Adaptable feature-selecting and threshold-moving complete autoencoder for DDoS flood attack mitigation

Abstract DDoS attacks remain one of the top cyber threats targeting the financial, health care, retail, gaming, and political sectors, which affects Internet service disruption, data or monetary loss. Security experts have predicted that the development of 5G technology will increase the frequency and the vector of DDoS attacks. Moreover, enhanced DDoS attack technology utilises artificial intelligence [1], which will escalate the level of difficulty to identify malicious traffic correctly to mitigate the attack effectively. The Internet service provider (ISP) is the connector between the users and the Internet. Deploying DDoS mitigation systems within the ISP domain can offer an efficient solution. Therefore, we propose a dynamic learning system (DLS) for the ISP. The DLS is an unsupervised ensemble model using the Complete Autoencoder (CA) as base learners to classify network traffic. The utmost difference between the CA and the regular Autoencoder is that the CA exploits the imbalanced characteristic of the attack data to generate a binary classification via a class switch. When the predicted number of normal IP addresses is over 50% of the total IP addresses, the CA swaps the class of the IP addresses. The CA is directed by a reference object (RO), which is either a reference limit or the mean of a reference error function ( R L 1 ¯ ), to furnish the automation to the DLS. The DLS was trained with a TCP-ICMP flood attack and tested with a UDP-TCP and a UDP-TCP-ICMP flood attack data set. The average Recall, Precision and F1 Score are all above 0.97. Additionally, the DLS outperformed the K-means and the Self-Organising Map models on a UDP flood attack data set.

[1]  Junbin Gao,et al.  Gaussian Processes Autoencoder for Dimensionality Reduction , 2014, PAKDD.

[2]  Wooju Kim,et al.  Unsupervised learning approach for network intrusion detection system using autoencoders , 2019, The Journal of Supercomputing.

[3]  Vyas Sekar,et al.  Bohatei: Flexible and Elastic DDoS Defense , 2015, USENIX Security Symposium.

[4]  Andrew H. Sung,et al.  Intrusion detection using neural networks and support vector machines , 2002, Proceedings of the 2002 International Joint Conference on Neural Networks. IJCNN'02 (Cat. No.02CH37290).

[5]  Gu Yonghao,et al.  Semi-Supervised K-Means DDoS Detection Method Using Hybrid Feature Selection Algorithm , 2019 .

[6]  Akihiro Nakao,et al.  DDoS Defense Deployment with Network Egress and Ingress Filtering , 2010, 2010 IEEE International Conference on Communications.

[7]  Hongxun Yao,et al.  Auto-encoder based dimensionality reduction , 2016, Neurocomputing.

[8]  Burkhard Stiller,et al.  Multi-domain DDoS Mitigation Based on Blockchains , 2017, AIMS.

[9]  Qi Shi,et al.  A Deep Learning Approach to Network Intrusion Detection , 2018, IEEE Transactions on Emerging Topics in Computational Intelligence.

[10]  Li Guo,et al.  An active learning based TCM-KNN algorithm for supervised network intrusion detection , 2007, Comput. Secur..

[11]  Ruby B. Lee,et al.  Machine Learning Based DDoS Attack Detection from Source Side in Cloud , 2017, 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud).

[12]  Basil S. Maglaris,et al.  Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments , 2014, Comput. Networks.

[13]  Manas Ranjan Patra,et al.  Discriminative multinomial Naïve Bayes for network intrusion detection , 2010, 2010 Sixth International Conference on Information Assurance and Security.

[14]  Christian Diedrich,et al.  Accelerated deep neural networks for enhanced Intrusion Detection System , 2016, 2016 IEEE 21st International Conference on Emerging Technologies and Factory Automation (ETFA).

[15]  Robert X. Gao,et al.  Deep Learning and Its Applications to Machine Health Monitoring: A Survey , 2016, ArXiv.

[16]  Nazife Baykal,et al.  An Empirical Investigation of DDoS and Flash Event Detection Using Shannon Entropy, KOAD and SVM Combined , 2019, 2019 International Conference on Computing, Networking and Communications (ICNC).

[17]  Joel J. P. C. Rodrigues,et al.  An early detection of low rate DDoS attack to SDN based data center networks using information distance metrics , 2018, Future Gener. Comput. Syst..

[18]  C. A. Kumar,et al.  An analysis of supervised tree based classifiers for intrusion detection system , 2013, 2013 International Conference on Pattern Recognition, Informatics and Mobile Engineering.

[19]  Wojciech Mazurczyk,et al.  Network Threats Mitigation Using Software-Defined Networking for the 5G Internet of Radio Light System , 2019, Secur. Commun. Networks.

[20]  Zonghua Zhang,et al.  Towards Autonomic DDoS Mitigation using Software Defined Networking , 2015 .

[21]  Ada Gavrilovska,et al.  Towards IoT-DDoS Prevention Using Edge Computing , 2018, HotEdge.

[22]  Edjard de Souza Mota,et al.  AgNOS: A Framework for Autonomous Control of Software-Defined Networks , 2014, 2014 IEEE 28th International Conference on Advanced Information Networking and Applications.

[23]  Geoffrey E. Hinton,et al.  Reducing the Dimensionality of Data with Neural Networks , 2006, Science.

[24]  Jorge Maestre Vidal,et al.  Traffic-flow analysis for source-side DDoS recognition on 5G environments , 2019, J. Netw. Comput. Appl..

[25]  Talal Alharbi,et al.  Holistic DDoS mitigation using NFV , 2017, 2017 IEEE 7th Annual Computing and Communication Workshop and Conference (CCWC).

[26]  Yang Yu,et al.  Network Intrusion Detection through Stacking Dilated Convolutional Autoencoders , 2017, Secur. Commun. Networks.

[27]  Dong Yu,et al.  Deep Learning: Methods and Applications , 2014, Found. Trends Signal Process..

[28]  Pascal Vincent,et al.  Stacked Denoising Autoencoders: Learning Useful Representations in a Deep Network with a Local Denoising Criterion , 2010, J. Mach. Learn. Res..

[29]  Enda Barrett,et al.  A Lightweight DDoS Attack Mitigation System within the ISP Domain Utilising Self-organizing Map , 2018 .