Flow based Network Threat Detection using ANN and Socket in Real Time

Abstract

Cyber attacks are increasingly frequent and sophis-ticated, posing severe risks to both individuals and organizations worldwide. Traditional rule-based or signature-based intrusion detection systems have proven inefficient in keeping up with the evolving tactics of attackers, leavingnetworks vulnerable. Our research focuses on improving the detection of network threats,with a specific focus on Distributed Denial of Service (DDoS) attacks for testing, through advanced deep learning techniques. Specifically, we utilize a Long Short-Term Memory (LSTM) neuralnetwork to detect attacks by analyzing network traffic in real time. We begin by collecting a complete dataset consisting of normal traffic and network attack scenarios including DDoS attacks. This data is carefully preprocessed using normalization and feature extraction to ensure accuracy. The LSTM model was then designed, trained, and tested, while tuning its parameters for optimal performance. The model was evaluated using metrics such as accuracy, precision,recall,and the F1 score. In realtime scenarios with socket communication, it demonstrated a total average delay of 86.2678 seconds and a processing delay of just 0.1102 seconds, reflecting its performance and efficiency in deployment. The LSTM model demonstrated strong perfor-mance, detecting DDoS attacks with an accuracy of 99.897%. It effectively identified attacks, achieving a recall of 99.953% and a precision of 99.794%,resulting in an overall F1 score of 99.874%. In practical scenario with Model 1, it detected 83.42% of DDoS attacks out of the total flow of 368. The LSTM’s ability to capture temporal dependencies in network traffic makes it superior for complex attack detection compared to traditional methods. This study demonstrates the effectiveness of LSTM in enhancing real-time network security and addresses the limitations of rule-based systems.