DDoS Attack Detection Using Q-Learning

  • Wulan Sri Lestari Universitas Mikroskil
Keywords: Deep Q-Network, DDoS, Attack Detection


 Distributed Denial of Service Attack (DDoS) is an attack by compiling multiple systems on the internet with infected zombies/agents and forming a network of botnets. DDoS attacks resulted in financial losses, lost productivity, brand damage, downgrades of credit and insurance ratings, and disrupted customer and supplier relationships. In addition, IoT technology is also vulnerable to large-scale DDoS attacks. To prevent DDOS attacks, a model that can detect DDoS attacks is needed. In this research, we propose Deep Q-Network (DQN) to detect DDoS attacks. DQN is a reinforcement learning algorithm that combines deep learning and q-learning. The application of DQN is used to improve the accuracy of attack detection on the dataset. In this paper, the dataset used to detect DDoS attacks or not is the CICDDoS2019 dataset provided by the Canadian Institute for Cybersecurity. Based on the comparison of the methods carried out, the results of the proposed DQN method can detect 11 DDoS attacks and benign/normal data with better accuracy values ​​compared to the LR and SVR methods. The results showed that the proposed model had an accuracy value of 96% and was better than LR and SCR methods


[1] Li, Q., Meng, L., Zhang, Y., dan Yan, J., 2019, DDoS attacks detection using machine learning algorithms, Commun. Comput. Inf. Sci., vol. 1009, hal 205–216.
[2] Mishra, A., Sharma, S., dan Pandey, A., 2020, An Enhanced DDoS TCP Flood Attack Defence System in a Cloud Computing, SSRN Electron. J.
[3] Li, J., 2020, Detection Of Ddos Attacks Based On Dense Neural Networks, Autoencoders And Pearson correlation coefficient (Halifax: Dalhousie University), hal 89.
[4] Maciá-Fernández, G., Rodríguez-Gómez, R. A., dan Díaz-Verdejo, J. E., 2010, Defense techniques for low-rate DoS attacks against application servers, Comput. Networks, vol. 54, no. 15, hal 2711–2727.
[5] Sharma, V., Verma, V., dan Sharma, A., 2019, Detection of DDoS Attacks Using Machine Learning in Cloud Computing, Commun. Comput. Inf. Sci., vol. 1076, hal 260–273.
[6] Agrawal S., dan Agrawal, J., 2015, Survey on anomaly detection using data mining techniques, Procedia Comput. Sci., vol. 60, no. 1, hal 708–713.
[7] Buczak, A. L., dan Guven, E., 2016, A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection, IEEE Commun. Surv. Tutorials, vol. 18, no. 2, hal 1153–1176.
[8] Mishra, P., Varadharajan, V., Tupakula, U., dan Pilli, E. S., 2019, A detailed investigation and analysis of using machine learning techniques for intrusion detection, IEEE Commun. Surv. Tutorials, vol. 21, no. 1, hal 686–728.
[9] Rawat, S., Srinivasan, A., dan R, V., 2019, Intrusion detection systems using classical machine learning techniques versus integrated unsupervised feature learning and deep neural network, https://arxiv.org/abs/1910.01114.
[10] Vinayakumar, R., Alazab, M., Soman, K. P., Poornachandran, P., Al-Nemrat, A., dan Venkatraman, S., 2019, Deep Learning Approach for Intelligent Intrusion Detection System, IEEE Access, vol. 7, hal 41525–41550.
[11] Brownlee, J., Data learning and modeling, https://machinelearningmastery.com/data-learning-and-modeling/, diases pada tanggal 1 Oktober 2020.
[12] Subbulakshmi, T., Balakrishnan, K., Shalinie, S. M., Anandkumar, D., Ganapathisubramanian, V., dan Kannathal, K., 2011, Detection of DDoS attacks using Enhanced Support Vector Machines with real time generated dataset, 3rd Int. Conf. Adv. Comput. ICoAC 2011, hal 17–22.
[13] Prasad, K. M., Reddy, A. R. M., and Rao, K. V., 2014, DoS and DDoS Attacks: Defense, Detection and TracebackMechanisms -A Survey, Glob. J. Comput. Sci. Technol., vol. 14, no. 7.
[14] Brown, C., Cowperthwaite, A., Hijazi, A., dan Somayaji, A., 2009, Analysis of the 1999 DARPA/Lincoln Laboratory IDS Evaluation Data with NetADHICT, IEEE Symp. Comput. Intell. Secur. Def. Appl. CISDA 2009, no. Cisda.
[15] Singh, K. J., dan De, T., 2015, An approach of ddos attack detection using classifiers, Emerging Research in Computing, Information, Communication and Applications.
[16] Yu, S., Zhou, W., Jia, W., Guo, S., Xiang, Y., dan Tang, F., 2012, Discriminating DDoS attacks from flash crowds using flow correlation coefficient, IEEE Trans. Parallel Distrib. Syst., vol. 23, no. 6, hal 1073–1080.
[17] Sharafaldin, I., Lashkari, A. H., Hakak, S., dan Ghorbani, A. A., 2019, Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy, Proc. - Int. Carnahan Conf. Secur. Technol., vol. 2019-Octob.
[18] Sun, Y., Wong, A. K. C., dan Kamel, M. S. , 2009, Classification of imbalanced data: A review, Int. J. Pattern Recognit. Artif. Intell., vol. 23, no. 4, hal 687–719.
[19] Sethi, K., Sai Rupesh, E., Kumar, R., Bera, P., dan Venu Madhav, Y., 2020, A context-aware robust intrusion detection system: a reinforcement learning-based approach,” Int. J. Inf. Secur., vol. 19, no. 6, hal 657–678.
[20] Lin, E., Chen, Q. dan Qi, X., 2020, Deep reinforcement learning for imbalanced classification, Appl. Intell.