The increasing sophistication of cyberattacks targeting companies and organizations continues to challenge the effectiveness of modern defense systems. Among these threats, slow Denial-of-Service (slow DoS) attacks are particularly difficult to detect, as they rely on evasion strategies that add significant complexity to cybersecurity efforts. Modern intrusion detection systems, especially those based on deep learning, have become essential tools in combating such attacks. However, their performance is often hindered by challenges such as limited data availability, noisy inputs, and the presence of out-of-distribution samples. Furthermore, their dependence on large labeled datasets makes detecting subtle or rare attack patterns particularly challenging. To overcome these limitations, this work proposes a novel unsupervised deep learning framework for detecting slow DoS attacks. The proposed approach incorporates a customized preprocessing pipeline to improve input data quality and leverages a sparse variational U-Net-like architecture for robust anomaly identification. Extensive experiments conducted on three real-world datasets demonstrate the ability of the framework to accurately and efficiently detect slow DoS attacks, highlighting its robustness, generalizability, and practical suitability for deployment in operational environments.
Seeing the invisible: Detection of stealth DoS attacks using variational U-Net-like models
Cambiaso E.;Folino F.;Guarascio M.;Rullo A.
2026
Abstract
The increasing sophistication of cyberattacks targeting companies and organizations continues to challenge the effectiveness of modern defense systems. Among these threats, slow Denial-of-Service (slow DoS) attacks are particularly difficult to detect, as they rely on evasion strategies that add significant complexity to cybersecurity efforts. Modern intrusion detection systems, especially those based on deep learning, have become essential tools in combating such attacks. However, their performance is often hindered by challenges such as limited data availability, noisy inputs, and the presence of out-of-distribution samples. Furthermore, their dependence on large labeled datasets makes detecting subtle or rare attack patterns particularly challenging. To overcome these limitations, this work proposes a novel unsupervised deep learning framework for detecting slow DoS attacks. The proposed approach incorporates a customized preprocessing pipeline to improve input data quality and leverages a sparse variational U-Net-like architecture for robust anomaly identification. Extensive experiments conducted on three real-world datasets demonstrate the ability of the framework to accurately and efficiently detect slow DoS attacks, highlighting its robustness, generalizability, and practical suitability for deployment in operational environments.| File | Dimensione | Formato | |
|---|---|---|---|
|
JISA_2025.pdf
solo utenti autorizzati
Tipologia:
Versione Editoriale (PDF)
Licenza:
Creative commons
Dimensione
9.07 MB
Formato
Adobe PDF
|
9.07 MB | Adobe PDF | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
