Abstract
(1) Background: Link flooding attacks (LFA) are a spatiotemporal attack pattern of distributed denial-of-service (DDoS) that arranges bots to send low-speed traffic to backbone links and paralyze servers in the target area. (2) Problem: The traditional methods to defend against LFA are heuristic and cannot reflect the changing characteristics of LFA over time; the AI-based methods only detect the presence of LFA without considering the spatiotemporal series attack pattern and defense suggestion. (3) Methods: This study designs a deep ensemble learning model (Stacking-based integrated Convolutional neural network–Long short term memory model, SCL) to defend against LFA: (a) combining continuous network status as an input to represent “continuous/combination attacking action” and to help CNN operation to extract features of spatiotemporal attack pattern; (b) applying LSTM to periodically review the current evolved LFA patterns and drop the obsolete ones to ensure decision accuracy and confidence; (c) stacking System Detector and LFA Mitigator module instead of only one module to couple with LFA detection and mediation at the same time. (4) Results: The simulation results show that the accuracy rate of SCL successfully blocking LFA is 92.95%, which is 60.81% higher than the traditional method. (5) Outcomes: This study demonstrates the potential and suggested development trait of deep ensemble learning on network security.
Highlights
Internet of Things (IoT) is becoming of crucial importance in social, corporate, and government activities
Parameter Investigation we investigate the effects of some important parameters and our observations; we compare the performance of our methods with LFAD [1] with the performance of mitigation accuracy MAt
When the number of input nodes is ranging from two-hop to all nodes, stacking-based integrated CNN-long short-term memory (LSTM) model (SCL) can maintain a level above 90.51%, which is more stable than LFAD
Summary
Internet of Things (IoT) is becoming of crucial importance in social, corporate, and government activities. SCL develops three novel technologies to accomplish the above two-step strategy: (a) SCL combines several continuous network status screenshots as an input sample to represent “continuous or combination attacking action” and to help SCL’s CNN operation to extract the features of spatiotemporal attack LFA pattern, (b) SCL applies long short-term memory (LSTM) to store the collected samples in a short memory queue, and periodically review the current evolved LFA patterns and drop the obsolete ones to ensure the decision accuracy and confidence of the long-term memory, (c) stacking System Detector and LFA Mitigator module instead of only one AI module to overcome the issue that previous AI-based methods cannot couple with LFA detection and mediation at the same time.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
