Na Xing,Shuai Zhao,Yuehai Wang,Keqing Ning,Xiufeng Liu

DOI: https://doi.org/10.14569/ijacsa.2023.0140743

2023-01-01

Abstract:recent years, deep learning-based network intrusion detection systems (IDS) have shown impressive results in detecting attacks. However, most existing IDS can only recognize known attacks that were included in their training data. When faced with unknown attacks, these systems are often unable to take appropriate actions and incorrectly classify them into known categories, leading to reduced detection performance. Furthermore, as the number and types of network attacks continue to increase, it becomes challenging for these IDS to update their model parameters promptly and adapt to new attack scenarios. To address these issues, this paper introduces a dynamic intrusion detection system, Dynamic Unknown Attack Intrusion Detection System (DUA-IDS). This system aims to learn and detect unknown attacks effectively. DUA-IDS comprises three components: Feature Extractor: This component employs CNN and Transformer models to extract data features from various perspectives. Threshold-Based Classifier: The second part utilizes the nearest mean rule of samples to classify known and unknown attacks, enabling the distinction between them. Dynamic Learning Module: The third part incorporates data playback and knowledge distillation techniques to retain existing category knowledge while continuously learning new attack categories. To assess the effectiveness of DUA-IDS, this paper conducted experiments using the UNSW-NB15 public dataset. The experimental results show that DUA-IDS improves the classification accuracy of flow network data with unknown traffic attacks. Can accurately distinguish unknown traffic and correctly classify known traffic. When dynamically learning unknown traffic, the classification accuracy of previously learned known traffic is less affected. This indicates the advantages of DUA-IDS in detecting unknown attacks and learning new attack categories.

Hooman Alavizadeh,Hootan Alavizadeh,Julian Jang-Jaccard

DOI: https://doi.org/10.3390/computers11030041

2022-03-11

Computers

Abstract:The rise of the new generation of cyber threats demands more sophisticated and intelligent cyber defense solutions equipped with autonomous agents capable of learning to make decisions without the knowledge of human experts. Several reinforcement learning methods (e.g., Markov) for automated network intrusion tasks have been proposed in recent years. In this paper, we introduce a new generation of the network intrusion detection method, which combines a Q-learning based reinforcement learning with a deep feed forward neural network method for network intrusion detection. Our proposed Deep Q-Learning (DQL) model provides an ongoing auto-learning capability for a network environment that can detect different types of network intrusions using an automated trial-error approach and continuously enhance its detection capabilities. We provide the details of fine-tuning different hyperparameters involved in the DQL model for more effective self-learning. According to our extensive experimental results based on the NSL-KDD dataset, we confirm that the lower discount factor, which is set as 0.001 under 250 episodes of training, yields the best performance results. Our experimental results also show that our proposed DQL is highly effective in detecting different intrusion classes and outperforms other similar machine learning approaches.

Liu Zhiqiang,Lin Zhijun,Gong Ting,Shi Yucheng,Mohi-Ud-Din Ghulam

DOI: https://doi.org/10.1007/978-981-15-5859-7_24

2020-01-01

Abstract:Recently, the increasing number of machine learning algorithms has been used in network intrusion detection system (NIDS) to detect abnormal behaviors in the network. Many available datasets were created to evaluate the performance of the model, such as KDD CUP99 and NSL-KDD. However, with the increasing scale of data and the emergence of advanced attacks, conventional machine learning algorithms can hardly perform well. Fortunately, the development of deep learning provides new direction for solving these problems. In this paper, in order to detect novel attacks in a network and improve detection efficiency, we proposed a flexible framework based on deep neural network (DNN). In our framework, we apply different feature reduction methods and activation functions to get the best performance. Moreover, through changing hyper-parameter of the model, we select better network structure. To evaluate our framework, we select ISCX 2012 and CICIDS 2017 as a benchmark and apply the proposed framework to these datasets. As a result, we observe high accuracy rate and low FAR for both binary and multi-class classifications. Overall, our proposed framework is universal and useful for detecting zero-day attacks.

