|
| 1 | +# Multi-Class DDoS Detection Using LSTM Autoencoder and DNN |
| 2 | + |
| 3 | +## Overview |
| 4 | + |
| 5 | +This project presents a complete pipeline for real-time detection and classification of Distributed Denial of Service (DDoS) attacks. It leverages deep learning techniques, combining an LSTM Autoencoder for anomaly detection and a DNN for multi-class attack classification. The solution is based on realistic traffic data and supports real-time deployment scenarios. |
| 6 | + |
| 7 | + |
| 8 | + |
| 9 | +--- |
| 10 | + |
| 11 | +## Key Features |
| 12 | + |
| 13 | +- **Traffic Simulation**: Simulates various DDoS attack types in a virtualized environment. |
| 14 | +- **Traffic Capture**: Utilizes CICFlowMeter for feature extraction from raw network traffic. |
| 15 | +- **Two-Phase Detection**: |
| 16 | + - **Phase 1**: LSTM Autoencoder trained on normal traffic to detect anomalies. |
| 17 | + - **Phase 2**: Deep Neural Network (DNN) classifier to identify specific attack types. |
| 18 | +- **Real-time Dashboard**: Provides visualizations of traffic patterns, anomalies, and predicted attack classes. |
| 19 | +- **Low Latency**: Inference time ~0.28 ms/sample, suitable for high-throughput environments. |
| 20 | + |
| 21 | +--- |
| 22 | + |
| 23 | +## Attack Types Covered |
| 24 | + |
| 25 | +The system supports classification of various attack types across different layers: |
| 26 | + |
| 27 | +- **TCP-based Reflection Attacks**: MSSQL |
| 28 | +- **UDP/TCP Reflection Attacks**: DNS, PORTMAP, LDAP, NetBIOS, SNMP |
| 29 | +- **UDP-based Reflection Attacks**: TFTP, NTP, CharGen |
| 30 | +- **TCP Exploitation Attacks**: SYN Flood |
| 31 | +- **UDP Exploitation Attacks**: UDP Flood, UDP-Lag |
| 32 | + |
| 33 | + |
| 34 | + |
| 35 | +--- |
| 36 | + |
| 37 | +## Dataset |
| 38 | + |
| 39 | +The system is built on the [CIC-DDoS2019](https://www.kaggle.com/datasets/dhoogla/cicddos2019) dataset, which includes labeled flows for a wide range of real-world attack scenarios. |
| 40 | + |
| 41 | +--- |
| 42 | + |
| 43 | +## Project Objectives |
| 44 | + |
| 45 | +- Implement an LSTM Autoencoder to detect anomalous network behavior. |
| 46 | +- Integrate a DNN classifier for attack-type recognition. |
| 47 | +- Minimize false positives and maximize generalization across attack types. |
| 48 | +- Support real-time, low-latency detection. |
| 49 | +- Enable visualization for practical use in enterprise and academic research environments. |
| 50 | + |
| 51 | +--- |
| 52 | + |
| 53 | +## Screenshots |
| 54 | + |
| 55 | + |
| 56 | +### 📊 Real Time Detection Dashboard |
| 57 | + |
| 58 | + |
| 59 | +The dashboard visualizes network anomaly detection results. It showcases distribution of various DDoS attack types and the proportion of anomalous versus benign traffic. Use also can see the detailed records, enabling effective real-time monitoring and classification of network threats for cybersecurity analysis |
| 60 | + |
| 61 | +--- |
| 62 | + |
| 63 | +## How to Run |
| 64 | + |
| 65 | +1. Clone the repository: |
| 66 | + ```bash |
| 67 | + git clone https://github.com/yourusername/multiclass-ddos-detector.git |
| 68 | + cd multiclass-ddos-detector |
| 69 | + |
| 70 | + |
| 71 | + |
0 commit comments