Chronos: DDoS Attack Detection Using Time-Based Autoencoder

Cognitive network management is becoming quintessential to realize autonomic networking. However, the wide spread adoption of the Internet of Things (IoT) devices, increases the risk of cyber attacks. Adversaries can exploit vulnerabilities in IoT devices, which can be harnessed to launch massive Distributed Denial of Service (DDoS) attacks. Therefore, intelligent security mechanisms are needed to harden network security against these threats. In this paper, we propose Chronos, a novel time-based anomaly detection system. The anomaly detector, primarily an Autoencoder, leverages time-based features over multiple time windows to efficiently detect anomalous DDoS traffic. We develop a threshold selection heuristic that maximizes the F1-score across various DDoS attacks. Further, we compare the performance of Chronos against state-of-the-art approaches. We show that Chronos marginally outperforms another timebased system using a less complex anomaly detection pipeline, while out classing flow-based approaches with superior precision. In addition, We showcase the robustness of Chronos in the face of zero-day attacks, noise in training data, and a small number of training packets, asserting its suitability for online deployment.

[1]  김종영 구글 TensorFlow 소개 , 2015 .

[2]  Raouf Boutaba,et al.  Machine Learning for Cognitive Network Management , 2018, IEEE Communications Magazine.

[3]  Yang Xu,et al.  DDoS Attacks Detection with AutoEncoder , 2020, NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium.

[4]  Nitish Srivastava,et al.  Dropout: a simple way to prevent neural networks from overfitting , 2014, J. Mach. Learn. Res..

[5]  Nhien-An Le-Khac,et al.  DDoSNet: A Deep-Learning Model for Detecting Network Attacks , 2020, 2020 IEEE 21st International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM).

[6]  Razvan Pascanu,et al.  Overcoming catastrophic forgetting in neural networks , 2016, Proceedings of the National Academy of Sciences.

[7]  Aiko Pras,et al.  An Overview of IP Flow-Based Intrusion Detection , 2010, IEEE Communications Surveys & Tutorials.

[8]  Cordelia Schmid,et al.  End-to-End Incremental Learning , 2018, ECCV.

[9]  Nick Feamster,et al.  Machine Learning DDoS Detection for Consumer Internet of Things Devices , 2018, 2018 IEEE Security and Privacy Workshops (SPW).

[10]  Robert Abbas,et al.  Machine Learning based Anomaly Detection for 5G Networks , 2020, ArXiv.

[11]  Asaf Shabtai,et al.  MDGAN: Boosting Anomaly Detection Using Multi-Discriminator Generative Adversarial Networks , 2018, ArXiv.

[12]  Nicholas R. Jennings,et al.  Unsupervised anomaly detection with LSTM autoencoders using statistical data-filtering , 2021, Appl. Soft Comput..

[13]  Raghavendra Chalapathy University of Sydney,et al.  Deep Learning for Anomaly Detection: A Survey , 2019, ArXiv.

[14]  Ali A. Ghorbani,et al.  Developing Realistic Distributed Denial of Service (DDoS) Attack Dataset and Taxonomy , 2019, 2019 International Carnahan Conference on Security Technology (ICCST).

[15]  Ying Gao,et al.  A Novel Semi-Supervised Learning Approach for Network Intrusion Detection on Cloud-Based Robotic System , 2018, IEEE Access.

[16]  Ali A. Ghorbani,et al.  Characterization of Encrypted and VPN Traffic using Time-related Features , 2016, ICISSP.

[17]  Yang Feng,et al.  Unsupervised Anomaly Detection via Variational Auto-Encoder for Seasonal KPIs in Web Applications , 2018, WWW.

[18]  Wooju Kim,et al.  Unsupervised learning approach for network intrusion detection system using autoencoders , 2019, The Journal of Supercomputing.

[19]  Arwa Alrawais,et al.  FlowGuard: An Intelligent Edge Defense Mechanism Against IoT DDoS Attacks , 2020, IEEE Internet of Things Journal.

[20]  Shahrzad Sedaghat The Forensics of DDoS Attacks in the Fifth Generation Mobile Networks Based on Software-Defined Networks , 2020, Int. J. Netw. Secur..

[21]  Youngseok Lee,et al.  Toward scalable internet traffic measurement and analysis with Hadoop , 2013, CCRV.

[22]  Jianbin Huang,et al.  Robust Anomaly Detection in Feature-Evolving Time Series , 2021, Comput. J..

[23]  Falko Dressler,et al.  On High-Speed Flow-Based Intrusion Detection Using Snort-Compatible Signatures , 2022, IEEE Transactions on Dependable and Secure Computing.

[24]  Yuval Elovici,et al.  Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection , 2018, NDSS.

[25]  Raouf Boutaba,et al.  ATMoS: Autonomous Threat Mitigation in SDN using Reinforcement Learning , 2020, NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium.

[26]  Manish Parashar,et al.  An Unsupervised Approach for Online Detection and Mitigation of High-Rate DDoS Attacks Based on an In-Memory Distributed Graph Using Streaming Data and Analytics , 2017, BDCAT.

[27]  Bryan Hooi,et al.  Graph Neural Network-Based Anomaly Detection in Multivariate Time Series , 2021, AAAI.

[28]  Muhammad Sher,et al.  Flow-based intrusion detection: Techniques and challenges , 2017, Comput. Secur..

[29]  Raouf Boutaba,et al.  A comprehensive survey on machine learning for networking: evolution, applications and research opportunities , 2018, Journal of Internet Services and Applications.

[30]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.

[31]  Karim Afdel,et al.  Semi-supervised machine learning approach for DDoS detection , 2018, Applied Intelligence.

[32]  Eric Darve,et al.  Regularized Cycle Consistent Generative Adversarial Network for Anomaly Detection , 2020, ECAI.

[33]  Guigang Zhang,et al.  Deep Learning , 2016, Int. J. Semantic Comput..

[34]  Byoung-Tak Zhang,et al.  Overcoming Catastrophic Forgetting by Incremental Moment Matching , 2017, NIPS.

[35]  Giovane C. M. Moura,et al.  ENTRADA: A high-performance network traffic data streaming warehouse , 2016, NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium.

[36]  Raouf Boutaba,et al.  Time-based Anomaly Detection using Autoencoder , 2020, 2020 16th International Conference on Network and Service Management (CNSM).

[37]  Leland McInnes,et al.  UMAP: Uniform Manifold Approximation and Projection for Dimension Reduction , 2018, ArXiv.