsequently, our experimental findings demonstrate
that fuzzy c-means clustering improves attack identification accuracy.

In this study, Muhammad Rusyaidi et al. (2023) conduct a systematic literature review on the
use of machine learning techniques in the detection of distributed denial of service (DDoS)
attacks. A number of pertinent research articles were chosen, and their evaluation was
predicated on how well they demonstrated the application of machine learning techniques. The
researchers are focusing on the analysis, synthesis, and evaluation of several machine learning
techniques for DDoS attack detection. Thus, the goal of this research is to assess several
machine learning techniques for DDoS attack detection in computer networks. The Deep Neural
Network (DNN) and Long Short-Term Memory (LSTM) technique, the Multiple Linear
Regression method, the Recurrent Neural Network (RNN) with Autoencoder, the Deep
learning-based method, and the LSTM with Singular Value Decomposition (SVD) method are
the five categories into which these mechanisms are classified. In addition, the research
methodology, parameters, and metrics are discussed, along with a number of unresolved
research issues. Summaries of findings and gaps in implementing a predictable machine
learning model were also examined and contrasted. Therefore, it is anticipated that the paper
will help scholars and researchers provide a workable solution for the machine learning
described above in DDoS assault detection.

Tejaswini Ulemale (2022) The digitalization of today's world has led to a sharp rise in computer
technology and computer networks. As more and more works transition to an online mode,
several kinds of attacks are being carried out as a result of the increased network connection.
Distributed Denial of Service [DDOS] attacks are among the most potent and hazardous, and
they are a serious problem in computer networks. Using DDOS, the attacker targets the server
in an attempt to impede regular traffic. Distributed denial of service is one of the subclasses of
denial-of-service attacks. Thus, a great deal of study has been done to counteract DDOS attacks.
A prominent method for preventing denial-of-service attacks involves machine learning and
deep learning. Determining DDOS attacks is the primary goal.

2.3. Gaps in Literature

Based on the review of literature following gaps have been identified-

• Prediction Accuracy was relatively low and it will take high computation time in existing
classification technique.

• The training time was more due to the back-propagation technique in existing neural
network algorithm.

• Sophisticated approach is needed is required which resolves the problem of finding the
attack in a precise way and classifies the data such as normal and attacked data.

2.4. Objectives of the Research

It is necessary to address the problems associated with Distributed Denial of Service (DDOS)
assaults in light of the study that has already been done on the subject and its limitations. The
primary goal of the research shows:

• By sorting and filtering network information and utilising the machine learning algorithm
to identify anomalous patterns, deep-learning Neural Networks employ weight
optimisation to detect DDoS attacks in networks.
• To identify a hybrid optimisation method capable of optimising weight value to shorten
training times and boost classification precision.
• To compare an optimised algorithm to the privacy level of the regular data.
Chapter-03
 Methods & Materials

3.1. Background

On the basis of literature gaps and objectives set for the current research, IDS technique using
DLNN method is to be observed in the current research. Current chapter focuses on developing
an algorithm which is based on DLNN, its various phases along with its advantages. Following
section describe the aforementioned stages in detail.

3.2. Technique of Intrusion Detection

worldwide network of computers connected by various media via the internet, a common
protocol. Among many other crucial facets of modern life, people rely on internet access for
their enjoyment, commerce, socialisation, and education. Clearly, the greatest change in
computer and communication history has been brought about by the Internet. The hazards
associated with web threats are numerous and include financial losses, theft of identity, loss of
private data or information, theft of network assets, harm to one's reputation and brand, and a
decline in customer trust in online banking and e-commerce. The majority of security issues are
different from their previous counterparts in non-Network infrastructures because data and
business logic are housed on a remote Network server that is not subject to transparent
oversight. The Denial of Service (DDoS) assault is one such type of attack that has been
exhibiting increasingly aggressive and threatening intrusive behaviour against internet systems.
DDoS attackers typically target a server or collection of machines that is offering the service to
its customers. Attackers using denial-of-service (DoS) attempt to overload an active server with
so many outstanding requests that it overflows the service queue and the service is rendered
unavailable (Parivindar et al., 2016).

DDoS attacks can be launched against hacked systems utilised by government agencies,
educational institutions, and residential buildings. We refer to these systems as bots. Typically,
DDoS attacks originate at the network layer through the flooding of UDP, SYN, or ICMP
packets. Application layer DDoS occurs when an attacker switches to the programme layer and
flooding HTTP GET requests after an unsuccessful network layer attack. According to Amit et
al. (2018), DDoS attacks can be conducted via TCP SYN, UDP flood assault, DNS reflection
assault, HTTP flood assault, or ICMP flood. Information security reports indicate that DDoS
assaults have resulted in major financial losses for governments and industries globally in recent
times. On the other hand, by taking use of the processing power and geographic dispersion
made possible by the large variety of objects and their varied mobility patterns—typically
rooted in an IOT network scenario—attackers employ increasingly sophisticated strategies to
intensify attacks and overwhelm the victims. As a result, a useful and effective DDoS detection
technique is required.

One security measure that primarily operates at the network's layer of an Internet of Things
system is a system to detect intrusions (IDS). When an IDS is implemented for an IOT system,
it ought to be able to analyse data packets and provide real-time answers, analyse data packets
in various IOT network layers with various protocol stacks, and adjust to various IOT
environment technologies. IDS are intended for Internet of Things (IoT)-based smart settings,
where they must function in harsh situations with limited processing power, quick reaction
times, and large volumes of data processing. As a result, traditional IDSs might not be
completely appropriate for IOT environments. IOT security is a persistent and significant
problem, so it's important to stay current on knowledge of IOT system security flaws and to
develop solutions for mitigation (Faisal et al., 2020). In network-based IOT data, security plays
a crucial role in guaranteeing that client data is stored in a secure manner. Thus, network
security is crucial for both individual and corporate users. Everyone desires to understand that
firms have a legal duty to protect customer data, and that specific industries have stricter
regulations regarding data storage.