Mohanad Sarhan,Siamak Layeghy,Marcus Gallagher,Marius Portmann

DOI: https://doi.org/10.1007/s10207-023-00676-0

2021-09-30

Abstract:The standard ML methodology assumes that the test samples are derived from a set of pre-observed classes used in the training phase. Where the model extracts and learns useful patterns to detect new data samples belonging to the same data classes. However, in certain applications such as Network Intrusion Detection Systems, it is challenging to obtain data samples for all attack classes that the model will most likely observe in production. ML-based NIDSs face new attack traffic known as zero-day attacks, that are not used in the training of the learning models due to their non-existence at the time. In this paper, a zero-shot learning methodology has been proposed to evaluate the ML model performance in the detection of zero-day attack scenarios. In the attribute learning stage, the ML models map the network data features to distinguish semantic attributes from known attack (seen) classes. In the inference stage, the models are evaluated in the detection of zero-day attack (unseen) classes by constructing the relationships between known attacks and zero-day attacks. A new metric is defined as Zero-day Detection Rate, which measures the effectiveness of the learning model in the inference stage. The results demonstrate that while the majority of the attack classes do not represent significant risks to organisations adopting an ML-based NIDS in a zero-day attack scenario. However, for certain attack groups identified in this paper, such systems are not effective in applying the learnt attributes of attack behaviour to detect them as malicious. Further Analysis was conducted using the Wasserstein Distance technique to measure how different such attacks are from other attack types used in the training of the ML model. The results demonstrate that sophisticated attacks with a low zero-day detection rate have a significantly distinct feature distribution compared to the other attack classes.

Machine Learning,Cryptography and Security,Networking and Internet Architecture

He Lu,Yanan Zhao,Yajing Song,Yang Yang,Guanjie He,Haiyang Yu,Yilong Ren

DOI: https://doi.org/10.1007/s10586-024-04376-9

2024-04-14

Cluster Computing

Abstract:Communication-based train control (CBTC) system is a typical cyber-physical system with open wireless communication that is vulnerable to attacks. To protect the security of wireless communication in the CBTC system, machine learning-based intrusion detection system (IDS) has been extensively researched. However, the performance of a machine learning-based IDS highly depends on feature design, and the spatial and temporal correlation of network data attributes makes it difficult to design features manually. Meanwhile, this type of IDS can only detect known attacks that are contained in the training dataset and fail to detect new attacks (i.e., zero-day attacks). To cope with the above issue, we propose a novel IDS based on transfer learning for the CBTC system. The proposed IDS leverages an optimized one-dimensional convolutional neural network block and long short-term memory to automatically extract spatial and temporal features from the original data. Furthermore, a knowledge transfer method is utilized to transfer the features to enable zero-day attack detection. We evaluate the proposed IDS on a dataset representing the CBTC system network data. The results show that the proposed IDS can achieve 99.32% accuracy for known attacks and 93.21% average F1-Score for zero-day attacks.

computer science, information systems, theory & methods

Ahmed Hasham Ibn E. Tariq,Moazan Basoud Ibn E. Tariq,Songfeng Lu

DOI: https://doi.org/10.1109/aiotc63215.2024.10748333

2024-01-01

Abstract:Zero-day exploits present significant risks to cybersecurity by exploiting unknown vulnerabilities, making their identification and mitigation a key problem. Conventional Intrusion Detection Systems (IDS) frequently depend on signature-based or anomaly-based methodologies, which are ineffective in identifying new and sophisticated incidents of assault. This paper provides a new hybrid AI-driven strategy to boost zeroday exploit detection by the combination of deep learning and ensemble learning approaches. We have taken the UNSW-NB15 dataset, a complete and diversified reference for network intrusion models, to train and analyze our model. The suggested system leverages a hybrid architecture integrating Convolutional Neural Networks (CNN) and Long Short-Term Memory (LSTM) networks to capture both spatial and sequential features of network traffic efficiently. To further increase detection accuracy and resilience, we add ensemble approaches by combining random forest, gradient boosting, and Support Vector Machine (SVM) classifiers through a weighted voting mechanism. Our ensemble model achieves a detection accuracy of 97.8%, outperforming standard anomaly-based (IDS), vision transformer (ViT) and bidirectional encoder representations from transformers (BERT) by a wide margin. The model also demonstrates a low false-positive rate of 0.022 and high detection rates across multiple types of attacks, including previously undiscovered zero-day flaws. Performance studies employing criteria like accuracy, recall, F1score, AUC-ROC, false-positive rate, and detection rate indicate the importance and reliability of our methodology.

