Using Long Short-Term Memory and Convolutional neural networks to Detect Distributed Denial of Service Attacks

Deep learning is an essential tool for detecting distributed denial of service (DDoS) attacks due to its ability to analyze complex network traffic patterns and respond in real-time. However, a comprehensive examination of the opportunities and challenges in this field is necessary, given its emerging nature. This examination should include real implementations or benchmark data samples. In this paper, we introduce two methods for detecting DDoS attacks: one using Long Short-Term Memory (LSTM) and the other using Convolutional Neural Networks (CNN). Additionally, we propose a new method that combines LSTM and CNN. The results demonstrate that both LSTM and LSTM-CNN methods consistently outperform CNN in terms of accuracy, precision, recovery, and F1 scores. Our investigations reveal that CNN can automatically learn features such as packet size, timing, and source/destination addresses from raw network traffic. On the other hand, LSTM is particularly useful for detecting temporal sequence patterns of attacks in network traffic. The choice between CNN or LSTM for DDoS detection depends on the specific characteristics of the attack dataset and the relative importance of spatial and temporal features in identifying DDoS attacks. Finally, we examine challenges such as overfitting, computational complexity, interpretability, data limitations, and hostile attacks. Doubts surrounding the reporting of results in literature can be attributed to problems with the benchmark dataset used, including limited sample size and variety, lack of labeling, and unbalanced data.