Open-Set Recognition in Unknown DDoS Attacks Detection With Reciprocal Points Learning

The internet, a cornerstone of modern life, has profound implications across personal, business, and society. However, its widespread use has posed challenges, especially concerning privacy and cybersecurity. Besides, the threats on the internet are increasing in terms of danger, intensity, and complexity. Distributed denial-of-service (DDoS) attacks have emerged as a common and dangerous cybersecurity threat capable of disabling the network systems of targeted organizations and services. Therefore, various security strategies, such as firewalls and intrusion detection systems (IDS), are employed to protect against DDoS attacks. Enhancing the defensive capabilities of IDS systems through machine learning (ML) and deep learning (DL) technologies is a significant trend nowadays. However, despite notable successes, detecting DDoS attacks using ML and DL technologies still faces challenges, especially with Unknown DDoS Attacks. In this research, the primary goal is to address the unknown DDoS detection problem through efficient and advanced techniques. Our proposed method, CNN-RPL, integrates Convolutional Neural Network (CNN) with Reciprocal Points Learning (RPL), a novel Open-Set Recognition (OSR) technology. This model can effectively handle both known and unknown attacks. The CNN-RPL model demonstrates excellent results, achieving an accuracy exceeding 99.93% against known attacks in the CICIDS2017 dataset. Simultaneously, the model achieves a commendable average accuracy of up to 98.51% against unknown attacks in the CICDDoS2019 dataset. In particular, the CNN-RPL model simplifies the architecture of the deep neural network by significantly reducing the number of training parameters without compromising defense capabilities. Therefore, our proposed method is genuinely efficient, particularly flexible, and lightweight compared to traditional methods. This can equip organizations and businesses with a highly applicable yet powerful security approach against the evolving complexities in the network space.