Qianru Zhou,Rongzhen Li,Lei Xu,Hongyi Zhu,Wanli Liu

DOI: https://doi.org/10.36227/techrxiv.14837994

2021-01-01

Abstract:Detecting Zero-Day intrusions has been the goal of Cybersecurity, especially intrusion detection for a long time. Machine learning is believed to be the promising methodology to solve that problem, numerous models have been proposed but a practical solution is still yet to come, mainly due to the limitation caused by the out-of-date open datasets available. In this paper, we propose an approach for Zero-Day intrusion detection based on machine learning, using flow-based statistical data generated by CICFlowMeter as training dataset. The machine learning classification model used is selected from eight most popular classification models, based on their cross validation results, in terms of precision, recall, F1 value, area under curve (AUC) and time overhead. Finally, the proposed system is tested on the testing dataset. To evaluate the feasibility and efficiency of tested models, the testing datasets are designed to contain novel types of intrusions (intrusions have not been trained during the training process). The normal data in the datasets are generated from real life traffic flows generated from daily use. Promising results have been received with the accuracy as high as almost 100%, false positive rate as low as nearly 0%, and with a reasonable time overhead. We argue that with the proper selected flow based statistical data, certain machine learning models such as MLP classifier, Quadratic discriminant analysis, K-Neighbor classifier have satisfying performance in detecting Zero-Day attacks.

Lijun Zhang,Xingyu Lu,Zhaoqiang Chen,Tianwei Liu,Qun Chen,Zhanhuai Li

DOI: https://doi.org/10.1016/j.neucom.2022.04.061

IF: 6

2022-01-01

Neurocomputing

Abstract:With increasing connectedness, network intrusion has become a critical security concern for modern information systems. The state-of-the-art performance of Network Intrusion Detection (NID) has been achieved by deep learning. Unfortunately, NID remains very challenging, and deep models may still mislabel many activities in real networks. Therefore, there is a need for risk analysis, which aims to know which activities may be mislabeled and why.

Zhun Zhang,Qihe Liu,Shilin Qiu,Shijie Zhou,Cheng Zhang

DOI: https://doi.org/10.1109/access.2020.3033494

IF: 3.9

2020-01-01

IEEE Access

Abstract:In recent years, due to the frequent occurrence of network intrusions, more and more researchers have begun to focus on network intrusion detection. However, it is still a challenge to detect unknown attacks. Currently, there are two main methods of unknown attack detection: clustering and honeypot. But they still have unsolved problems such as difficulty in collecting unknown attack samples and failure to detect on time. Zero-Shot learning is proposed to deal with the problem in this article, which can recognize unknown attacks by learning the mapping relations between feature space and semantic space (such as attribute space). When the semantic descriptions of all attacks (including known and unknown attacks) are provided, the classifier built by Zero-Shot learning can extract common semantic information among all attacks and construct connections between known and unknown attacks. The classifier then utilizes the connections to classify unknown attacks although there are no samples for unknown attacks. In this article, we first propose to use Zero-Shot learning to overcome the challenge of unknown attack detection and illustrate the feasibility of this method. Secondly, we then propose a novel method of Zero-Shot learning based on sparse autoencoder for unknown attack detection. This method maps the feature of known attacks to the semantic space, and restores the semantic space to the feature space by constrains of reconstruction error, and establishes the feature to semantic mapping, which is used to detect unknown attacks. Verification tests have been carried out by using the public dataset NSL-KDD. From the experiments conducted in this work, the results show that the average accuracy reaches 88.3% which performs better than other methods.

Albert Pravin,T. Prem Jacob,R. Raja Kumar

DOI: https://doi.org/10.1080/03772063.2024.2351556

IF: 1.8768

2024-05-28

IETE Journal of Research

Abstract:In general, the attackers probably create security-related threats from diverse insecure applications. These attackers execute various nasty activities like establishing hidden rootkit processes, hindering host-based security systems, changing the characteristics of applications, etc. The attackers utilize compromised tenant virtual machines for producing attacks with minor changes to avoid accurate prediction. To deal with these shortcomings, we proposed an efficient novel Deep Q-learning network-based circle search (DQL-CS) algorithm to detect intrusion in a cloud environment. The dataset is pre-processed initially by employing the Term Frequency-Inverse Document Frequency (TF-IDF) approach, which sequentially organizes normal and intrusion traces, and then the collected feature sequences are extracted using n-gram sampling. This process makes the classifier enhance the detection and classification performance. Followed by the extraction process, the classification process is executed using the proposed Deep Q-learning network-based circle search (DQL-CS) algorithm. The proposed DQL-CS algorithm accurately identifies and categorizes the attacks as two different classes normal and malevolent. Then the applications generating the malicious behavior are examined by the cloud admin using an alert generation system and are isolated automatically. The developed intrusion detection system is evaluated using three different malware databases such as the UNM dataset, windows malware dataset, and KDD99 dataset as the input. The accuracy rate of the UNM dataset of the proposed DQL-CS method is higher than other conventional approaches.