Numerous problems with network computing safety include multitenancy, data loss and
leakage, network accessibility, identity management, unsafe APIs, inconsistent service level
agreements, patch management, and internal threats. Certain security measures are absent from
traditional simple cryptographic algorithms, making them insufficiently scalable, incompatible,
and effective (Varun et al., 2020). In order to safeguard the network against denial-of-service
assaults, an intrusion detection system that incorporates an encryption technique has been
suggested.

3.3. Proposed Model of IDS For DDoS Attack Detection

A complex model built on top of DLNN that distinguishes between regular and assaulted data
in a network is utilised to identify DDoS attacks in networks. This model is composed of
optimised weight in the layers that are hidden. Below is a description of the suggested model.
Fig. Proposed Graphic Model for Detecting DDoS Attack

Table Features of NSL Data set

A DDoS volumetric attack is among the most harmful types of malicious traffic that occurs on
the internet. The goal of this volumetric attack is to overwhelm the victim's computer resources
or nearby network links by coordinating the sending of a large volume of pointless data at a
rapid rate. The suggested safe encryption strategy, which is based on MCSA-ECC, and the
ODLNN-based intrusion detection system for DDOS assault detection. There are training and
testing steps for this system. The NSL-KDD dataset is pre-processed during the training phase,
including data normalization, data nominalization, and the replacement of missing
characteristics. To determine if the data is normal or attacked, the suggested categorization is
applied during the training phase. Preprocessing and categorization are the next steps in the
process, much like in the training phase. If the sensitive information is normal, it can then be
encrypted using the MCSA-ECC technique and kept on a network to further protect it from
attackers. In the future, the network's data will be decrypted and used if there is a requirement
for the encrypted true data. If not, the compromised data is kept on the network as a record of
the incident to help identify future attacks. The NSL-Data collection comprises 41 properties
that are classified as either normal or attacked. Three categories of attribute value types
nominal, ordinal are used to classify each feature.

There are two stages to the suggested system's implementation. They are: Features of the testing
and training phases are seen as typical and vulnerable. Three categories of attribute value types
nominal, ordinal are used to classify each feature.

3.3.1. Phase of Training

The NSL-KDD data collection is analyzed for DDOS detection during the training phase. First,
Data Normalization, Missing Attribute Replacement, and Data Normalization are used to
preprocess the data set. Finally, ODLNN is used for both normal and attacked data
classification. The steps involved in detecting or classifying DDOS attacks are described in
detail below.

3.3.2. Preprocessing

Preparing the data for the categorization process is known as pre-processing. It is the procedure
for transforming data into a form that a computer can comprehend. The removal of pointless
data is a common pre-processing method. It is also a kind of data mining technology wherein
unprocessed data is converted into a comprehensible format. Real-world data is prone to
numerous inaccuracies and is frequently insufficient, inconsistent, or lacking specific
information on certain behaviors or trends. Pre-processing data is a tried-and-true way to fix
problems like these. Preparing raw data for additional processing is called data pre-processing.
It is utilized in rule-based systems (like neural networks) and database-driven applications (like
customer relationship management and medical documentation) (Vivek et al., 2015). The
purpose of the data preliminary processing phase is to reduce the feature size and, hence, the
learning algorithm's computational complexity. The suggested method consists of three phases
for preprocessing the dataset: (i) data normalization, (ii) replacing missing characteristics, and
(iii) data nominalization.

3.4. Weight Optimization of DNN Based on CMDFA

Algorithm for the optimization of weight in DNN based upon CMFDA can be stated as follows-

Input : Weight values for DNN

Output : Optimized weight values

1. Begin

2. Initialize dragonfly population M = (M1, M2, ….ME,……..MH)

3. Initialize step Vectors

4. While criteria for stopping is unavailable

5. Compute fitness functions of all of the dragonflies

6. Initialize weights of D, S, T, A & H for all of the dragonflies

7. Update Velocity & position of dragonflies through computing Di, Si, Ai, Ti & Hi

8. Compute neighbourhood distances

9. If any dragonfly is having one dragonfly (atleast) in neighbourhood

10. Update Position & Velocity through executing mutation & crossover

11. Else

12. Apprise position & velocity vector through executing Levy walk
 13. End if

14. Check and rectify updated locations on the basis of variable boundaries

15. End While

16. End

3.5. Conversion of Data

Strings are converted to numbers in this stage. The strings are individually altered to represent
the numerical value; for instance, the string "a" is modified to represent "1." In a similar vein,
numbers are assigned to every alphabetic letter.

3.6. Replacement of Missing Value

It is quite common for there to be missing values in our collection. Values that are missing must
be taken into account regardless of the reason corrupted data, incomplete data collection, failure
to load the details, or possibly a data validation criterion. One of the hardest things for analysts
to deal with is missing values because addressing them correctly produces reliable data models.
The missing values can be verified in a few different methods.

3.7. Elimination of Rows

In some situations, it's a straightforward and successful tactic. When handling null values, this
technique is frequently employed. Here, we either remove a specific row if the value for a given
feature is a null, or we remove a specific column if the missing values exceed 70–75%. A feature
can also be removed if the majority of its values are absent. This approach should only be used
when the data set has a sufficient number of samples. It is important to ensure that bias has not
been added after the data has been erased. Eliminating the data will result in information loss,
which will prevent the output prediction from working as planned. Fully eliminating missing
values from the data produces a strong, incredibly accurate model. It is preferable to remove a
specific row or column that has no specific information because its value is low. Data and
information loss Performs poorly when the proportion of missing values in the dataset is
considerable (let's say 30%).
3.8. Prediction of Missing Values

The features that don't have any missing values can be used to anticipate the null set using
machine learning algorithms. This approach could lead to. Increased precision, unless a large
deviation is anticipated for a missing number. So long as the deviation from the identical value
is less than the bias from the omitted variable, imputing the variable that is absent is an
improvement. provides objective approximations of the model's parameters. When a categorical
variable is employed with a partial conditioning set, bias might also result.

