Abstract

Distributed denial of service (DDoS) attacks aim to deplete the network bandwidth and computing resources of targeted victims. Low-rate DDoS attacks exploit protocol features such as the transmission control protocol (TCP) three-way handshake mechanism for connection establishment and the TCP congestion-control induced backoffs to attack at a much lower rate and still effectively bring down the targeted network and computer systems. Most of the statistical and machine/deep learning-based detection methods proposed in the literature require keeping track of packets by flows and have high processing overheads for feature extraction. This paper presents a novel two-stage model that uses Long Short-Term Memory (LSTM) and Random Forest (RF) to detect the presence of attack flows in a group of flows. This model has a very low data processing overhead; it uses only two features and does not require keeping track of packets by flows, making it suitable for continuous monitoring of network traffic and on-the-fly detection. The paper also presents an LSTM Autoencoder to detect individual attack flows with high detection accuracy using only two features. Additionally, the paper presents an analysis of a support vector machine (SVM) model that detects attack flows in slices of network traffic collected for short durations. The low-rate attack dataset used in this study is made available to the research community through GitHub.

Highlights

  • Denial of service (DoS) attacks attempt to exhaust the network bandwidth or computing resources of a target by overwhelming it with network traffic

  • If the attack traffic is generated from multiple sources, it is a distributed denial of service (DDoS) attack, which is harder to mitigate since simple Internet Protocol (IP) address filters do not work

  • Many of these models use a large number of features, which requires more training data and longer training times. These techniques are suitable for offline analyses of network traffic but are impractical for real-time detection of low-rate DDoS (LDDoS) attacks. We address this limitation by designing new Machine Learning (ML)/Deep Learning (DL) models that have low data-processing overheads and are suitable for continuous monitoring of network traffic for on-the-fly detection of LDDoS attacks

Read more

Summary

Introduction

Denial of service (DoS) attacks attempt to exhaust the network bandwidth or computing resources of a target by overwhelming it with network traffic. If the attack traffic is generated from multiple sources, it is a distributed denial of service (DDoS) attack, which is harder to mitigate since simple Internet Protocol (IP) address filters do not work. DDoS attacks, in addition to making target networks and servers unavailable for legitimate users, can hide the network traffic of malware propagating laterally within an organization or communicating with their command and control centers [1]. DDoS attacks exploit the protocols at the network, transport, or application layers of the transmission control protocol (TCP)/IP protocol stack [2]. Cisco report predicts that DDoS attacks will grow to 15 million by 2023 [7]

Methods
Results
Conclusion

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.