分散式阻斷服務（DDoS）攻擊已成為資訊安全領域中的一項重要威脅。傳統機器學習方法在特徵工程與模型泛化能力方面常顯侷限。本研究提出一種創新框架，將自然語言處理（NLP）技術引入 DDoS 偵測，採用 BERT（Bidirectional Encoder Representations from Transformers）模型，將結構化的網路流量數據轉換為文字化表示，以捕捉流量模式中的語境關係。
本研究以 CSE-CIC-IDS2018、CIC-DDoS-2019 及 CRDDoS2022 三組資料集為實驗基礎，針對二元與多類別分類任務進行評估。方法流程包括資料預處理、特徵選擇及 BERT 微調。實驗結果顯示，於二元分類場景中，BERT 模型達到 99.99% 的準確率，明顯優於 CNN 等基準模型；在多類別分類中，BERT 同樣超越 CNN 與 GAN，並維持整體穩定性，但對於易混淆類別（如 SNMP vs. LDAP、SSDP vs. UDP）的判別仍有提升空間。
本研究貢獻在於驗證 NLP 技術在網路攻擊偵測中的可行性，並提出將流量資料文字化的新穎手法，以提升偵測系統的準確度與適應性。未來可進一步延伸至即時監測或整合式模型設計，以克服計算資源瓶頸及複雜流量類別判別困難等挑戰。

Distributed Denial-of-Service (DDoS) attacks pose a significant threat in cybersecurity, with traditional machine learning methods often limited by feature engineering and generalization capabilities. This study proposes an innovative framework that applies natural language processing (NLP) techniques to DDoS detection, specifically leveraging the BERT (Bidirectional Encoder Representations from Transformers) model to convert structured network flow features into textual representations, thereby capturing contextual relationships in traffic patterns.
Experiments were conducted on datasets including CSE-CIC-IDS2018, CIC-DDoS-2019, and CRCDDoS2022 for binary and multi-class classification tasks. The methodology encompasses data cleaning, feature selection, and BERT fine-tuning. Results indicate that in binary classification, BERT achieves 99.99% accuracy, outperforming baselines like CNN. In multi-class scenarios, BERT surpasses baselines such as CNN and GAN, delivering stable global performance, although it exhibits relative weaknesses in handling specific confusing pairs such as SNMP vs. LDAP and SSDP vs. UDP, highlighting areas for future optimization. Contributions include validating the feasibility of NLP in security applications and introducing a text-based transformation for flow data, enhancing detection precision and adaptability. Future work may extend to real-time detection or lightweight models to address resource constraints and specific class challenges.

[1] S. Aktar and A. Y. Nur, "Towards DDoS attack detection using deep learning approach," Computers & Security, vol. 129, p. 103251, 2023, doi: 10.1016/j.cose.2023.103251.
[2] L. Nie, Y. Wu, X. Wang, L. Guo, G. Wang, X. Gao, and S. Li, "Intrusion Detection for Secure Social Internet of Things Based on Collaborative Edge Computing: A Generative Adversarial Network-Based Approach," IEEE Transactions on Computational Social Systems, vol. 9, no. 1, pp. 134-145, 2022, doi: 10.1109/TCSS.2021.3063538.
[3] A. A. Salih and M. B. Abdulrazaq, "Cybernet Model: A New Deep Learning Model for Cyber DDoS Attacks Detection and Recognition," Computers, Materials & Continua, vol. 78, no. 1, pp. 1275-1295, 2024, doi: 10.32604/cmc.2023.046101.
[4] J. Devlin, M. W. Chang, K. Lee, and K. Toutanova, "BERT: Pre-training of Deep Bidirectional Transformers for Language Understanding," in Proceedings of the 2019 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Volume 1 (Long and Short Papers), pp. 4171-4186, June 2019.
[5] S. S, S. M. V, K. B. N and K. M, "Securing Networks: Unleashing the Power of the FT-Transformer for Intrusion Detection," 2024 International Conference on Computer, Electrical & Communication Engineering (ICCECE), Kolkata, India, 2024, pp. 1-7, doi: 10.1109/ICCECE58645.2024.10497252.
[6] M. B. Anley, A. Genovese, D. Agostinello, and V. Piuri, "Robust DDoS attack detection with adaptive transfer learning," Computers & Security, vol. 144, p. 103962, 2024, doi: 10.1016/j.cose.2024.103962
[7] Shaikh, Jahangir, et al. "Advancing DDoS attack detection with hybrid deep learning: integrating convolutional neural networks, PCA, and vision transformers" International Journal on Smart Sensing and Intelligent Systems, vol. 17, no. 1, Sciendo, 2024, doi:10.2478/ijssis-2024-0040
[8] J. Boonchai, K. Kitchat and S. Nonsiri, "The Classification of DDoS Attacks Using Deep Learning Techniques," 2022 7th International Conference on Business and Industrial Research (ICBIR), Bangkok, Thailand, 2022, pp. 544-550, doi: 10.1109/ICBIR54589.2022.9786394.
