DDoSLSTM: Detection of Distributed Denial of Service Attacks on IoT Devices using LSTM Model Vimal Gaur Research Scholar, MMEC, Maharishi Markandeshwar Deemed to be University, Mullana (Ambala)- Haryana and Reader, CSE Department Maharaja Surajmal Institute of Technology (GGSIPU) New Delhi, India ORCID ID: 0000-0003-4097-1859 vimalgaur@msit.in Rajneesh Kumar Professor, Department of CSE, MMEC, Maharishi Markandeshwar (Deemed to be University), Mullana, Ambala - 133 207) ORCID ID: 0000-0002-8139- 3533 drrajneeshgujral@mmumullana.org Abstract: Distributed Denial of Service (DDoS) attack is a persistent complication in the network's security. These attacks have been detected by many machine learning algorithms and feature selection methods. This paper chose the Recurrent Neural Network based long short-term memory model that works on time series data and handles long time-dependent inputs, thereby detecting DDoS attacks. In our paper, we focused primarily on increasing the classification performance of the LSTM model. Multi-layer LSTM model has been used for binary and multiclass data and maximum accuracy attained is 99.46% (1- Layer LSTM with Binary data) followed by 99.16% for 2- Layer LSTM with Multiclass Grouped data. The proposed DDoSLSTM model outperforms other state- of-the-art techniques, including deep neural network (DNN), RNN, CNN, Transformers. Keywords: CICDDoS2019, DDoS, LSTM, Multiclass, RNN. I. INTRODUCTION Network traffic becomes more complicated and inconsistent, and DDoS attacks are expanding. DDoS attacks are one of the most devastating attacks. These attacks generate vague packets and disrupt the working of the target system by overwhelming it with a series of packets. Researchers proposed many machine learning classifiers for detecting DDoS attacks. Author [1] suggested the use of machine learning algorithms (RF, DT, XGBoost, SNN, DNN) for detecting attacks at an early stage. Further, they selected top features using different feature selection algorithms (Chi-Square, Extra Tree and ANOVA) and achieved 98.34% accuracy when XGBoost is coupled with ANOVA. According to our survey, deep learning algorithms characterize attacks automatically. DDoSTC is a hybrid neural network that combines transformers and a CNN to detect DDoS attacks on SDN [2]. Transformers are used for the classification of encrypted data. Authors in [3] calculated the area under curve value as 96.22% for the LSTM-FUZZY model on the CICDDoS2019 dataset. CyDDoS is another model proposed which implements DT, RF, GBoost, XGBoost, LightGBM, CatBoost and found maximum accuracy of 99.60% [4]. DDoSNet Model used RNN with autoencoder and found 99% accuracy for detecting reflection and exploitation attacks [5]. DeepSecure model enables detection and prediction of attacks [6]. It yields 99.70% as detection accuracy and 98.79% as prediction accuracy. DLSDN is a deep learning methodology for SDN networks and utilized stacked autoencoder Multi-layer Perceptron [7]. This gives an accuracy of 99.75%. Khemtech [8] proposed a hybrid method of DNN and LSTM for the partial dataset and achieved a 99.90% accuracy value. A new technique is proposed to improve the performance deterioration of deep learning techniques. This technique works explicitly on tiny samples of DDoS data [9]. A transferability metric has been designed to select the best network amongst the four networks in their work. The performance of the model drops initially on conducting a series of iterations performed using deep learning algorithms; later, it improves by 20.8%. A CNN based model is proposed to detect DDoS attacks [10]. In this work, CNN efficiently detects DDoS attacks by efficiently converting the network traffic dataset into image form. This methodology achieves an accuracy of 99.99 % with the binary classification of data. 978-1-6654-7995-0/22/$31.00 ©2022 IEEE 2022 International Conference on Communication, Computing and Internet of Things (IC3IoT) | 978-1-6654-7995-0/22/$31.00 ©2022 IEEE | DOI: 10.1109/IC3IOT53935.2022.9767889 Authorized licensed use limited to: IEL - Sales. Downloaded on June 17,2022 at 06:51:02 UTC from IEEE Xplore. Restrictions apply.