Unknown DDoS Attack Detection with Sliced Iterative Normalizing Flows Technique  

作　　者：Chin-Shiuh Shieh Thanh-Lam Nguyen Thanh-Tuan Nguyen Mong-Fong Horng 

机构地区：[1]Department of Electronic Engineering,National Kaohsiung University of Science and Technology,Kaohsiung,807618,Taiwan [2]Department of Electronic and Automation Engineering,Nha Trang University,Nha Trang,650000,Vietnam

出　　处：《Computers, Materials & Continua》2025年第3期4881-4912,共32页计算机、材料和连续体(英文)

基　　金：supported by the National Science and Technology Council,Taiwan with grant numbers NSTC 112-2221-E-992-045,112-2221-E-992-057-MY3,and 112-2622-8-992-009-TD1.

摘　　要：DDoS attacks represent one of the most pervasive and evolving threats in cybersecurity,capable of crippling critical infrastructures and disrupting services globally.As networks continue to expand and threats become more sophisticated,there is an urgent need for Intrusion Detection Systems(IDS)capable of handling these challenges effectively.Traditional IDS models frequently have difficulties in detecting new or changing attack patterns since they heavily depend on existing characteristics.This paper presents a novel approach for detecting unknown Distributed Denial of Service(DDoS)attacks by integrating Sliced Iterative Normalizing Flows(SINF)into IDS.SINF utilizes the Sliced Wasserstein distance to repeatedly modify probability distributions,enabling better management of high-dimensional data when there are only a few samples available.The unique architecture of SINF ensures efficient density estimation and robust sample generation,enabling IDS to adapt dynamically to emerging threats without relying heavily on predefined signatures or extensive retraining.By incorporating Open-Set Recognition(OSR)techniques,this method improves the system’s ability to detect both known and unknown attacks while maintaining high detection performance.The experimental evaluation on CICIDS2017 and CICDDoS2019 datasets demonstrates that the proposed system achieves an accuracy of 99.85%for known attacks and an F1 score of 99.99%after incremental learning for unknown attacks.The results clearly demonstrate the system’s strong generalization capability across unseen attacks while maintaining the computational efficiency required for real-world deployment.

关 键 词：Distributed denial of service sliced iterative normalizing flows open-set recognition CYBERSECURITY deep learning 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]