Robustness on deep learning based DDoS detection: an adversarial study

Hui SHAO , Jianjun LI , Wei RUAN , Jing LAI

Front. Comput. Sci. ›› 2026, Vol. 20 ›› Issue (8) : 2008817

PDF (6568KB)
Front. Comput. Sci. ›› 2026, Vol. 20 ›› Issue (8) :2008817 DOI: 10.1007/s11704-026-51877-4
Information Security
RESEARCH ARTICLE
Robustness on deep learning based DDoS detection: an adversarial study
Author information +
History +
PDF (6568KB)

Abstract

Deep learning is increasingly applied in detecting DDoS attacks while potentially bringing new security risks. In this paper, we propose a novel adversarial approach against deep learning based DDoS detection systems, and also explore its defense methods. The purpose of this adversarial approach is to reduce the detection accuracy of deep learning based detection systems by deceiving their built-in deep learning based detection models with adversarial theories. It first stealthily collects relevant network data from its directly-connected network device of a target detection system, and thus it could obtain DDoS flow samples and normal flow samples by deliberately launching DDoS or not, respectively. Critical features to detect DDoS could be selected after observing the reactions from the target detection system. Then, a local estimation model is established to approximate the real built-in detection model. Owing to the established estimation model, adversarial samples against the real detection model could be generated by an adversarial sample generation method based on local saliency function. At last, according to the generated adversarial samples, each adversarial DDoS attack flow is forge by a traffic generator and directed to the target system. To prevent this attack approach, we also explore its defense method. Further, we conduct and evaluate the proposed adversarial approach and its defense method based on a real-world network topology and dataset. The experimental results indicate that this approach is capable of degrading the detection accuracy significantly and the defense method is effective by using detection accuracy.

Graphical abstract

Keywords

DDoS attack detection / adversarial attack / deep learning

Cite this article

Download citation ▾
Hui SHAO, Jianjun LI, Wei RUAN, Jing LAI. Robustness on deep learning based DDoS detection: an adversarial study. Front. Comput. Sci., 2026, 20(8): 2008817 DOI:10.1007/s11704-026-51877-4

登录浏览全文

4963

注册一个新账户 忘记密码

References

Publishing order | Descend order by publishing year | Descend order by cited within
[1]

Ahalawat A, Babu K S, Turuk A K, Patel S . A low-rate DDoS detection and mitigation for SDN using Renyi entropy with packet drop. Journal of Information Security and Applications, 2022, 68: 103212
[2]

Aladaileh M A, Anbar M, Hasbullah I H, Chong Y W, Sanjalawe Y K . Detection techniques of distributed denial of service attacks on software-defined networking controller–a review. IEEE Access, 2020, 8: 143985–143995
[3]

Doriguzzi-Corin R, Millar S, Scott-Hayward S, Martínez-Del-Rincón J, Siracusa , D . Lucid: a practical, lightweight deep learning solution for DDoS attack detection. IEEE Transactions on Network and Service Management, 2020, 17( 2): 876–889
[4]

Kumar G, Alqahtani H . Machine learning techniques for intrusion detection systems in SDN-recent advances, challenges and future directions. CMES - Computer Modeling in Engineering and Sciences, 2022, 134( 1): 89–119
[5]

Ashiku L, Dagli C . Network intrusion detection system using deep learning. Procedia Computer Science, 2021, 185: 239–247
[6]

Mutembei L L, Senekane M C, Van Zyl T. Deep learning-based network intrusion detection systems: a systematic literature review. In: Proceedings of the 5th Southern African Conference on Artificial Intelligence Research. 2024, 207–234
[7]

Abdallah E E, Eleisah W, Otoom A F . Intrusion detection systems using supervised machine learning techniques: a survey. Procedia Computer Science, 2022, 201: 205–212
[8]

Du J, Yang K, Hu Y, Jiang L . NIDS-CNNLSTM: network intrusion detection classification model based on deep learning. IEEE Access, 2023, 11: 24808–24821
[9]

Halbouni A H, Gunawan T S, Halbouni M, Assaig F A A, Effendi M R, Ismail N. CNN-IDS: convolutional neural network for network intrusion detection system. In: Proceeding of the 8th International Conference on Wireless and Telematics. 2022, 1–4
[10]

Ahmim A, Maazouzi F, Ahmim M, Namane S, Dhaou I B . Distributed denial of service attack detection for the internet of things using hybrid deep learning model. IEEE Access, 2023, 11: 119862–119875
[11]

Aktar S, Nur A Y . Towards DDoS attack detection using deep learning approach. Computers & Security, 2023, 129: 103251
[12]

Le H D, Park M . Enhancing multi-class attack detection in graph neural network through feature rearrangement. Electronics, 2024, 13( 12): 2404
[13]

Li Y, Li R, Zhou Z, Guo J, Yang W, Du M, Liu Q. GraphDDoS: effective DDoS attack detection using graph neural networks. In: Proceedings of the 25th IEEE International Conference on Computer Supported Cooperative Work in Design. 2022, 1275–1280
[14]

Bakar R A, De Marinis L, Cugini F, Paolucci F . FTG-Net-E: a hierarchical ensemble graph neural network for DDoS attack detection. Computer Networks, 2024, 250: 110508
[15]

Li J, Liu Y, Chen T, Xiao Z, Li Z, Wang J . Adversarial attacks and defenses on cyber–physical systems: a survey. IEEE Internet of Things Journal, 2020, 7( 6): 5103–5115
[16]

