TY - GEN
T1 - DDoS Attack Detection Combining Time Series-based Multi-dimensional Sketch and Machine Learning
AU - Sun, Yanchao
AU - Han, Yuanfeng
AU - Zhang, Yue
AU - Chen, Mingsong
AU - Yu, Shui
AU - Xu, Yimin
N1 - Publisher Copyright:
© 2022 IEICE.
PY - 2022
Y1 - 2022
N2 - Machine learning-based DDoS attack detection methods are mostly implemented at the packet level with expensive computational time costs, and the space cost of those sketch-based detection methods is uncertain. This paper proposes a two-stage DDoS attack detection algorithm combining time series-based multi-dimensional sketch and machine learning technologies. Besides packet numbers, total lengths, and protocols, we construct the time series-based multi-dimensional sketch with limited space cost by storing elephant flow information with the Boyer-Moore voting algorithm and hash index. For the first stage of detection, we adopt CNN to generate sketch-level DDoS attack detection results from the time series-based multi-dimensional sketch. For the sketch with potential DDoS attacks, we use RNN with flow information extracted from the sketch to implement flow-level DDoS attack detection in the second stage. Experimental results show that not only is the detection accuracy of our proposed method much close to that of packet-level DDoS attack detection methods based on machine learning, but also the computational time cost of our method is much smaller with regard to the number of machine learning operations.
AB - Machine learning-based DDoS attack detection methods are mostly implemented at the packet level with expensive computational time costs, and the space cost of those sketch-based detection methods is uncertain. This paper proposes a two-stage DDoS attack detection algorithm combining time series-based multi-dimensional sketch and machine learning technologies. Besides packet numbers, total lengths, and protocols, we construct the time series-based multi-dimensional sketch with limited space cost by storing elephant flow information with the Boyer-Moore voting algorithm and hash index. For the first stage of detection, we adopt CNN to generate sketch-level DDoS attack detection results from the time series-based multi-dimensional sketch. For the sketch with potential DDoS attacks, we use RNN with flow information extracted from the sketch to implement flow-level DDoS attack detection in the second stage. Experimental results show that not only is the detection accuracy of our proposed method much close to that of packet-level DDoS attack detection methods based on machine learning, but also the computational time cost of our method is much smaller with regard to the number of machine learning operations.
KW - DDos Attack Detection
KW - Machine Learning
KW - The Boyer-Moore Voting Algorithm
KW - Time Series-based Multi-dimensional Sketch
UR - https://www.scopus.com/pages/publications/85142035462
U2 - 10.23919/APNOMS56106.2022.9919958
DO - 10.23919/APNOMS56106.2022.9919958
M3 - 会议稿件
AN - SCOPUS:85142035462
T3 - APNOMS 2022 - 23rd Asia-Pacific Network Operations and Management Symposium: Data-Driven Intelligent Management in the Era of beyond 5G
BT - APNOMS 2022 - 23rd Asia-Pacific Network Operations and Management Symposium
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 23rd Asia-Pacific Network Operations and Management Symposium, APNOMS 2022
Y2 - 28 September 2022 through 30 September 2022
ER -