telecommunications,engineering, electrical & electronic

Ying Zhong,Ziqi Gao,Rui Li,Citong Que,Xinjie Yang,Zhiliang Wang,Jiahai Yang,Xia Yin,Xingang Shi,Keqin Li

DOI: https://doi.org/10.1109/iscc53001.2021.9631496

2021-01-01

Abstract:With the increasing network security risks, network intrusion detection technology has become more important. At present, machine learning is applied in most advanced traffic anomaly detection algorithms, but these algorithms have three main shortcomings. First, algorithms using deep neural network are highly complex and not suitable for real-time online processing. Second, algorithms based on supervised learning require training on huge labeled data sets, which are limited and insufficient. Third, most algorithms have such poor generalization ability and portability that they are less suitable for real-world environments. Therefore, we propose a novel network anomaly detection model, STRAD. We use Word2vec and Damped Incremental Statistics algorithm for spatiotemporal features extraction, latent space compression (LSC) for feature vectors compression and an unsupervised one-class classifier for anomaly detection. Our evaluations show that STRAD has a better performance than other state of the art algorithms.

Mike Nkongolo,Mahmut Tokmak

DOI: https://doi.org/10.1007/978-3-031-39652-6_3

2023-06-10

Abstract:Technological advancements in various industries, such as network intelligence, vehicle networks, e-commerce, the Internet of Things (IoT), ubiquitous computing, and cloud-based applications, have led to an exponential increase in the volume of information flowing through critical systems. As a result, protecting critical infrastructures from intrusions and security threats have become a paramount concern in the field of intrusion detection systems (IDS). To address this concern, this research paper focuses on the importance of defending critical infrastructures against intrusions and security threats. It proposes a computational framework that incorporates feature selection through fuzzification. The effectiveness and performance of the proposed framework is evaluated using the NSL-KDD and UGRansome datasets in combination with selected machine learning (ML) models. The findings of the study highlight the effectiveness of fuzzy logic and the use of ensemble learning to enhance the performance of ML models. The research identifies Random Forest (RF) and Extreme Gradient Boosting (XGB) as the top performing algorithms to detect zero-day attacks. The results obtained from the implemented computational framework outperform previous methods documented in the IDS literature, reaffirming the significance of safeguarding critical infrastructures from intrusions and security threats.

Cryptography and Security,Networking and Internet Architecture

Zhen Dai,Lip Yee Por,Yen-Lin Chen,Jing Yang,Chin Soon Ku,Roohallah Alizadehsani,Paweł Pławiak

DOI: https://doi.org/10.1371/journal.pone.0308469

IF: 3.7

2024-09-11

PLoS ONE

Abstract:In an era marked by pervasive digital connectivity, cybersecurity concerns have escalated. The rapid evolution of technology has led to a spectrum of cyber threats, including sophisticated zero-day attacks. This research addresses the challenge of existing intrusion detection systems in identifying zero-day attacks using the CIC-MalMem-2022 dataset and autoencoders for anomaly detection. The trained autoencoder is integrated with XGBoost and Random Forest, resulting in the models XGBoost-AE and Random Forest-AE. The study demonstrates that incorporating an anomaly detector into traditional models significantly enhances performance. The Random Forest-AE model achieved 100% accuracy, precision, recall, F1 score, and Matthews Correlation Coefficient (MCC), outperforming the methods proposed by Balasubramanian et al., Khan, Mezina et al., Smith et al., and Dener et al. When tested on unseen data, the Random Forest-AE model achieved an accuracy of 99.9892%, precision of 100%, recall of 99.9803%, F1 score of 99.9901%, and MCC of 99.8313%. This research highlights the effectiveness of the proposed model in maintaining high accuracy even with previously unseen data.

Zhiqiang Liu,Mohi-Ud-Din Ghulam,Ye Zhu,Xuanlin Yan,Lifang Wang,Zejun Jiang,Jianchao Luo

DOI: https://doi.org/10.1007/978-981-15-0637-6_40

2019-01-01

Abstract:With the astonishing development of the Internet and its applications in the last decade, cyberattacks are changing quickly, and the necessity of protection for communication network has improved tremendously. As the primary defense, the intrusion detection system plays a crucial role in making sure the network security. Key to intrusion detection system is actually to determine a variety of attacks effectively as well as to adjust to a constantly changing threat scenario. DNN or Deep Neural Network on NSL-KDD dataset for effective detection of an attack. Firstly, the dataset was preprocessed and normalized and then fed to the DNN algorithm to create a model. For testing purpose, entire dataset of NSL-KDD was used. Finally, to analyze the accuracy and precision of the DNN model, we use accuracy and precision matrices. The proposed DNN-based strategy enhances network anomaly detection and opens new analysis gateway for intrusion detection systems.

