Detection of VSI-DDoS Attacks on the Edge: A Sequential Modeling Approach

The advent of crucial areas such as smart healthcare and autonomous transportation, bring in new requirements on the computing infrastructure, including higher demand for real-time processing capability with minimized latency and maximized availability. The traditional cloud infrastructure has several deficiencies when meeting such requirements due to its centralization. Edge clouds seems to be the solution for the aforementioned requirements, in which the resources are much closer to the edge devices and provides local computing power and high Quality of Service (QoS). However, there are still security issues that endanger the functionality of edge clouds. One of the recent types of such issues is Very Short Intermittent Distributed Denial of Service (VSI-DDoS) which is a new category of low-rate DDoS attacks that targets both small and large-scale web services. This attack generates very short bursts of HTTP request intermittently towards target services to encounter unexpected degradation of QoS at edge clouds. In this paper, we formulate the problem with a sequence modeling approach to address short intermittent intervals of DDoS attacks during the rendering of services on edge clouds using Long Short-Term Memory (LSTM) with local attention. The proposed approach ameliorates the detection performance by learning from the most important discernible patterns of the sequence data rather than considering complete historical information and hence achieves a more sophisticated model approximation. Experimental results confirm the feasibility of the proposed approach for VSI-DDoS detection on edge clouds and it achieves 2% more accuracy when compared with baseline methods.

[1]  Ali Dehghantanha,et al.  Ensemble-based multi-filter feature selection method for DDoS detection in cloud computing , 2016, EURASIP J. Wirel. Commun. Netw..

[2]  Genoveva Vargas-Solar,et al.  Smart Detection: An Online Approach for DoS/DDoS Attack Detection Using Machine Learning , 2019, Secur. Commun. Networks.

[3]  Jimmy Ba,et al.  Adam: A Method for Stochastic Optimization , 2014, ICLR.

[4]  Erik Elmroth,et al.  Multi-scale Low-Rate DDoS Attack Detection Using the Generalized Total Variation Metric , 2018, 2018 17th IEEE International Conference on Machine Learning and Applications (ICMLA).

[5]  Jianli Pan,et al.  Future Edge Cloud and Edge Computing for Internet of Things Applications , 2018, IEEE Internet of Things Journal.

[6]  Muhammad Aamir,et al.  DDoS attack detection with feature engineering and machine learning: the framework and performance evaluation , 2019, International Journal of Information Security.

[7]  Jürgen Schmidhuber,et al.  Long Short-Term Memory , 1997, Neural Computation.

[8]  Taieb Znati,et al.  A Long Short-Term Memory Enabled Framework for DDoS Detection , 2019, 2019 IEEE Global Communications Conference (GLOBECOM).

[9]  Yalei Ding,et al.  Intrusion Detection System for NSL-KDD Dataset Using Convolutional Neural Networks , 2018, CSAI '18.

[10]  Ali Kashif Bashir,et al.  DIDDOS: An approach for detection and identification of Distributed Denial of Service (DDoS) cyberattacks using Gated Recurrent Units (GRU) , 2021, Future Gener. Comput. Syst..

[11]  Richard E. Overill,et al.  Detection of known and unknown DDoS attacks using Artificial Neural Networks , 2016, Neurocomputing.

[12]  Karim Afdel,et al.  Semi-supervised machine learning approach for DDoS detection , 2018, Applied Intelligence.

[13]  Sergey Ioffe,et al.  Batch Normalization: Accelerating Deep Network Training by Reducing Internal Covariate Shift , 2015, ICML.

[14]  Qiben Yan,et al.  Very Short Intermittent DDoS Attacks in an Unsaturated System , 2017, SecureComm.

[15]  Nour Moustafa,et al.  UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set) , 2015, 2015 Military Communications and Information Systems Conference (MilCIS).

[16]  Nasser Assem,et al.  Network Based Intrusion Detection Using the UNSW-NB15 Dataset , 2019, International Journal of Computing and Digital Systems.

[17]  Yoshua Bengio,et al.  Show, Attend and Tell: Neural Image Caption Generation with Visual Attention , 2015, ICML.

[18]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[19]  Monowar H. Bhuyan,et al.  Boosted Ensemble Learning for Anomaly Detection in 5G RAN , 2020, AIAI.

[20]  E OverillRichard,et al.  Detection of known and unknown DDoS attacks using Artificial Neural Networks , 2016 .

[21]  Sepp Hochreiter,et al.  The Vanishing Gradient Problem During Learning Recurrent Neural Nets and Problem Solutions , 1998, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[22]  Kazim Yildiz,et al.  Detection of DDoS attacks with feed forward based deep neural network model , 2021, Expert Syst. Appl..

[23]  Aziz Mohaisen,et al.  Timing is Almost Everything: Realistic Evaluation of the Very Short Intermittent DDoS Attacks , 2018, 2018 16th Annual Conference on Privacy, Security and Trust (PST).