Gender is an example of a categorical feature that has a set number of possible values. We can
choose a different class for the absent values because they have a set number of classes. This
tactic will increase the amount of data in the dataset, changing the variance. They are
categorical, thus in order for the algorithm to grasp them, we must identify one hot encoding
and translate it to a numeric form.

3.9. Replacement & Estimation of Missing Values

Simple interpolation techniques are employed to fill in the missing values if just a respectable
portion of the data are absent. Nonetheless, the most popular approach to handling missing data
is to substitute them with the corresponding attribute's mean, median, mode, lowest, maximum,
or average value. This tactic can be used with a feature that contains numerical data. This
approximation may introduce variation into the set of data. However, this strategy produces
better results than removing rows and columns, negating the loss of data. Using the three
approximations mentioned above as a substitute is a statistical method of dealing with missing
values. In our work, we compute the centre value and use the median value to replace missing
values by ordering each characteristic in ascending order. Typically, the formula (3.1) is used
to determine the median value.

Ea = ∑(𝐷𝑎 𝑃𝑎 𝐶𝑎 ) (3.1)

3.10. Normalization of Data

When two attributes are utilized that have different scales, normalization is usually necessary
to prevent an equally significant attribute's usefulness from being diminished by another
attribute whose values are on a bigger scale. An attribute's values can be scaled using
normalization to fall inside a narrower range, like -1.0 to 1.0 or 0.0 to 1.0. In general,
classification algorithms benefit from it. Put another way, when there are several characteristics
yet the values of those attributes are on distinct scales, this could result in subpar data models
when data mining is done. In order to put all the qualities on the same scale, they are normalized.
Dhishant et al. (2016) describe three strategies for data normalization:

3.10.1. Method of Decimal Scaling

It moves the data's decimal point values to normalize it. Using this method, we divide each data
value by the highest absolute value of the data to normalize the data. The following formula is
used to normalize the data value, di, to di'-

𝑑
𝑑𝑖′ = 10𝑖𝑗 (3.2)

Where j is the smallest integer such that max (|di|)<1

3.10.2. Normalization through Z-score

Values are standardized using this technique based on the data's mean and standard deviation,
or "D." The following formula is applied:

̅
𝑑−𝐷
d' = (3.3)
𝜎𝑑

The fresh and old data are denoted by d', d. D, 𝜎𝑑 stands for "D"s mean and standard deviation,
respectively.

3.10.3. Normalization through Min-Max Method

In this work, min-max normalization is used. The original data is transformed linearly in this
data normalization procedure. The link between the initial data values is maintained. An error
known as an "out-of-bound error" will occur if the input values ever exceed the normalization
threshold. The data's minimum and maximum values are retrieved, and each value is changed
using the formula below-

𝑑−min⁡(𝐷)
d' =[ max(𝐷)−min(𝐷) x (Newmax(D)-newmin(D))] + newmin (D) (3.4)

Where D represents the attribute data, min(D), max(D) denotes the lowest and highest absolute
values of D, respectively, and 'd' denotes the new and old values for the attribute. Newmax(D),
newmin(D) represent the maximum and minimum values of the range, i.e., the needed boundary
value of the range.
3.11. ODLNN based Data Classification

Data is classified into normal and attacked categories using an Optimized Deep Learning Neural
Network (ODLNN) once redundant values have been removed. The mathematical function that
is implemented by an algorithm for classification that assigns a particular label or category to
incoming data is referred to as a classifier. Through the use of artificial intelligence (AI),
machine learning gives a system the capacity to learn on its own and get better with each
experience without the need for programming. It also emphasizes the creation of programs for
computers that can access data and acquire self-learning capabilities.
Four categories apply to machine learning algorithms (Mohmoud et al., 2020). These include
reinforcement learning algorithms, unsupervised machine learning, semi-supervised machine
learning, and supervised machine learning.

3.11.1. Supervised Machine Learning

By evaluating the training set of data and generating an inferred function that can be used for
mapping fresh examples, supervised machine learning hinders the process of learning an
algorithm that maps an input to an outcome using input-output pairings. Regression and
classification are the two main procedures in supervised machine learning.

3.11.2. Unsupervised Machine Learning

Unsupervised learning is a kind of self-organized learning algorithm that assists in identifying

patterns in a data set that were previously unidentified and that did not have labels. In other
words, it extrapolates conclusions from datasets that contain input data without tagged answers.
To explain the data, unsupervised learning uses dimensionality reduction and clustering.

3.11.3. Semi Supervised Machine Learning

A substantial amount of unlabelled data is used in training together with a modest amount of
labelled data in a semi-supervised learning strategy that blends supervised and unsupervised
learning. In semi-supervised learning, data assets are identified through a classification process,
and they are grouped into various classes using clustering.
3.11.4. Reinforced Machine Learning

Dynamic programming such as reinforcement learning produces actions in response to its

surroundings and learns from them to identify mistakes or rewards. The two aspects of
reinforcement learning that are most pertinent are trial-and-error search and delayed reward.

3.12. Neural Networks

Brain networks are computer models that are used to estimate functions that are typically
unknown. They are inspired by biological brain networks. Artificial neurons, which resemble
interconnected components or nodes in a loose way the neurons in a human brain, are the
foundation of neural networks (NNs). Every link is comparable to the synapse in a living brain,
which are responsible for sending signals to other neurons. A synthetic neuron that receives,
interprets, and relays signals to other neurons via its connections. We refer to the links as edges.
Generally, the weight of neurons and edges changes during the learning process. The signal
strength at a connection is influenced by the weight. It is possible for neurons to have a
threshold, over which a signal is only sent when the total signal exceeds it. Neurons are
generally grouped into layers. It is possible for different layers to alter their inputs in different
ways. Signals may pass through the layers more than once before arriving to the last layer,
which is the output layer, from the first layer, which is the input layer. Feed Forward, Feed
Backward, Radial Basis Function, Recurrent, Modular, Sequence-to-Sequence Model, and so
on are the different types of Neural Networks.