Wenyan Liu,Fucai Chen,Hongchao Hu,Guozhen Cheng,Shumin Huo,Hao Liang

DOI: https://doi.org/10.1109/cyberc.2017.39

2017-10-01

Abstract:In cyberspace, unknown zero-day attacks can bring safety hazards. Traditional defense methods based on signatures are ineffective. Based on the Cyberspace Mimic Defense (CMD) architecture, the paper proposes a framework to detect the attacks and respond to them. Inputs are assigned to all online redundant heterogeneous functionally equivalent modules. Their independent outputs are compared and the outputs in the majority will be the final response. The abnormal outputs can be detected and so can the attack. The damaged executive modules with abnormal outputs will be replaced with new ones from the diverse executive module pool. By analyzing the abnormal outputs, the correspondence between inputs and abnormal outputs can be built and inputs leading to recurrent abnormal outputs will be written into the zero-day attack related database and their reuses cannot work any longer, as the suspicious malicious inputs can be detected and processed. Further responses include IP blacklisting and patching, etc. The framework also uses honeypot like executive module to confuse the attacker. The proposed method can prevent the recurrent attack based on the same exploit.

Wanrong Yang,Alberto Acuto,Yihang Zhou,Dominik Wojtczak

2024-09-25

Abstract:Cyber-attacks are becoming increasingly sophisticated and frequent, highlighting the importance of network intrusion detection systems. This paper explores the potential and challenges of using deep reinforcement learning (DRL) in network intrusion detection. It begins by introducing key DRL concepts and frameworks, such as deep Q-networks and actor-critic algorithms, and reviews recent research utilizing DRL for intrusion detection. The study evaluates challenges related to model training efficiency, detection of minority and unknown class attacks, feature selection, and handling unbalanced datasets. The performance of DRL models is comprehensively analyzed, showing that while DRL holds promise, many recent technologies remain underexplored. Some DRL models achieve state-of-the-art results on public datasets, occasionally outperforming traditional deep learning methods. The paper concludes with recommendations for enhancing DRL deployment and testing in real-world network scenarios, with a focus on Internet of Things intrusion detection. It discusses recent DRL architectures and suggests future policy functions for DRL-based intrusion detection. Finally, the paper proposes integrating DRL with generative methods to further improve performance, addressing current gaps and supporting more robust and adaptive network intrusion detection systems.

Cryptography and Security,Artificial Intelligence

Mahdi Soltani,Khashayar Khajavi,Mahdi Jafari Siavoshani,Amir Hossein Jahangir

2023-03-05

Abstract:The network security analyzers use intrusion detection systems (IDSes) to distinguish malicious traffic from benign ones. The deep learning-based IDSes are proposed to auto-extract high-level features and eliminate the time-consuming and costly signature extraction process. However, this new generation of IDSes still suffers from a number of challenges. One of the main issues of an IDS is facing traffic concept drift which manifests itself as new (i.e., zero-day) attacks, in addition to the changing behavior of benign users/applications. Furthermore, a practical DL-based IDS needs to be conformed to a distributed architecture to handle big data challenges. We propose a framework for adapting DL-based models to the changing attack/benign traffic behaviors, considering a more practical scenario (i.e., online adaptable IDSes). This framework employs continual deep anomaly detectors in addition to the federated learning approach to solve the above-mentioned challenges. Furthermore, the proposed framework implements sequential packet labeling for each flow, which provides an attack probability score for the flow by gradually observing each flow packet and updating its estimation. We evaluate the proposed framework by employing different deep models (including CNN-based and LSTM-based) over the CIC-IDS2017 and CSE-CIC-IDS2018 datasets. Through extensive evaluations and experiments, we show that the proposed distributed framework is well adapted to the traffic concept drift. More precisely, our results indicate that the CNN-based models are well suited for continually adapting to the traffic concept drift (i.e., achieving an average detection rate of above 95% while needing just 128 new flows for the updating phase), and the LSTM-based models are a good candidate for sequential packet labeling in practical online IDSes (i.e., detecting intrusions by just observing their first 15 packets).

