Multi-domain collaborative two-level DDoS detection via hybrid deep learning

In this paper, we investigate the problem of multiple network domains being threatened by Distributed Denialof -Service (DDoS) attacks, in which a DDoS attack detection scheme is constructed based on the Software Defined Networks (SDN) hierarchical distributed control plane architecture. Specifically, we propose a twolevel detection framework for collaborative DDoS attack detection in multi -domain scenarios. To detect the signs of DDoS attacks as early as possible on the attack path, a first -level coarse -grained anomaly detection method based on the Renyi entropy algorithm is proposed. The purpose is to calculate the feature entropy of normal and abnormal traffic in a simple statistical way within the local network domain, achieving rapid perception of network anomalies. Then, the root server aggregates all abnormal traffic data uploaded by each local network domain, and the DCNN-LSTM algorithm based on a hybrid deep learning model as the secondlevel detection method extracts the features of the suspicious traffic from both temporal and spatial dimensions to achieve fine-grained DDoS attack classification. Finally, theoretical analysis and experimental results indicate that the proposed two -level detection method in multi -domain scenarios is effective and feasible, while with high detection accuracy.