3.12.1. Optimized Deep Learning Neural Networks

A family of artificial intelligence machine learning techniques known as "deep learning" makes
use of many layers to dynamically extract higher-level features from unprocessed data. This
particular piece of AI technology is reliant on phony neural networks that have real learning
capabilities. Classification algorithms like Deep Learning Neural Network have gained
popularity. Its capacity to learn and simulate complicated, non-linear relationships is crucial
since many relationships among both inputs and outcomes in real life are complex and non-
linear. In contrast to all other prediction algorithms, DLNN does not place any limitations on
the input variables. The following are the general layers of a deep learning neural network: The
input layer is where the neural network first obtains data. The Hidden Layer is the intermediary
layer wherein artificial neurons receive a collection of inputs that are weighted and use an
activation function to generate an output. The output layer generates the output for the supplied
inputs. For the purpose of effectively classifying normal data and attacked data, the suggested
work modifies DLNN by hybridizing the Crossover as well as Mutation of Dragon Fly
Algorithm (CMDFA). ODLNN is the suggested attack detection method as a result.

Fig. DLNN Representation

Each input is given to different nodes in the classifier. The values that are subjectively assigned
and associated with each input are known as weights. The buried layer is the one that results.
We refer to the nodes in this tier as hidden nodes. These nodes perform the function of
incorporating the weight vectors of each connected input node and the resultant of the input
value. The weight values of DLNN (Talha et al., 2018) are optimized using the CMDFA, also
known as ODLNN. In order to achieve the desired result, arbitrary weight values provide a
more back-propagation process. Thus, the suggested technique implements optimization. The
result of this current layer is then transferred to the consecutively layer by applying the
activation function.

3.12.2. Optimization of Weight Through CMFDA

The CMDFA technique is used to optimize the value of weighting in the DLNN classifying
algorithm. This means that even from fewer inhabitants’ segments, there is a greater chance of
selecting the optimal values. Dragonfly swarm behavior, both dynamic and static, serves as the
inspiration for the DF algorithm. The DF imitates the idealized dragonfly's hunting and
migrating habits. The dragonflies use a hunting strategy known as static swarming, or feeding,
in which they fly in small flocks over a limited region in search of food sources. The term
"dynamic swarm" (migratory) refers to the migration mechanism. During this phase, the swarm
migrates as the dragonflies fly in bigger numbers in a single direction. According to Yassnnie
et al. (2020), DA is divided into two phases: exploitation, which is motivated by dynamic
swarming activity, and exploration, which is inspired by static swarming behavior. Five distinct
behaviors distraction, attraction, cohesion, separation, and alignment are used to simulate the
swarming behavior of dragonflies. Figure 3.3 shows the above actions of the dragon flies. If
there is at least single dragonfly in the surrounding area velocity, then all of the people involved
in the current iteration of the dragon fly algorithm for optimization perform the cross-over and
mutation procedures to obtain better outcomes.

Fig. DFA Representation

Chapter-04
 Data Analysis & Interpretation

4.1. Results from Observation

The security of virtual networks, chips, computer networks, and mobile phones has drawn a lot
of attention in recent years. A lot of emphasis has been paid to computer network security as a
crucial medium for information sharing. The issue of distributed denial of service (DDOS)
attacks in computer network security has not been resolved for a long time. One common kind
of network attack is DDoS.

This attack overloads users with bandwidth from several attackers, rendering internet services
inaccessible. As more and more companies move their operations online, denial-of-service
assaults (DDOS) have resulted in large losses in terms of money. Reports indicate that DDOS
assaults have been occurring more frequently in the past few months.

It uses up server resources and takes up unnecessary space, making it impossible for regular
users to use the regular services offered by the host that is being targeted. Detecting Distributed
Denial of Service (DDOS) assaults efficiently and promptly is therefore a critical issue for
network monitoring. The goals of security and privacy play a significant role in the commercial
implementation of network-based data.

An effective intrusion detection system based on HDFS and privacy preservation has been
proposed to achieve security and detect the DDOS attack. This chapter describes the testing and
demonstration that was done for the suggested process to demonstrate its accuracy in
identifying network attacks and protecting actual user data.

4.2. Programming Background

The suggested system is put into practice on the Java working platform. Because of its enhanced
features, this platform is able to handle difficulties related to efficiency, accuracy, and security.
Java is a potent language with a collection of packages that will take care of all user
requirements. A package called "remote method invocation" contains a number of classes and
interfaces that are used to link network nodes. There are various kinds of nodes in the network
that require communication with the server. It provides an interface with a method detection
feature that may be used with the suggested technique.
4.3. Description of Database

The NSL-KDD dataset is the database intended for use in the development of DDOS Attack
detection. This is the most recent version of the KDDcup99 dataset. The NSL-KDD dataset is
superior to the KDDcup99 dataset in a few ways. Some of the KDDcup99's intrinsic issues have
been resolved. The KDDcup99 is regarded as the industry standard benchmark for intrusion
detection evaluation. The NSL-KDD training dataset is comparable to the KDDcup99 dataset,
which consists of approximately 4,900,000 single connections vectors with 41 features each,
classified as either standard or attack type, with a single attack type explicitly present.

4.4. ODLNN Centred Attack Detection System Implementation for DDoS Attack
Detection

The anticipated results of the suggested method take into account various characteristics,
including security level, memory utilization during encryption and decryption, precision, recall,
F-score, accuracy, and encryption and decryption times. The suggested Deep Learning
Modified Neural Network (DLMNN) is evaluated against the current Artificial Neural Network
(ANN) to determine which of the parameter’s precision, recall, f-score, and accuracy is more
efficient. The suggested Modified Crow Search Algorithm (MCSA) is used to assess additional
parameters, including encryption and decryption times, security levels, and memory utilization.

