Behnam Farzaneh , Nashid Shahriar , Abu Hena Al Muktadir , Md. Shamim Towhid , Mohammad Sadegh Khosravani
{"title":"DTL-5G:5G 及更高网络中基于深度迁移学习的 DDoS 攻击检测","authors":"Behnam Farzaneh , Nashid Shahriar , Abu Hena Al Muktadir , Md. Shamim Towhid , Mohammad Sadegh Khosravani","doi":"10.1016/j.comcom.2024.107927","DOIUrl":null,"url":null,"abstract":"<div><p>Network slicing is considered as a key enabler for 5G and beyond mobile networks for supporting a variety of new services, including enhanced mobile broadband, ultra-reliable and low-latency communication, and massive connectivity, on the same physical infrastructure. However, this technology increases the susceptibility of networks to cyber threats, particularly Distributed Denial-of-Service (DDoS) attacks. These attacks have the potential to cause service quality degradation by overloading network function(s) that are central to network slices to operate seamlessly. This calls for an Intrusion Detection System (IDS) as a shield against a wide array of DDoS attacks. In this regard, one promising solution would be the use of Deep Learning (DL) models for detecting possible DDoS attacks, an approach that has already made its way into the field given its manifest effectiveness. However, one particular challenge with DL models is that they require large volumes of labeled data for efficient training, which are not readily available in operational networks. A possible workaround is to resort to Transfer Learning (TL) approaches that can utilize the knowledge learned from prior training to a target domain with limited labeled data. This paper investigates how Deep Transfer Learning (DTL) based approaches can improve the detection of DDoS attacks in 5G networks by leveraging DL models, such as Bidirectional Long Short-Term Memory (BiLSTM), Convolutional Neural Network (CNN), Residual Network (ResNet), and Inception as base models. A comprehensive dataset generated in our 5G network slicing testbed serves as the source dataset for DTL, which includes both benign and different types of DDoS attack traffic. After learning features, patterns, and representations from the source dataset using initial training, we fine-tune base models using a variety of TL processes on a target DDoS attack dataset. The 5G-NIDD dataset, which has a sparse amount of annotated traffic pertaining to several DDoS attack generated in a real 5G network, is chosen as the target dataset. The results show that the proposed DTL models have performance improvements in detecting different types of DDoS attacks in 5G-NIDD dataset compared to the case when no TL is applied. According to the results, the BiLSTM and Inception models being identified as the top-performing models. BiLSTM indicates an improvement of 13.90%, 21.48%, and 12.22% in terms of accuracy, recall, and F1-score, respectively, whereas, Inception demonstrates an enhancement of 10.09% in terms of precision, compared to the models that do not adopt TL.</p></div>","PeriodicalId":55224,"journal":{"name":"Computer Communications","volume":"228 ","pages":"Article 107927"},"PeriodicalIF":4.5000,"publicationDate":"2024-08-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"DTL-5G: Deep transfer learning-based DDoS attack detection in 5G and beyond networks\",\"authors\":\"Behnam Farzaneh , Nashid Shahriar , Abu Hena Al Muktadir , Md. Shamim Towhid , Mohammad Sadegh Khosravani\",\"doi\":\"10.1016/j.comcom.2024.107927\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>Network slicing is considered as a key enabler for 5G and beyond mobile networks for supporting a variety of new services, including enhanced mobile broadband, ultra-reliable and low-latency communication, and massive connectivity, on the same physical infrastructure. However, this technology increases the susceptibility of networks to cyber threats, particularly Distributed Denial-of-Service (DDoS) attacks. These attacks have the potential to cause service quality degradation by overloading network function(s) that are central to network slices to operate seamlessly. This calls for an Intrusion Detection System (IDS) as a shield against a wide array of DDoS attacks. In this regard, one promising solution would be the use of Deep Learning (DL) models for detecting possible DDoS attacks, an approach that has already made its way into the field given its manifest effectiveness. However, one particular challenge with DL models is that they require large volumes of labeled data for efficient training, which are not readily available in operational networks. A possible workaround is to resort to Transfer Learning (TL) approaches that can utilize the knowledge learned from prior training to a target domain with limited labeled data. This paper investigates how Deep Transfer Learning (DTL) based approaches can improve the detection of DDoS attacks in 5G networks by leveraging DL models, such as Bidirectional Long Short-Term Memory (BiLSTM), Convolutional Neural Network (CNN), Residual Network (ResNet), and Inception as base models. A comprehensive dataset generated in our 5G network slicing testbed serves as the source dataset for DTL, which includes both benign and different types of DDoS attack traffic. After learning features, patterns, and representations from the source dataset using