Abomakhelb A, Jalil K A, Buja A G, Alhammadi A, Alenezi A M . A comprehensive review of adversarial attacks and defense strategies in deep neural networks. Technologies, 2025, 13( 5): 202
[17]

Papernot N, McDaniel P, Jhay S, Fredriksonz M, Celik Z B, Swami , A . The limitations of deep learning in adversarial settings. In: Proceedings of the IEEE European Symposium on Security and Privacy. 2016, 372–387
[18]

Saini S, Chennamaneni A, Sawyerr B. A review of the duality of adversarial learning in network intrusion: attacks and countermeasures. 2024, arXiv preprint arXiv: 2412.13880
[19]

Venturi A, Stabili D, Marchetti M. Problem space structural adversarial attacks for network intrusion detection systems based on graph neural networks. 2024, arXiv preprint arXiv: 2403.11830
[20]

Ennaji S, De Gaspari F, Hitaj D, Kbidi A, Vincenzo Mancini L . Adversarial challenges in network intrusion detection systems: research insights and future prospects. IEEE Access, 2025, 13: 148613–148645
[21]

Xi H, Ru L, Tian J, Lu B, Hu S, Wang W. Adversarial attacks: key challenges for security defense in the age of intelligence. In: Proceedings of the 4th International Conference on Artificial Intelligence, Robotics, and Communication (ICAIRC). 2024, 41–46
[22]

Alshahrani E, Alghazzawi D, Alotaibi R, Rabie O . Adversarial attacks against supervised machine learning based network intrusion detection systems. PLoS One, 2022, 17( 10): e0275971
[23]

Liu T J . Adversarial attacks on network intrusion detection systems using flow containers. The Computer Journal, 2024, 67( 2): 728–745
[24]

Wu S, Liu J, Huang Y, Guan H, Zhang S . An audio watermarking algorithm based on adversarial perturbation. Applied Sciences, 2024, 14( 16): 6897
[25]

Zhao M, Zhang L, Ye J, Lu H, Yin B, Wang X. Adversarial training: a survey. 2024, arXiv preprint arXiv: 2410.15042
[26]

Heydari V, Nyarko K . Enhancing adversarial robustness in network intrusion detection: a novel adversarially trained neural network approach. Electronics, 2025, 14( 16): 3249
[27]

Hashemi M J, Keller E. Enhancing robustness against adversarial examples in network intrusion detection systems. In: Proceedings of the IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN). 2020, 37–43
[28]

Hore S, Ghadermazi J, Paudel D, Shah D, Das T, Bastian N . Deep PackGen: a deep reinforcement learning framework for adversarial network packet generation. ACM Transactions on Privacy and Security, 2025, 28( 2): 15
[29]

Chen X, Cui L, Wen H, Li Z, Zhu H, Hao Z, Sun L. MalAder: decision-based black-box attack against api sequence based malware detectors. In: Proceedings of the 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). 2023, 165–178
[30]

Yan H, Li X, Zhang W, Wang R, Li H, Zhao X, Li F, Lin X . Automatic evasion of machine learning-based network intrusion detection systems. IEEE Transactions on Dependable and Secure Computing, 2024, 21( 1): 153–167
[31]

Debenedetti E, Carlini N, Tramèr F. Evading black-box classifiers without breaking eggs. In: Proceedings of 2024 IEEE Conference on Secure and Trustworthy Machine Learning (SaTML). 2024, 408–424
[32]

Chen X, Li C, Wang D, Wen S, Zhang J, Nepal S, Xiang Y, Ren K . Android HIV: a study of repackaging malware for evading machine-learning detection. IEEE Transactions on Information Forensics and Security, 2020, 15: 987–1001
[33]

Sinha P, Rai A K, Bhushan B. Information security threats and attacks with conceivable counteraction. In: Proceedings of the 2nd International Conference on Intelligent Computing, Instrumentation and Control Technologies (ICICICT). 2019, 1208–1213
[34]

Sermpezis P, Kotronis V, Gigis P, Dimitropoulos X, Cicalese D, King A, Dainotti A . ARTEMIS: neutralizing BGP hijacking within a minute. IEEE/ACM Transactions on Networking, 2018, 26( 6): 2471–2486
[35]

Haghighi A M, Mishev D P . Busy period of a single-server Poisson queueing system with splitting and batch delayed-feedback. International Journal of Mathematics in Operational Research, 2016, 8( 2): 239–257
[36]

Staniford-Chen S, Heberlein L T. Holding intruders accountable on the internet. In: Proceedings of 1995 IEEE Symposium on Security and Privacy. 1995, 39–49.
[37]

“Internet2’s network topology,” https://www.internet2.edu/media/medialibrary/2013/07/31/Internet2-NetworkInfrastructure-Topology.pdf
[38]

Sharafaldin I, Lashkari A H, Ghorbani A A. Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP). 2018, 108–116
[39]

Fras M, Mohorko J, Cucej Z. Packet size process modeling of measured self-similar network traffic with defragmentation method. In: Proceedings of the 15th International Conference on Systems, Signals and Image Processing. 2008, 253–256

RIGHTS & PERMISSIONS

Higher Education Press

PDF (6568KB)

Supplementary files

Highlights

511

Accesses

0

Citation

Detail
Sections
Recommended

/