A Novel Hybrid CNN-LSTM Framework for Robust DDoS Attack Detection and Classification

Ammar O.  K. Al-Hasani^1,*, Islam R. Abdelmaksoud¹ , Amira Rezk¹

¹Dept. Of Information Systems, Faculty of Computers and Information, Mansoura University, Egypt

Emails: ammar11alhasany@gmail.com; islam-cis@mans.edu.eg; amira_rezk@mans.edu.eg

Abstract

Distributed Denial of Service (DDoS) assaults could be the most prevalent and impactful cybersecurity threats, aiming to disrupt networking services and stop legitimate users from getting access to the service. This paper presents a novel hybrid deep learning framework that employs Convolutional Neural Networks (CNN) for spatial feature extraction and Long Short-Term Memory (LSTM) networking to get long-term dependencies within network traffic. In the experiments on the CIC-DDoS-2019 database, a good classification performance of the proposed model is achieved with accurateness of 99.63%, preciseness of 99.24%, recall of 99.22%, F1 score of 99.22%, and Micro-AUC of 99.71%, surpassing traditional machine learning models such as LGBM, DNN, and standalone CNN and LSTM. In addition, Fuzzy Logic was implemented for risk management using three risk categories low, medium, and high .The findings uncovered that the proposed hybrid CNN-LSTM model gives the best evaluation metrics, despite the complexity and imbalance of the dataset classes. This is due to the capability of the model to combine special and non-permanent features out of the data. The proposed model also is proven to support integration in the whole system including time detection, blocking and alerting, such that it is considered a powerful system for network security.

Keywords: DDoS Attack Detection; Convolutional Neural Network (CNN); Long Short-Term Memory (LSTM); Hybrid Deep Learning Model; Cybersecurity Threat Classification