A Deep CNN Ensemble Framework for Efficient DDoS Attack



Nowadays, ICT (information and communication technology) solutions play an integral role in our personal, professional, and economic life. The development of technology has an immediate impact on a nation’s economy. Data systems are more susceptible to a broad variety of cyber assaults and breaches as technology improves. Additionally, there are new security concerns that arise with each new ICT solution. The United States Cyber Command has evolved into a fully operational combatant command in light of the recent recognition of cyberspace as the fifth theater of war. These are two further indicators of the significance of cyber security. An all-encompassing strategy to safeguard the ever-evolving digital environment is required to maintain the integrity of creative works and put an end to aggressive cyber warfare. Provides a low-cost, scalable, and adaptable answer to several cyber security issues In his role as associate editor, Guangjie Han was responsible for vetting the story before it went to press. During this era of rapid digitalization, cyber security researchers and specialists have been working hard to ensure the safety and security of the Internet. DDoS assaults are becoming sophisticated and widespread, making them a major problem for modern enterprises. In order to rapidly and correctly identify DDoS assaults in SDNs, the authors of this piece propose a deep CNN architecture. Additionally, a technique is being developed to detect Flow-based DDoS assaults using a deep CNN ensemble. Similar state-of-the-art concatenations of DL-based ensembles and hybrid algorithms (such RNN, LSTM, and RL) are employed for verification.


In order to launch a distributed denial of service assault, attackers often use a large number of dump terminals, computers, and botnets all at once. This consumes the primary resources of the system and causes the cessation of all services. DDoS assaults, both small and large, may be carried out in a variety of legitimate and efficient methods. The perpetrators of a recent distributed denial-of-service assault employed legitimate Memcached technology. Displays the recommended ensembles, including both pure and hybrid ensembles, whose primary objective is to lessen demands on the network’s underlying resources. Answers were delivered to the intended addresses at a rate of 126.9 million packets per second, thanks to the attacker’s use of Memcached objects and IP address spoofing. This depleted the victim’s energy and time significantly. Since DDoS attacks often employ spoofed IP addresses, they are difficult to trace. This makes detecting, preventing, and avoiding DDoS assaults difficult and time-consuming. Strong, creative methods of detection, defenses that may halt or slow down, and mitigation strategies can all be used to swiftly locate complicated DDoS assaults.


The most significant contributions of this study are as follows:

1) A cutting-edge system that employs deep learning to detect SDN DDoS assaults This system employs novel ensemble CNN models for improved flow-based data identification.

2) Use the state-of-the-art CICIDS 2017 flow-based dataset in your analysis of the proposed system.

3) A look at how the suggested solution stacks up against state-of-the-art deep ensembles and hybrid DDoS attack detection systems in SDNs. Ensemble architecture based on the suggested SDN controller must be scalable and cost-effective (i.e., control plane).

4) When compared to benchmark approaches, the recommended ensemble achieves greater detection accuracy (99.45%) at a lower processing cost.


The three components of the SDN architecture are the application plane, the control plane, and the data plane. The SDN controller, which is in charge of centralized intelligence management, operates on the control plane. The architecture is compatible with a number of commercial SDN controllers, including Floodlight, ONOS, and others. We also used two additional, more current, and state-of-the-art datasets related to this issue.

The purpose of using StandardScaler is to ensure that all columns, variables, and features in a study have the same mean and standard deviation (Std). Algorithms used in machine learning benefit greatly from standardization since it allows for the minimization of the impacts of various units. The data was gathered from the ISCX 2017 DDoS dataset, which could distinguish between malicious and benign connections. For example, in ensemble RNN, LSTM, and hybrid RL, each model (M1 or M2) employs 256, 128, 64, or 32 neurons, each of which is completely linked to four other neurons. Every DL-Model uses a sigmoid AF for its output layer and a relu AF for its hidden layer.

This is quite similar to the approach used by Ensemble CNN. When using an ensemble CNN, a single CNN model will include three or two-dimensional convolutional layers with filtering at 128, 64, and 64.


Measures such as detection accuracy, precision, recall, and f-measure, as well as training and testing times, memory requirements, and model sizes for each of the recommended deep learning models, are considered. Deep learning algorithms have excelled when using both an ensemble and a hybrid approach. Figure 1 compares the accuracy, recall, and F1-measure of the suggested methods. When it comes to accurately forecasting values or setting new benchmarks, Ensemble CNN is your best bet.

FIGURE 1. Comparison of ensemble deep learning models using standard metrics

The adoption of hybrid approaches has increased the precision of nanomomals to 98.75%. In comparison to RNN ensembles, LSTM ensembles, RL ensembles, and hybrid RL ensembles, our recommended CNN ensemble has a detection accuracy of 99.45 percent. Comparing our suggested CNN ensemble solution to various methods of detecting DDoS assaults is shown in Table 1. The approach is effective at discovery, but it generates too many false positives to be helpful for detecting attacks on a network.

TABLE 1. Comparison of the proposed network-based intrusion detection system (NIDS) with current state-of-the-art


Innovative studies and cyber security solutions are essential for the total safety of the new digital era. For detecting even the most sophisticated DDoS assaults in SDNs, we proposed a deep CNN ensemble architecture. The efficiency and scalability of this design make it a good choice. We evaluated the proposed architecture on a flow-based SDN dataset using state-of-the-art hybrid approaches and benchmark deep learning ensembles. In contrast to conventional wisdom, the proposed method actually makes it more difficult to deduce the necessary steps and more straightforward to locate the desired result. We propose a suite of deep learning ensemble-based detection and prevention strategies for scaling decentralized, large-scale networks.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top