Adaptive DDoS detection mode in software-defined SIP-VoIP using transfer learning with boosted meta-learner

The Internet has continued to provision its infrastructure as a platform for competitive marketing, enhanced productivity, and monetization efficacy. However, it has become a means for adversaries to exploit unsuspecting users and, in turn, compromise network resources. The utilization of filters, gateways, firewalls, and intrusion detection systems has only minimized the effects of adversaries. Thus, with the constant evolution of exploitation and penetrative techniques in network security, security experts are required to also evolve their mitigation and defensive measures by using advanced tools such as machine learning approach(es) poised to help detect and stop as close to its source, any attack or threat. This will help to quickly identify malicious packets and prevent resource exploits and service disruption. To curb these, studies have sought to minimize the effects of these attacks via advanced machine learning (ML) inspired tools. Traditional ML performance is often degraded due to: (a) its simplistic design that is unsuitable to handle categorical datasets effectively, and (b) its adoption of hill-climbing mode that yields solution(s) that are stuck at local maxima. To avoid such pitfalls, we use deep learning (DL) schemes based on recurrent networks. They present the demerits of the vanishing gradient problem and require longer training time. To curb the challenges of ML and DL, we propose a transfer learning scheme with 3-base (BiGRU, BiLSTM, and Random Forest) classifiers and XGBoost meta-learner to aid effective identification of DDoS. The ensemble yields Accuracy and F1 of 1.000 to effectively classify 314,102-DDoS-cases during its evaluation. The proposed ensemble demonstrates that it can efficiently identify malicious packets for DDoS attacks in network transactions.