[9] I. Sharafaldin, A. H. Lashkari, S. Hakak and A. A. Ghorbani, "Developing Realistic Distributed Denial of Service (DDoS) Attack Dataset and Taxonomy," 2019 International Carnahan Conference on Security Technology (ICCST), Chennai, India, 2019, pp. 1-8, doi: 10.1109/CCST.2019.8888419.
[10] H. J. Hadi, U. Hayat, N. Musthaq, F. B. Hussain and Y. Cao, "Developing Realistic Distributed Denial of Service (DDoS) Dataset for Machine Learning-based Intrusion Detection System," 2022 9th International Conference on Internet of Things: Systems, Management and Security (IOTSMS), Milan, Italy, 2022, pp. 1-6, doi: 10.1109/IOTSMS58070.2022.10062034.
[11] Vaswani, Ashish, Shazeer, N., Parmar, N., Uszkoreit, J., Jones, L., Gomez, A. N., Kaiser, L., & Polosukhin, I. "Attention Is All You Need." arXiv, 12 June 2017, arxiv.org/abs/1706.03762.
[12] Tianqi Chen and Carlos Guestrin. 2016. XGBoost: A Scalable Tree Boosting System. In Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD '16). Association for Computing Machinery, New York, NY, USA, 785–794. https://doi.org/10.1145/2939672.2939785
[13] Sharafaldin, I., Habibi Lashkari, A. and Ghorbani, A. A. (2018). Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization. In Proceedings of the 4th International Conference on Information Systems Security and Privacy - ICISSP; ISBN 978-989-758-282-0; ISSN 2184-4356, SciTePress, pages 108-116. DOI: 10.5220/0006639801080116
[14] Devrim Akgun, Selman Hizal, Unal Cavusoglu, "A new DDoS attacks intrusion detection model based on deep learning for cybersecurity", Computers & Security, Volume 118, 2022, 102748, ISSN 0167-4048, https://doi.org/10.1016/j.cose.2022.102748.
[15] H. Kousar, M. M. Mulla, P. Shettar and D. G. Narayan, "Detection of DDoS Attacks in Software Defined Network using Decision Tree," 2021 10th IEEE International Conference on Communication Systems and Network Technologies (CSNT), Bhopal, India, 2021, pp. 783-788, doi: 10.1109/CSNT51715.2021.9509634.
[16] R. Doshi, N. Apthorpe and N. Feamster, "Machine Learning DDoS Detection for Consumer Internet of Things Devices," 2018 IEEE Security and Privacy Workshops (SPW), San Francisco, CA, USA, 2018, pp. 29-35, doi: 10.1109/SPW.2018.00013.
[17] Deepak Kumar, R.K. Pateriya, Rajeev Kumar Gupta, Vasudev Dehalwar, Ashutosh Sharma, "DDoS Detection using Deep Learning", Procedia Computer Science, Volume 218, 2023, Pages 2420-2429, ISSN 1877-0509, https://doi.org/10.1016/j.procs.2023.01.217.
[18] S. S. Priya, M. Sivaram, D. Yuvaraj and A. Jayanthiladevi, "Machine Learning based DDOS Detection," 2020 International Conference on Emerging Smart Computing and Informatics (ESCI), Pune, India, 2020, pp. 234-237, doi: 10.1109/ESCI48226.2020.9167642.
[19] Z. Chen, F. Jiang, Y. Cheng, X. Gu, W. Liu and J. Peng, "XGBoost Classifier for DDoS Attack Detection and Analysis in SDN-Based Cloud," 2018 IEEE International Conference on Big Data and Smart Computing (BigComp), Shanghai, China, 2018, pp. 251-256, doi: 10.1109/BigComp.2018.00044.
[20] Dhaliwal, S.S.; Nahid, A.-A.; Abbas, R. Effective Intrusion Detection System Using XGBoost. Information 2018, 9, 149. https://doi.org/10.3390/info9070149
[21] Omerah Yousuf, Roohie Naaz Mir, DDoS attack detection in Internet of Things using recurrent neural network, Computers and Electrical Engineering, Volume 101, 2022, 108034, ISSN 0045-7906, https://doi.org/10.1016/j.compeleceng.2022.108034.
[22] Canadian Institute for Cybersecurity, “CSE-CIC-IDS2018,” Available: https://www.unb.ca/cic/datasets/ids-2018.html
[23] Canadian Institute for Cybersecurity, “CIC-DDoS2019,” Available: https://www.unb.ca/cic/datasets/ddos-2019.html
[24] CRC Center, “CRCDDoS2022,” 2022. Available: https://github.com/CRC-Center/CRCDDoS2022