4.5. Performance Related Matrices

Precision, recall, fscore, accuracy, encryption time, decryption time, security level, memory
usage for encryption and decryption, and accuracy are among the parameters used for the
performance analysis of the ODLNN-based intrusion detection system for the detection of
DDOS attack based secure encryption scheme. Below is an explanation for every of these
criteria in detail:

• Precision- It is the extent to which repeated measurements made in the same settings
yield consistent results.

𝑇𝑃
Precision = 𝑇𝑃+𝐹𝑃 (4.1)

• Recall- The percentage of patterns that are positive that the classifier correctly detects
is computed.
 𝑇𝑃
Recall = 𝑇𝑃+𝐹𝑁 (4.2)

• F-Score- It is a metric that combines recall and precision.

𝑃𝑟𝑒𝑐𝑖𝑠𝑖𝑜𝑛.𝑅𝑒𝑐𝑎𝑙𝑙
F-Score = 2(𝑃𝑟𝑒𝑐𝑖𝑠𝑖𝑜𝑛+𝑅𝑒𝑐𝑎𝑙𝑙)

• Time of Encryption-- The encrypted entire plaintext in bytes is divided by the period
of encryption to determine the total encrypting time of the records.

𝐸(𝑝(𝑠))
C(t) = 𝑇(𝑒(𝑠))

Where C(t) is the sum of the time in bytes that the records were encrypted. E(p(s)) is decrypted
plain text. T(e(s)) is time needed to encrypt every record.

4.6. Comparative analysis of performance metrics evaluation

Metrics including encryption time, precision, recall, f-score, and accuracy are used to compare
and assess the effectiveness of DDOS attack detection utilizing an ODLNN based secure
encryption technique.

The evaluation is conducted by changing the sensor nodes' sizes from 1000 to 5000. The
algorithms are run and examined for each of the designated node sizes (1000, 2500, 3500, 4500,
and 5000). The values that were reached and the corresponding figures are listed below.

Table Precision Comparison amongst proposed OLDNN & existing ANN

Number of Nodes Existing ANN (%) Proposed ODLNN (%)

1000 90.4 92.4
2500 91.6 93.6
3500 94.4 95.6
4500 94.4 95.3
5000 95.4 96.4

Table 4.1 shows the precision metric values generated for different Number of Nodes. It
demonstrates that for 1000 Number of Nodes, the present ANN yields 90.4 and the new
ODLNN produces 92.4. The suggested ODLNN and the current ANN yield results of 93.6 and
91.6, respectively, for the sensor value of 2500. The current ANN algorithm then yields values
of 94.4, 94.4, and 95.4 for the Numbers of Nodes of 3500, 4500, and 5000, respectively. The
suggested ODLNN-based approach yields, in that order, 95.6, 95.3, and 96.4. This demonstrates
that, when compared to the current methodology, the precision values produced for the
suggested method are high. Figure 4.1 shows the graphical representation of accuracy values.

Fig. Precision Representation Through Graph

Table Recall Comparison amongst proposed OLDNN & existing ANN

Number of Nodes Existing ANN (%) Proposed ODLNN (%)

1000 91.2 93.1
2500 91.8 93.5
3500 91.2 93.2
4500 92.9 94.7
5000 96.8 96.9

Table 4.2 shows the recall metric scores achieved for different numbers of nodes. It
demonstrates that for 1000 Number of Nodes, the current ANN yields 91.2 while the new
ODLNN produces 93.1. The suggested ODLNN and the current ANN yield results of 93.5 and
91.8, respectively, for a sensor's value of 2500. The current ANN algorithm then yields values
of 91.2, 92.9, and 96.8 for the Count of Nodes of 3500, 4500, and 5000, respectively. The
suggested ODLNN-based approach yields, in that order, 93.2, 94.7, and 96.9. This demonstrates
that, as compared to the current methods, the recall values achieved for the suggested method
are high. Figure 4.2 shows an animated depiction of recall levels.

Fig. Recall Representation Through Graph

Table F-Score Comparison amongst proposed OLDNN & existing ANN

Number of Nodes Existing ANN (%) Proposed ODLNN (%)

1000 91.2 93.2
2500 92.1 93.5
3500 92.4 94.8
4500 94.7 96.1
5000 96.8 97.5

Table 4.3 shows the F-score metric parameters derived for different Number of Nodes. It
demonstrates that for 1000 Number of Nodes, the present ANN yields 91.2 and the new
ODLNN produces 93.2. The suggested ODLNN and the current ANN produce values of 93.5
and 92.1 for the sensor value of 2500, respectively. The current ANN algorithm then yields
values of 92.4, 94.7, and 96.8 for the Number of Nodes of 3500, 45500, and 5000, respectively.
The suggested ODLNN-based approach yields, in that order, 94.8, 96.1, and 97.5. This
demonstrates that, when compared to the current methodology, the F-score values achieved for
the suggested method are high. Figure 4.3 shows the graphical depiction of F-Measure values.

Fig. F-Score Representation Through Graph

Table Accuracy Comparison amongst proposed OLDNN & existing ANN

Number of Nodes Existing ANN (%) Proposed ODLNN (%)

1000 82.3 85.5
2500 86.2 88.9
3500 86.9 91.8
4500 89.8 92.4
5000 92.9 93.8

The system's accuracy is shown in Table 4.4. It demonstrates that for 1000 Number of Nodes,
the present ANN acquires 82.3 and the suggested ODLNN acquires 85.5. The current ANN
generates 86.2 and 86.9 for the Count of Nodes of 2500 as well as 3500, respectively. The
suggested ODLNN scores are, respectively, 88.9 and 91.4. The suggested ODLNN yields 89.8
and 92.9 for the Count of Nodes of 4500 as well as 5000. Similarly, the values obtained with
the current ANN approach are 92.4 and 93.8. As a result, it demonstrates that the suggested
method's accuracy is higher than that of the current methodology. Figure 4.4 shows the accuracy
metric in a graphical format.
 Fig. F-Score Representation Through Graph

4.7. Discussion

This section mostly focused on comparing the suggested work's results with earlier discoveries
and explains how it is more efficient than current approaches. the various kinds of cyberattacks
that are possible on a network. It takes an effective intrusion detection system to find the
cyberattacks. DDoS attacks, or distributed denial of service attacks, are one of the main threats
to cyber security. The suggested study makes sure that a machine learning system that uses an
optimization strategy for weights is effective in detecting DDoS attacks.