Cryptography and Security,Networking and Internet Architecture

Zhulian Chen,Aiqin Hou,Chase Q. Wu,Xinji Qu,Yukun Wang,Le Ru

DOI: https://doi.org/10.1109/hpcc-dss-smartcity-dependsys60770.2023.00040

2023-01-01

Abstract:Software-Defined Networking (SDN) is a promising technology for the future Internet. However, the SDN paradigm opens the door to new attack vectors that do not exist in traditional networks, such as flow table overflow attacks and flow rule injection attacks, which traditional intrusion detection systems are no longer sufficient to identify. To address this problem, we propose a new method that uses deep learning for attack detection in an SDN environment. In this method, we first utilize fisher score to remove insignificant features, then design a network model combining bi-directional long short-term memory network (BiLSTM) and gated convolutional neural network (GCNN) to capture the spatio-temporal features of network traffic, and finally use a fully connected layer to perform seven classifications of data. We choose focal loss as the loss function due to the imbalance of samples. The proposed model is evaluated based on the InSDN dataset, which is the latest IDS dataset developed specifically for SDN environments, and the CIC-IDS2017 dataset. The results show that the proposed model improves the performance for anomaly detection and achieves an accuracy of 99.80% and 98.85% on the InSDN and CIC-IDS2017 datasets, respectively. This level of detection accuracy provides great confidence in protecting SDN networks from anomalous traffic.

Liqun Yang,Jianqiang Li,Liang Yin,Zhonghao Sun,Yufei Zhao,Zhoujun Li

DOI: https://doi.org/10.1109/ACCESS.2020.3019973

IF: 3.9

2020-01-01

IEEE Access

Abstract:With the development of the wireless network techniques, the number of cyber-attack increases significantly, which has seriously threat the security of Wireless Local Area Network (WLAN). The traditional intrusion detection technology is a prevalent area of study for numerous years, but it may not have a good detection performance in a real-time way. Therefore, it is urgent to design a detection mechanism to detect the attacks timely. In this paper, we exploit a CDBN (Conditional Deep Belief Network)-based intrusion detection mechanism to recognize the attack features and perform the wireless network intrusion detection in real time. To avoid the impact of the imbalanced dataset and the data redundancy on the detection accuracy, a window-based instance selection algorithm "SamSelect" is adopted to undersample the majority class data samples, and a Stacked Contractive Auto-Encoder (SCAE) algorithm is proposed to reduce the dimension of the data samples. By doing so, our proposed mechanism can effectively detect the potential attack and achieve high accuracy. The experiment results show that CDBN can be effectively combined with "SamSelect" and SCAE, and the proposed mechanism has a high detection speed and accuracy, with the average detection time 1.14 ms and the detection accuracy 0.974.

S. Muthukumar,A.K. Ashfauk Ahamed

DOI: https://doi.org/10.3233/jhs-230142

2024-03-15

Journal of High Speed Networks

Abstract:The “Distributed Denial of Service (DDoS)” threats have become a tool for the hackers, cyber swindlers, and cyber terrorists. Despite the high amount of conventional mitigation mechanisms that are present nowadays, the DDoS threats continue to enhance in severity, volume, and frequency. The DDoS attack has highly affected the availability of the networks for the previous years and still, there is no efficient defense technique against it. Moreover, the new and complex DDoS attacks are increasing on a daily basis but the traditional DDoS attack detection techniques cannot react to these threats. On the other hand, the hackers are employing very innovative strategies to initiate the threats. But, the traditional methods can become effective and reliable when combined with the deep learning-aided approaches. To solve these certain issues, a framework detection mechanism for DDoS attacks utilizes an attention-aided deep learning methodology. The primary thing is the acquisition of data from standard data online sources. Further, from the garnered data, the significant features are drawn out from the “Deep Weighted Restricted Boltzmann Machine (RBM)” using a “Deep Belief Network (DBN)”, in which the parameters are tuned by employing the recommended Enhanced Gannet Optimization Algorithm (EGOA). This feature extraction operation increases the network performance rate and also diminishes the dimensionality issues. Lastly, the acquired features are transferred to the model of “Attention and Cascaded Recurrent Neural Network (RNN) with Residual Long Short Term Memory (LSTM) (ACRNN-RLSTM)” blocks for the DDoS threat detection purpose. This designed network precisely identifies the complex and new attacks, thus it increases the trustworthiness of the network. In the end, the performance of the approach is contrasted with other traditional algorithms. Hence, the simulation outcomes are obtained that prove the system’s efficiency. Also, the outcomes displayed that the designed system overcame the conventional threat detection techniques.