Table 4.

The recent DL-based DDoS attacks detection studies, their methods, datasets, and classes of attacks used

Taxonomy	References	Date of publication	Approach used	Dataset used	Classes of attacks in the studies
Supervised Instance Learning	Hasan et al. (2018)	2018	Deep CNN	Optical Burst Switching (OBS) Network dataset	–
	Amma and Subramanian (2019)	2019	CNN	NSL KDD	DoS
	Chen et al. (2019)	2019	Multichannel CNN	KDDCUP99 and CICIDS2017	KDDCUP99: Normal, DoS, R2L, U2R, Probe. CICIDS2017: DoS/DDoS: Hulk, Heartbleed, slowloris, Slowhttptest, GoldenEye
	Shaaban et al. (2019)	2019	CNN model	1. Captured from simulated MCC network by Wireshark 2. NSL-KDD	Dataset 1: TCP and HTTP Flood DDoS Attack. NSL-KDD: DoS, Probe, R2L, U2R
	Sabeel et al. (2019)	2019	DNN, LSTM	CICIDS2017 and ANTS2019	CICIDS2017: Benign, DoS GoldenEye, DoS Slowloris, DoS Hulk, DoS Slowhttptest, DDoS. ANTS2019: DDoS attack and Benign
	Virupakshar et al. (2020)	2020	DT, KNN, NB, and DNN	KDDCUP, LAN, and Cloud	KDDCUP99: Normal, DoS, R2L, U2R, Probe. Cloud: ICMP flooding, TCP flooding, and HTTP flooding
	Haider et al. (2020)	2020	Ensemble RNN, LSTM, CNN, and Hybrid RL	CICIDS2017	Slowloris, Slowhttptest, Hulk, GoldenEye, Heartbleed, and DDoS
	Wang and Liu (2020)	2020	Information entropy and CNN	CICIDS2017	Benign, BForce, SFTP and SSH, slowloris, Slowhttptest, Heartbleed, Web BForce, Hulk, GoldenEye, XSS and SQL Inject, Infiltration Dropbox Download, Botnet ARES, Cool disk, DDoS LOIT, PortScans
	Kim et al. (2020)	2020	CNN	KDDCUP99 and CSE-CIC-IDS 2018	KDDCUP99: Benign, Neptune and Smurf Attack. CSE-CIC-IDS 2018: Benign, DoS-SlowHTTPTest, DoS-Hulk Attack, DoS-GoldenEye, DoS-Slowloris, DDoS-HOIC, DDoS-LOIC-HTTP
	Doriguzzi-Corin et al. (2020)	2020	CNN	ISCX2012, CIC2017, and CSECIC2018	ISCX2012: DDoS attack based on an IRC botnet. CIC2017: HTTP DDoS generated with LOIC. CSECIC2018: HTTP DDoS generated with HOIC
	Asad et al. (2020)	2020	DNN	CICIDS2017	Benign, DoS Slowloris, DoS Hulk, DoS SlowHTTPTest and DoS GoldenEye
	Muraleedharan and Janet (2020)	2020	DNN	CICIDS2017	Benign, Slowloris, SlowHTTP, Hulk, GoldenEye
	Sbai and El Boukhari (2020)	2020	DNN	CICDDoS2019	Data flooding or UDP flooding attack
	de Assis et al. (2020)	2020	CNN	Simulated SDN data and CICDDoS 2019	SDN dataset: DDoS attack. CICDDoS2019: Twelve DDoS attacks on the training day and seven attacks during the testing day
	Hussain et al. (2020)	2020	CNN model i.e., ResNet	CICDDoS2019	Syn, TFTP, DNS, LDAP, UDP Lag, MSSQL, NetBIOS, SNMP, SSDP, NTP, UDP, and Normal traffic
	Amaizu et al. (2021)	2021	DNN	CICDDoS2019	UDP LAG, SYN, DNS, MSSQL, NTP, SSDP, TFTP, NetBIOS, LDAP, UDP and Benign
	Cil et al. (2021)	2021	DNN	CICDDoS2019	Twelve DDoS attacks on the training day and seven attacks during the testing day
Supervised Sequence Learning	Li et al. (2018)	2018	LSTM, CNN/LSTM, GRU, 3LSTM	ISCX2012 dataset and Generated DDoS attacks	Generated DDoS attacks : ARP flood inundation attack, Smurf attack, SYN flood inundation attack, Ping of Death attack, and UDP flood inundation attack. ISCX2012: HTTP Denial of Service and Distributed Denial of Service using an IRC Botnet
