Explainable AI-Based DDoS Attacks Classification Using Deep Transfer Learning

In the era of the Internet of Things (IoT), the proliferation of connected devices has raised security concerns, increasing the risk of intrusions into diverse systems. Despite the convenience and efficiency offered by IoT technology, the growing number of IoT devices escalates the likelihood of attacks, emphasizing the need for robust security tools to automatically detect and explain threats. This paper introduces a deep learning methodology for detecting and classifying distributed denial of service (DDoS) attacks, addressing a significant security concern within IoT environments. An effective procedure of deep transfer learning is applied to utilize deep learning backbones, which is then evaluated on two benchmarking datasets of DDoS attacks in terms of accuracy and time complexity. By leveraging several deep architectures, the study conducts thorough binary and multiclass experiments, each varying in the complexity of classifying attack types and demonstrating real-world scenarios. Additionally, this study employs an explainable artificial intelligence (XAI) AI technique to elucidate the contribution of extracted features in the process of attack detection. The experimental results demonstrate the effectiveness of the proposed method, achieving a recall of 99.39% by the XAI bidirectional long short-term memory (XAI-BiLSTM) model.