4.8. DDoS Attacks in Networks

One of the main threats to a cyber network is a distributed denial of service attack, which targets
machines that are overloaded with requests. These kinds of attacks result in serious network
issues by crashing the victim's machine and rendering it idle, unable to react to requests.

4.9. Network’s IDS

Traditional intrusion detection systems, which rely on data mining techniques to identify
attacks, are ineffective in identifying DDoS attacks in networks because they confuse attacked
data for regular data. There are two different kinds of intrusion detection systems based on
signatures and anomalies to find network intrusions. An intrusion detection system based on
signatures will locate known attacks. An intrusion detection system that detects unknown
attacks is called anomaly detection. Existing IDS algorithms do not match the needs of a DDoS
assault; therefore, an effective algorithm is needed to detect DDoS attacks in networks. To
efficiently detect the assault, a powerful machine learning algorithm technique is needed.

4.10. Algorithms of Machine Learning

Machine learning techniques are effective in identifying DDoS attacks, and the detection
process consists of two stages: training and testing. The suggested approach makes use of
optimal weighting in deep neural networks, which shortens training times and accurately
distinguishes between attacked and normal data. For improved performance and effective
outcomes, classifiers based on machine learning can be developed and evaluated utilizing the
real-time NSL-Data set. The suggested model performs better in identifying data as normal and
assaulted when compared to other models that are based on KNN, SVM, Random Forest, and
Logistic Regression methods.

4.11. Existing Scheme Vs. Proposed Scheme

Current ANN algorithms that identify DDoS attacks for basic models require more training
time. In order to enhance the functionality and effectiveness of the current system, the suggested
system employed the altered Cross-over and Mutation algorithms. By employing three distinct
levels in deep neural networks, the Dragon Fly Algorithm is used in Deep Learning Neural
Networks to address the problems of speeding up the training phase and efficiently detecting
DDoS attacks. When compared to the suggested system, the current system, that trains the info
set using ANN, KNN, and SVM, delivers less efficiency. If there is a minimum of one dragonfly
in the surrounding area velocity, then all people in the current iteration of the dragon fly
algorithms optimization algorithm conduct the cross over and mutations operator to obtain the
better result. If there are no nearby individuals, it is expected that dragonflies will randomly
walk (Levy Fly) over the search zone.

The suggested ODLNN system generates results with accurate information that is both normal
and attacked data. If the data is normal, it is encrypted using the public key algorithm known
as the Modified Crow Search Algorithm and Elliptic Cryptography Algorithm (MCSA-ECC).
An encryption method that uses the elliptic curve theory can provide faster, smaller, and more
cryptographic keys while maintaining privacy, integrity, and confidentiality.
The current approach, which is based on ECC, provides less security when it comes to regular
data encryption and decryption. The current system uses ECC, which uses a random number in
the range of 1 to n-1 to generate the private key. Since the current method uses a random integer
to generate the private key and cipher text, an attacker can quickly determine that number and
access the data. During the key generation and encryption process, the suggested solution
optimizes the randomness behavior of ECC to prevent this issue and raise the algorithm's
security level.

The suggested approach, MCSA-ECC, carries out the optimization in ECC. The suggested
approach uses encryption and decryption, and because of this optimization strategy, regular data
is protected from attackers while the keys are optimized.

4.12. Performance Matrices of Existing Scheme Vs. Proposed Scheme

The parameters used for the performance analysis of the proposed system include precision,
recall, fscore, accuracy and ODLNN based IDS for the detection of DDoS attack and the
MCSA-ECC based secure encryption scheme. By comparing all performance metrics between
the proposed and existing systems, the suggested system is shown to be more secure and
efficient.
Chapter-05
 Conclusions

5.1. Summary of Findings

• The suggested work was created to accurately and efficiently detect DDoS attacks in
networks by utilizing optimal weight in Deep Learning Neural Networks to distinguish
between normal and attacked data.
• The suggested model employed the CMDFA technique, which was created using a hybrid
combination of mutation and cross over, and the Dragonfly algorithm, which used their
optimum weight in DLNN to detect DDoS attacks.
• To detect DDoS attacks on the network, the suggested model ODLNN with CMDFA
approach used a number of steps and implemented a data preparation technique that
minimizes data redundancy.
• The three hidden layers in the DLNN model that has been suggested for attack detection
meet the requirements to handle the complex model.
• The suggested framework ODLNN employed the hybrid algorithm CMDFA, which
applies the optimal weight value during training to identify data in both normal and
attacked forms. Because the optimal weight is passed during the training period in DLNN,
ODLNN shortens the training time.
• The suggested Model ODLNN with CMDFA approach enhances the accuracy of
classification while identifying data as attacked and normal. It uses the categorization
approach to attack data that it recognizes as normal.
• Using an encryption and decryption technique, the suggested model ODLNN with
CMDFA technique assesses the data as normal and attacked data, with the normal data
being transferred to the destination. The MCSA-Elliptic curve cryptography algorithm
(ECC) encrypts the usual data and transmits it in a secure manner.
• To extract the outcome, the suggested model ODLNN used the CMDFA method, in which
all people in the current iteration undertake cross-over and mutation operations if there is
a single dragonfly in the neighbourhood.
• This study uses the proposed model to detect DDoS attacks in the network by reducing
the amount of training time by optimizing the weight in the Deep Learning Neural
Network using the CMDFA algorithm. Through experimental investigation, it was
determined with greater clarity that the Optimized Deep Learning Network approach is
 more effective at identifying normal and attacked data when comparing the accuracy of
existing and suggested ANNs.
• The suggested MCSA-ECC provides the maximum-security level of 96% while requiring
less CPU memory and less time to conduct encryption and decryption than ECC.
According to the results, the MCSA-ECC offers higher protection for regular data, while
the DLNN technique correctly predicts DDoS attacks on data.

