Deep transfer learning-based DDoS attack detection in 5G and beyond networks
Date
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Network slicing is a crucial technology for enabling 5G and beyond mobile networks which support a wide range of new services such as Enhanced Mobile Broadband (eMBB), Ultra-Reliable and Low Latency Communications (URLLC), and Massive Machine-Type Communications (mMTC) on the same physical infrastructure. However, this technology also makes networks more vulnerable to cyber threats, especially Distributed Denial-of-Service (DDoS) attacks. These kinds of attacks can degrade service quality by overwhelming essential network functions necessary for the seamless operation of network slices. To address this issue, an Intrusion Detection System (IDS) is needed to protect against various DDoS attacks. A promising solution is the use of Deep Learning (DL) models to detect potential DDoS attacks, a method already proving effective in the field. However, DL models require large amounts of labeled data for effective training, which are often scarce in operational networks. To address this, Transfer Learning (TL) techniques can be used by transferring knowledge from previously trained models to a target domain with limited labeled data. In this thesis, Bidirectional Long Short-Term Memory (BiLSTM), Convolutional Neural Network (CNN), Residual Network (ResNet), and Inception are used as base models for Deep Transfer Learning (DTL) methods that look into how they can improve DDoS attack detection in 5G networks. A comprehensive dataset generated in our 5G network slicing testbed, which contains both benign and various DDoS attack traffic, serves as the source dataset for DTL. After learning features, patterns, and representations from the source dataset, the base models are fine-tuned using different TL processes on a target DDoS attack dataset. The 5G-NIDD (5G Network Intrusion Detection Dataset), which has limited annotated traffic from several DDoS attacks generated in a real 5G network, is chosen as the target dataset. The results indicate that the proposed DTL models improve the detection of various DDoS attacks in the 5G-NIDD dataset compared to models without TL. Specifically, the BiLSTM and Inception models are identified as the top performers. BiLSTM shows an improvement of 13.90%, 21.48%, and 12.22% in terms of accuracy, recall, and F1-score, respectively, while Inception demonstrates a 10.09% increase in precision compared to models not using TL.