本文提出了一種基於流表的網絡信息使用深度神經網路（DNN）的分散式阻斷服務（DDoS）攻擊檢測方法。採用徑向基底函數神經網路 (RBFNN) 進行特徵選擇，以提高 DNN 的準確性。有兩個基於流表的數據集，CICIDS2017 和 CICDDoS2019，用於訓練和測試，並且測試了DDoS攻擊的分類。驗結果表明，使用CICIDS2017和CICDDoS2019對DDoS攻擊的檢測率分別為99.37%和99.98%。3類基於漏洞利用的DDoS攻擊和11類不同類型的DDoS攻擊的分辨率分別為99.9%和71.95%。

This thesis presents a Distributed Denial-of-Services (DDoS) Attack Detection method using Deep Neural Network (DNN) based on flow-based network information. Radial Basis Function Neural Network (RBFNN) is adopted for feature selection to increase the accuracy of the DNN. There are two flow-based datasets CICIDS2017 and CICDDoS2019, which are used for training and testing. And the classification of DDoS attacks is also tested. Experimental results show that the detection of DDoS attack using CICIDS2017 and CICDDoS2019 are 99.37% and 99.98% respectively. The classification of three categories of the exploitation-based DDoS attacks and 11 categories of different types of DDoS attacks are 99.9% and 71.95%, respectively.

Contents
Validation Letter i
摘要 ii
Abstract iii
Contents iv
Figure List v
Table List vi
Chapter 1 Introduction 1
1.1、 Overview of the Thesis 3
1.2、 Contributions 3
Chapter 2 Literature Review 4
2.1、 Software-Defined Network (SDN) 6
2.2、 Taxonomy of DDoS Attack 7
2.3、 Deep Learning 8
2.4、 Radial Basis Function Neural Network 8
Chapter 3 The Proposed Method 10
3.1、 Architecture of the Proposed Method 10
3.2、 Deep Learning Model 11
3.3、 Radial Basis Function Network as Feature Selection 12
Chapter 4 Performance Evaluation 16
4.1、 Dataset CICIDS2017 16
4.2、 Dataset CICDDoS2019 (Exploitation-Based DDoS Attacks) 19
4.3、 Dataset CICDDoS2019 24
4.4、 Feature Selection 28
4.5、 Optimal Number of Hidden Layers 28
Chapter 5 Conclusions and Future Works 31
References 33

[1] N. Chockwanich and V. Visoottiviseth, “Intrusion Detection by Deep Learning with TensorFlow,” 21st International Conference on Advanced Communication Technology, pp. 654-659, 2019.
[2] C. J. Hsieh and T. Y. Chan, “ Detection DDoS Attacks Based on Neural-Network Using Apache Spark,” 2016 International Conference on Applied System Innovation, pp. 1-4, 2016.
[3] J. P. Hou, P. P. Fu, Z. G. Cao and A. L. Xu, “Machine Learning Based DDoS Detection Through NetFlow Analysis,” 2018 IEEE Military Communications Conference, pp. 565-570, 2018.
[4] Y. Wang, T. Hu, G. M. Tang, J. C. Xie and J. Lu, “SGS: Safe-Guard Scheme for Protecting Control Plane Against DDoS Attacks in Software-Defined Networking,” IEEE Access, vol. 7, pp. 34699 - 34710, 2019.
[5] 許朝瑋 and 李宗翰, “A Deep Learning Based Real-Time Intrusion Detection and Prevention System for Software Defined Networks,” 國立臺中教育大學資訊工程學系碩士論文, pp. 1-86, 2019.
[6] M. Roopak, G. Y. Tian and J. Chambers, “Deep Learning Models for Cyber Security in IoT Networks,” 2019 IEEE 9th Annual Computing and Communication Workshop and Conference, pp. 452-457, 2019.
[7] A. R. Gawande, J. C. Birget, J. Birget, S. Shende and S. Ramaswami, “DDoS Detection and Mitigation Using Machine Learning,” Thesis, ETD graduate, Rutgers, The State University of New Jersey, pp. 1-35, 2018.
[8] A. S. Unal and M. Hacibeyoglu, “Detection of DDOS Attacks in Network Traffic Using Deep Learning,” International Conference on Advanced Technologies, Computer Engineering and Science, pp. 722-726, 2018.
[9] C. H. Li, Y. Wu, Z. Z. Qian, Z. J. Sun and W. M. Wang, “DDoS Attack Detection and Defense Based on Hybrid Deep Learning Model in SDN,” Journal on Communications, vol.39, no.7, pp. 176-187, 2018.
[10] M. V.O. Assis, L. F. Carvalho, J. Lloret and M. L. Proença, “A GRU Deep Learning System against Attacks in Software Defined Networks,” Journal of Network and Computer Applications, vol.177, pp. 1-13, 2021.
[11] A. E. Cil, K. Yildiz, A. Buldu, “Detection of DDoS attacks with feed forward based deep neural network model,” Expert Systems with Applications, vol.169, pp. 1-8, 2021.
[12] M. S. Elsayed, N. A. Le-Khac, S. Dev and A. D. Jurcut, “DDoSNet: A Deep-Learning Model for Detecting Network Attacks,” IEEE 21st International Symposium on A World of Wireless, Mobile and Multimedia Networks, pp.391-396, 2020.
[13] M.W. Mak, “Radial Basis Function Networks”, https://www.cs.ccu.edu.tw/~wylin/BA/EIE520_RBFNetworks.ppt, pp. 5,17
[14] M. E. Celebi, “Fast Color Quantization Using Weighted Sort-means Clustering”, Journal of the Optical Society of America A, vol. 26, issue 11, pp. 2434-2443, 2009.
[15] L. Zhou, M. C. Liao, C. Yuan, Z. Y. Sheng and H. Y. Zhang, “DDoS Attack Detection Using Packet Size Interval,” 11th International Conference on Wireless Communications, Networking and Mobile Computing, pp. 1-7, 2015.
[16] A. Girma, M. Garuba, J. Li and C. M. Liu, “Analysis of DDoS Attacks and an Introduction of a Hybrid Statistical Model to Detect DDoS Attacks on Cloud Computing Environment,” 12th International Conference on Information Technology - New Generations, pp. 212-217, 2015.
[17] J. Mirkovic, E. Arikan, S. Wei, S. Fahmy, R. Thomas and P. Reiher, “Benchmarks For DDoS Defense Evaluation,” 2006 IEEE Military Communications conference, pp. 1-10, 2006.
[18] D. Belabed, M. Bouet and V. Conan, “Centralized Defense Using Smart Routing against Link-Flooding Attacks,” 2nd Cyber Security in Networking Conference, pp. 1-8, 2018.
[19] Q. Yan, F. R. Yu, Q. X. Gong and J. Q. Li, “Software-Defined Networking (SDN) and Distributed Denial of Service (DDoS) Attacks in Cloud Computing Environments: A Survey, Some Research Issues, and Challenges,” IEEE Communications Surveys & Tutorials, vol.18, issue 1, pp. 602-622, 2015.
[20] K. S. Bhosale, M. Nenova and G. Iliev, “The Distributed Denial of Service Attacks (DDoS) Prevention Mechanisms on Application Layer,” 13th International Conference on Advanced Technologies, Systems and Services in Telecommunications, pp. 136-139, 2017.