5.2. Conclusions

A network security paradigm called intrusion detection is used to identify, stop, and reject illegal
access to a computer network or communication channel. A safe and secure network is mostly
dependent on intrusion detection systems (IDS). A class of methods known as anomaly-based
intrusion detection aims to categorize network data as either normal or abnormal. DDoS attacks
are a highly serious and complex issue that arises when computers attack a network's
infrastructure, seriously damaging a person's or an organization's system. When DDoS attacks
are present, the reliability of the service is also impacted. That is, while the user's throughput
will decrease, the delay will also increase. DDoS attack detection is challenging. Since the
attacker creates the attack via the compromised system, they do not participate in the attack
directly. It is therefore challenging to identify the source of the attacks. Finding the IP addresses
of the routers that the packets are passing through is the primary goal of the denial-of-service
attack. Three methods are used to analyze data for effective preservation while identifying
attacks, and they are outlined below:

The unidentified DDoS attack is identified using a deep learning neural network. The suggested
approach makes advantage of CMDFA for DLNN weight tuning. Following the identification
of an attack, the data was kept on the network and encrypted using MCSA-ECC to increase
data security. The apps then gained access to the encrypted data for use in subsequent
procedures. To evaluate the effectiveness of the suggested approaches, the outcomes of the
secure data encryption (MCSA-ECC) and attack detection (ODLNN) mechanisms were
compared with those of the current algorithms. The accuracy, f-measure, precision, and recall
of the ODLNN and the current ANN were compared. When compared to ANN, the DLNN
yields the highest values for every statistic, demonstrating the ODLNN's efficacy.

The most representative computational intelligence algorithms, including Monarch Butterfly

Optimization (MBO), Earth Worm Optimization (EWA), Elephant Herding Optimization
(EHO), and Moth Search Algorithm (MS), are compared with the proposed ODLNN, which
uses the optimization technique by using the modified version of Dragon Fly Algorithm (DFA).
The Dragon Fly Algorithm, out of all these computational intelligence techniques, is used to
identify DDoS attacks by utilizing a large search space-based Cross Over and Mutation
methodology, which increases efficiency through the application of additional optimization
algorithms.

5.3. Directions for Future

In the near future, this work can be expanded by introducing other optimization methods that
are based on meta-heuristics. As a result, the objective of our upcoming work will be to use and
evaluate several optimization strategies for weight generation. Additionally, schedule job
optimizations to improve the model's high-speed links, improve the pattern matching algorithm
for packet detection, assess various attack types, and assess computing complexity.
Furthermore, an adversarial environment can be used to assess this system in order to determine
how the state of the network affects the effectiveness of the network anomaly identification
method.

An algorithm will be created to recognize various types of network assaults, and an efficient
selection of features method can also be used for attack detection. In addition, evaluation criteria
including training time, time complexity, and space complexity can be assessed along with
some more sophisticated features.
 References

[1] Ahmed, S.; Khan, Z.A.; Mohsin, S.M.; Latif, S.; Aslam, S.; Mujlid, H.; Adil, M.; Najam,
Z. (2023). Effective and Efficient DDoS Attack Detection Using Deep Learning Algorithm,
Multi-Layer Perceptron. Future Internet 2023, 15, 76. https://doi.org/10.3390/fi15020076

[2] Najafimehr M, Zarifzadeh S, Mostafavi S. DDoS attacks and machine-learning-based

detection methods: A survey and taxonomy. Engineering Reports. 2023; 5(12): e12697.
https://doi.org/10.1002/eng2.12697

[3] Mahmood A. Al-Shareeda, Selvakumar Manickam, Murtaja Ali Saare (2023). “DDoS
attacks detection using machine learning and deep learning techniques: analysis and
comparison”, Bulletin of Electrical Engineering and Informatics Vol. 12, No. 2, April 2023, pp.
930~939 Journal homepage: http://beei.org ISSN: 2302-9285,
https://doi.org/10.11591/eei.v12i2.4466

[4] Avcı İ, Koca M. Predicting DDoS Attacks Using Machine Learning Algorithms in
Building Management Systems. Electronics. 2023; 12(19):4142.
https://doi.org/10.3390/electronics12194142

[5] Aslam, N., Srivastava, S. & Gore, M.M. A Comprehensive Analysis of Machine
Learning- and Deep Learning-Based Solutions for DDoS Attack Detection in SDN. Arab J Sci
Eng 49, 3533–3573 (2024). https://doi.org/10.1007/s13369-023-08075-2

[6] Kumari, K., Mrunalini, M. Detecting Denial of Service attacks using machine learning
algorithms. J Big Data 9, 56 (2022). https://doi.org/10.1186/s40537-022-00616-0

[7] Sharmin Aktar, Abdullah Yasin Nur, Towards DDoS attack detection using deep
learning approach, Computers & Security, Volume 129, 2023, 103251, ISSN 0167-4048,
https://doi.org/10.1016/j.cose.2023.103251.