	Priyadarshini and Barik (2019)	2019	LSTM	CTU-13 Botnet, ISCX 2012 and, some real DDoS attacks	ISCX2012: Infiltrating the network from the inside, DDoS using an IRC botnet, HTTP DoS, SSH brute force. CTU-13: IRC, Port Scan, FastFlux, spam, ClickFraud, US. Some real DDoS attacks are: TCP, UDP and ICMP
	Liang and Znati (2019)	2019	LSTM	CICIDS2017	Slowloris, Hulk, Slowhttptest, GoldenEye and LOIC
	Shurman et al. (2020)	2020	Hybrid IDS and LSTM	Reflection-based CICDDoS2019	MSSQL, SSDP, CharGen, LDAP, NTP, TFTP, DNS, SNMP, NETBIOS, and PORTMAP
	Assis et al. (2021)	2021	GRU	CICDDoS2019 and CICIDS2018	CICDDoS2019: Twelve DDoS attacks on the training day and seven attacks during the testing day. CICIDS2018: Infiltration of the network from inside, HTTP denial of service, Collection of web application attacks, Brute force attacks, Last updated attacks
Semi-supervised instance learning	Catak and Mustacoglu (2019)	2019	AE and a deep ANN	UNSWNB15 and KDDCUP99	UNSWNB15 dataset: Normal, Analysis, Fuzzers, Backdoors, Exploits, DoS, Reconnaissance, Shellcode and Worm. KDDCUP99: neptune, Smurf, Teardrop
	Ali and Li (2019)	2019	Deep AE and MKL	ISCXIDS2012 and UNSWNB15	ISCXIDS2012: Normal Activity. UNSWNB15: Fuzzers, Backdoors, Analysis, DoS, Exploits, Generic, Shellcode, Reconnaissance and Worms
	Yang et al. (2020)	2020	AE	Synthetic Dataset, UNB2017 and MAWI	Synthetic dataset: Excessive get post-attack, Recursive get attack, SlowLoris attack, and Slow post-attack. UNB2017: Slow HTTP attack, Hulk attack, Slowloris attack, and Golden eye. MAWI: Normal samples
	Kasim (2020)	2020	AE-SVM	CICIDS2017, NSL-KDD and 6957 data set of DDoS attacks	CIC-IDS2017: Slowloris, Slowhttptest, Hulk, GoldenEye, DDoS LOIT. NSL-KDD : Back, Land, Pod, Smurf, Neptune, Teardrop, Processtable, Udpstorm, Apache2, Mailbomb, Worm. 6957 data set of DDoS attacks
	Bhardwaj et al. (2020)	2020	AE with DNN	NSL-KDD and CICIDS2017	NSL-KDD: Back, Land, Teardrop, Mailbomb, Processtable, Udpstorm, Neptune, Pod, Smurf, Apache2, and Worm. CICIDS2017: Slowloris, Hulk, Slowhttptest, GoldenEye, DDoS LOIT
	Premkumar and Sundararajan (2020)	2020	RBF	Generated dataset	Data Flooding, Jamming, Exhaustion, Sinkhole, Eavesdropping and Packet dropping attack
Hybrid Learning	Roopak et al. (2019)	2019	MLP, CNN, LSTM, and hybrid CNN $+$ LSTM	CICIDS2017	Slowloris, Slowhttptest, Hulk, GoldenEye, DDoS LOIT
	Li and Lu (2019)	2019	LSTM and Bayes	ISCX2012	HTTP Denial of Service and Normal Activity
	Roopak et al. (2020)	2020	CNN with LSTM	CICIDS2017	DDoS
	Elsayed et al. (2020)	2020	RNN-AE	CICDDoS2019	Twelve DDoS attacks on the training day and seven attacks during the testing day
	Nugraha and Murthy (2020)	2020	CNN-LSTM	Synthetically generated	Slow DDoS attack: HTTP flows. Benign traffic: UDP and HTTP flows
Transfer learning	He et al. (2020)	2020	6LANN, 7LANN, 8LANN, 9LANN	–	SYN-type, and LDAP-type DDoS attacks