MAEL: Meta-Active Semi-Supervised Ensemble Learning Model for DDoS Attack Detection

Cyberattacks against businesses have significantly increased in recent years, causing significant financial losses as well as privacy violations. Because of their harmful consequences on network infrastructure, including the depletion of computational resources and the saturation of communication channels, Distributed Denial of Service (DDoS) attacks stand out among these threats. In order to protect big networks, it is now essential to create effective ways to identify and stop DDoS attacks. However, using supervised learning models in DDoS attacks detection seems to be no longer appropriate, taking in consideration the fast growth of DDoS attacks in style and frequency. It is advised to use online semi-supervised learning models for identifying misbehaving flows and probable DDoS attacks by extending knowledge of labeled flows across unlabeled flows using graph-based learning models. Graph Neural Networks (GNNs), a subset of Neural Networks, excel in processing graph-structured data, offering promising avenues for innovation in this domain. This paper proposes an efficient GNN-based approach to detect DDoS attacks when flows are partially labeled. It involves a sequential application of multiple GNN layers to compute flow embeddings, capturing relevant information about the hosts involved in forwarding network traffic. These flow embeddings serve as inputs to a binary classifier, which predicts the likely label of each flow. Experimental results demonstrate the effectiveness of the proposed approach, showcasing notable improvements in key performance metrics such as accuracy, precision, and F1-Score.