[8] Bahashwan AA, Anbar M, Manickam S, Al-Amiedy TA, Aladaileh MA, Hasbullah IH.
A Systematic Literature Review on Machine Learning and Deep Learning Approaches for
Detecting DDoS Attacks in Software-Defined Networking. Sensors. 2023; 23(9):4441.
https://doi.org/10.3390/s23094441
[9] Devrim Akgun, Selman Hizal, Unal Cavusoglu, A new DDoS attacks intrusion detection
model based on deep learning for cybersecurity, Computers & Security, Volume 118, 2022,
102748, ISSN 0167-4048, https://doi.org/10.1016/j.cose.2022.102748

[10] Abbas, S., Bouazzi, I., Ojo, S., Al Hejaili, A., Sampedro, G. A., Almadhor, A., & Gregus,
M. (2024). Evaluating deep learning variants for cyber-attacks detection and multi-class
classification in IoT networks. PeerJ. Computer science, 10, e1793.
https://doi.org/10.7717/peerj-cs.1793

[11] Mittal, M., Kumar, K. & Behal, S. Deep learning approaches for detecting DDoS
attacks: a systematic review. Soft Comput 27, 13039–13075 (2023).
https://doi.org/10.1007/s00500-021-06608-1

[12] Amitha, M., & Srivenkatesh, M. (2023). DDoS Attack Detection in Cloud Computing
Using Deep Learning Algorithms. International Journal of Intelligent Systems and
Applications in Engineering, 11(4), 82–90. Retrieved from
https://ijisae.org/index.php/IJISAE/article/view/3456

[13] Yadigar Imamverdiyev and Fargana Abdullayeva. Deep Learning Method for Denial-
of-Service Attack Detection Based on Restricted Boltzmann Machine. Big Data. Jun 2018.159-
169.http://doi.org/10.1089/big.2018.0023

[14] Li Xinlong, Chen Zhibin, "[Retracted] DDoS Attack Detection by Hybrid Deep
Learning Methodologies", Security and Communication Networks, vol. 2022, Article ID
7866096, 7 pages, 2022. https://doi.org/10.1155/2022/7866096

[15] Rao, G. S., & Subbarao, P. K. (2023). A Novel Framework for Detection of DoS/DDoS
Attack Using Deep Learning Techniques, and An Approach to Mitigate the Impact of
DoS/DDoS attack in Network Environment. International Journal of Intelligent Systems and
Applications in Engineering, 12(1), 450–466. Retrieved from
https://ijisae.org/index.php/IJISAE/article/view/3919

[16] Tennakoon C and Fernando S (2022). Deep learning model for distributed denial of
service (DDoS) detection. International Journal of Advanced and Applied Sciences, 9(2): 109-
118, https://doi.org/10.21833/ijaas.2022.02.012
[17] Wei Guo, Han Qiu, Zimian Liu, Junhu Zhu, Qingxian Wang, "GLD-Net: Deep Learning
to Detect DDoS Attack via Topological and Traffic Feature Fusion", Computational
Intelligence and Neuroscience, vol. 2022, Article ID 4611331, 20 pages, 2022.
https://doi.org/10.1155/2022/4611331

[18] Najafimehr, M., Zarifzadeh, S. & Mostafavi, S. A hybrid machine learning approach for
detecting unprecedented DDoS attacks. J Supercomput 78, 8106–8136 (2022).
https://doi.org/10.1007/s11227-021-04253-x

[19] Jiangtao Pei, Yunli Chen, Wei Ji (2019). “A DDoS Attack Detection Method Based on
Machine Learning”, IOP Conf. Series: Journal of Physics: Conf. Series, 1237 (2019) 032040
https://doi.org/10.1088/1742-6596/1237/3/032040

[20] Ali, T.E.; Chong, Y.-W.; Manickam, S. Machine Learning Techniques to Detect a DDoS
Attack in SDN: A Systematic Review. Appl. Sci. 2023, 13, 3183.
https://doi.org/10.3390/app13053183

[21] Hailye Tekleselassie (2021). “A Deep Learning Approach for DDoS Attack Detection
Using Supervised Learning”, MATEC Web of Conferences 348, 01012 (2021)
https://doi.org/10.1051/matecconf/202134801012

[22] Aswad, F., Ahmed, A., Alhammadi, N., Khalaf, B. & Mostafa, S. (2023). Deep learning
in distributed denial-of-service attacks detection method for Internet of Things
networks. Journal of Intelligent Systems, 32(1), 20220155. https://doi.org/10.1515/jisys-2022-
0155

[23] Mouli Prasad J, B Rajesh Reddy, Micheal Olaolu Arowolo, Khushboo Tripathi (2023).”
Novel Machine Learning model for DDoS Cyber Attacks Threat Detection”, Journal of Data
Science and Cyber Security, ISSN: 2584-0010, Volume 1 Issue 1 June 2023

[24] Wadee Alhalabi, Akshat Gaurav, Varsha Arya, Ikhlas Fuad Zamzami, and Rania Anwar
Aboalela. 2023. Machine Learning-Based Distributed Denial of Services (DDoS) Attack
Detection in Intelligent Information Systems. Int. J. Semant. Web Inf. Syst. 19, 1 (Jun 2023),
1–17. https://doi.org/10.4018/IJSWIS.327280
[25] Amrish, R., Bavapriyan, K., Gopinaath, V., Jawahar, A. & Kumar, C. V. (2022). DDoS
Detection using Machine Learning Techniques. Journal of IoT in Social, Mobile, Analytics, and
Cloud, 4(1), 24-32. https://doi.org/10.36548/jismac.2022.1.003

[26] Anjali M, Smithu B S, T Saritha (2023). “Cybersecurity Threat Detection of Anomaly

Based DDoS Attack Using Machine Learning”, International Research Journal of Engineering
and Technology (IRJET), Volume: 10, Issue: 12, Dec 2023

[27] Dhairya Lunkad, Govind Singh (2020). “DDOS Attack Detection Using Machine
Learning for Network Performance Improvement”, International Journal of Creative Research
Thoughts, Volume 8, Issue 9 September 2020

[28] Muhammad Rusyaidi, Sardar Jaf, Zunaidi Ibrahim; Machine learning method in
detecting a distributed of service (DDoS): A systematic literature review. AIP Conf. Proc. 10
January 2023; 2643 (1): 040034. https://doi.org/10.1063/5.0112715

[29] Tejaswini Ulemale (2022). “Review on Detection of DDOS Attack using Machine
Learning”, International Journal for Research in Applied Science & Engineering Technology
(IJRASET), Volume 10 Issue III Mar 2022