Yoro Rume Elizabeth, Okpor Margaret Dumebi, Akazue Maureen Ifeanyi, Okpako Ejaita Abugor, Eboka Andrew Okonji, Ejeh Patrick Ogholuwarami, Ojugo Arnold Adimabua, Odiakaose Chris Chukwufunaya, Binitie Amaka Patience, Ako Rita Erhovwo, Geteloma Victor Ochuko, Onoma Paul Avwerosuo, Max-Egba Asuobite ThankGod, Ibor Ayei Egu, Onyemenem Sunny Innocent, Ukwandu Elochukwu
Department of Cybersecurity, Dennis Osadebey University, Asaba, Delta State, Nigeria.
Department of Cybersecurity, Delta State University of Science and Technology Ozoro, Ozoro, Delta State, Nigeria.
PLoS One. 2025 Jun 26;20(6):e0326571. doi: 10.1371/journal.pone.0326571. eCollection 2025.
The Internet has continued to provision its infrastructure as a platform for competitive marketing, enhanced productivity, and monetization efficacy. However, it has become a means for adversaries to exploit unsuspecting users and, in turn, compromise network resources. The utilization of filters, gateways, firewalls, and intrusion detection systems has only minimized the effects of adversaries. Thus, with the constant evolution of exploitation and penetrative techniques in network security, security experts are required to also evolve their mitigation and defensive measures by using advanced tools such as machine learning approach(es) poised to help detect and stop as close to its source, any attack or threat. This will help to quickly identify malicious packets and prevent resource exploits and service disruption. To curb these, studies have sought to minimize the effects of these attacks via advanced machine learning (ML) inspired tools. Traditional ML performance is often degraded due to: (a) its simplistic design that is unsuitable to handle categorical datasets effectively, and (b) its adoption of hill-climbing mode that yields solution(s) that are stuck at local maxima. To avoid such pitfalls, we use deep learning (DL) schemes based on recurrent networks. They present the demerits of the vanishing gradient problem and require longer training time. To curb the challenges of ML and DL, we propose a transfer learning scheme with 3-base (BiGRU, BiLSTM, and Random Forest) classifiers and XGBoost meta-learner to aid effective identification of DDoS. The ensemble yields Accuracy and F1 of 1.000 to effectively classify 314,102-DDoS-cases during its evaluation. The proposed ensemble demonstrates that it can efficiently identify malicious packets for DDoS attacks in network transactions.
互联网持续将其基础设施作为竞争营销、提高生产力和货币化效率的平台。然而,它已成为对手利用毫无戒心的用户并进而危及网络资源的手段。使用过滤器、网关、防火墙和入侵检测系统只是将对手的影响最小化。因此,随着网络安全中利用和渗透技术的不断演变,安全专家也需要通过使用先进工具(如机器学习方法)来改进其缓解和防御措施,这些工具有望在攻击或威胁接近源头时帮助检测和阻止它们。这将有助于快速识别恶意数据包并防止资源利用和服务中断。为了遏制这些问题,研究试图通过受先进机器学习(ML)启发的工具来最小化这些攻击的影响。传统机器学习的性能往往会下降,原因如下:(a)其简单的设计不适用于有效处理分类数据集;(b)其采用爬山模式,产生的解决方案被困在局部最大值。为了避免这些陷阱,我们使用基于循环网络的深度学习(DL)方案。它们存在梯度消失问题的缺点,并且需要更长的训练时间。为了应对机器学习和深度学习的挑战,我们提出了一种具有3种基础分类器(双向门控循环单元、双向长短期记忆网络和随机森林)和XGBoost元学习器的迁移学习方案,以帮助有效识别分布式拒绝服务攻击。该集成模型在评估期间的准确率和F1值为1.000,能够有效分类314,102个分布式拒绝服务攻击案例。所提出的集成模型表明,它可以在网络交易中有效地识别分布式拒绝服务攻击的恶意数据包。
