Anomaly-Based Intrusion Detection System for DDoS Attack with Deep Learning Techniques

The increasing number of connected devices is fostering a rising frequency of cyber attacks, with Distributed Denial of Service (DDoS) attacks among the most common. To counteract DDoS, companies and large organizations are increasingly deploying anomaly-based Intrusion Detection Systems (IDS), which detect attack patterns by analyzing differences in malicious network traffic against a baseline of legitimate traffic. To differentiate malicious and normal traffic, methods based on artificial intelligence and, in particular, Deep Learning (DL) are being increasingly considered, due to their ability to automatically learn feature representations for the different traffic types, without need of explicit programming or handcrafted feature extraction. In this paper, we propose a novel methodology for simulating an anomaly-based IDS based on adaptive DL by designing multiple DL models working with both binary and multi-label classification on multiple datasets with different degrees of complexity. To make the DL models adaptable to different conditions, we consider adaptive architectures obtained by automatically tuning the number of neurons for each situation. Results on publicly-available datasets confirm the validity of our proposed methodology, with DL models adapting to the different conditions by increasing the number of neurons on more complex datasets and achieving the highest accuracy in the binary classification configuration.