initial training, we fine-tune base models using a variety of TL processes on a target DDoS attack dataset. The 5G-NIDD dataset, which has a sparse amount of annotated traffic pertaining to several DDoS attack generated in a real 5G network, is chosen as the target dataset. The results show that the proposed DTL models have performance improvements in detecting different types of DDoS attacks in 5G-NIDD dataset compared to the case when no TL is applied. According to the results, the BiLSTM and Inception models being identified as the top-performing models. BiLSTM indicates an improvement of 13.90%, 21.48%, and 12.22% in terms of accuracy, recall, and F1-score, respectively, whereas, Inception demonstrates an enhancement of 10.09% in terms of precision, compared to the models that do not adopt TL.</p></div>\",\"PeriodicalId\":55224,\"journal\":{\"name\":\"Computer Communications\",\"volume\":\"228 \",\"pages\":\"Article 107927\"},\"PeriodicalIF\":4.5000,\"publicationDate\":\"2024-08-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computer Communications\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0140366424002743\",\"RegionNum\":3,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Communications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0140366424002743","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
DTL-5G: Deep transfer learning-based DDoS attack detection in 5G and beyond networks
Network slicing is considered as a key enabler for 5G and beyond mobile networks for supporting a variety of new services, including enhanced mobile broadband, ultra-reliable and low-latency communication, and massive connectivity, on the same physical infrastructure. However, this technology increases the susceptibility of networks to cyber threats, particularly Distributed Denial-of-Service (DDoS) attacks. These attacks have the potential to cause service quality degradation by overloading network function(s) that are central to network slices to operate seamlessly. This calls for an Intrusion Detection System (IDS) as a shield against a wide array of DDoS attacks. In this regard, one promising solution would be the use of Deep Learning (DL) models for detecting possible DDoS attacks, an approach that has already made its way into the field given its manifest effectiveness. However, one particular challenge with DL models is that they require large volumes of labeled data for efficient training, which are not readily available in operational networks. A possible workaround is to resort to Transfer Learning (TL) approaches that can utilize the knowledge learned from prior training to a target domain with limited labeled data. This paper investigates how Deep Transfer Learning (DTL) based approaches can improve the detection of DDoS attacks in 5G networks by leveraging DL models, such as Bidirectional Long Short-Term Memory (BiLSTM), Convolutional Neural Network (CNN), Residual Network (ResNet), and Inception as base models. A comprehensive dataset generated in our 5G network slicing testbed serves as the source dataset for DTL, which includes both benign and different types of DDoS attack traffic. After learning features, patterns, and representations from the source dataset using initial training, we fine-tune base models using a variety of TL processes on a target DDoS attack dataset. The 5G-NIDD dataset, which has a sparse amount of annotated traffic pertaining to several DDoS attack generated in a real 5G network, is chosen as the target dataset. The results show that the proposed DTL models have performance improvements in detecting different types of DDoS attacks in 5G-NIDD dataset compared to the case when no TL is applied. According to the results, the BiLSTM and Inception models being identified as the top-performing models. BiLSTM indicates an improvement of 13.90%, 21.48%, and 12.22% in terms of accuracy, recall, and F1-score, respectively, whereas, Inception demonstrates an enhancement of 10.09% in terms of precision, compared to the models that do not adopt TL.
期刊介绍:
Computer and Communications networks are key infrastructures of the information society with high socio-economic value as they contribute to the correct operations of many critical services (from healthcare to finance and transportation). Internet is the core of today''s computer-communication infrastructures. This has transformed the Internet, from a robust network for data transfer between computers, to a global, content-rich, communication and information system where contents are increasingly generated by the users, and distributed according to human social relations. Next-generation network technologies, architectures and protocols are therefore required to overcome the limitations of the legacy Internet and add new capabilities and services. The future Internet should be ubiquitous, secure, resilient, and closer to human communication paradigms.
Computer Communications is a peer-reviewed international journal that publishes high-quality scientific articles (both theory and practice) and survey papers covering all aspects of future computer communication networks (on all layers, except the physical layer), with a special attention to the evolution of the Internet architecture, protocols, services, and applications.