Journal
IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT
Volume 17, Issue 2, Pages 876-889Publisher
IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
DOI: 10.1109/TNSM.2020.2971776
Keywords
Computer crime; Denial-of-service attack; IP networks; Entropy; Deep learning; Feature extraction; Distributed denial of service; deep learning; convolutional neural networks; edge computing
Categories
Funding
- European Union [815141]
- EPSRC [EP/K004379/1, EP/N508664/1, EP/R007187/1] Funding Source: UKRI
Ask authors/readers for more resources
Distributed Denial of Service (DDoS) attacks are one of the most harmful threats in today's Internet, disrupting the availability of essential services. The challenge of DDoS detection is the combination of attack approaches coupled with the volume of live traffic to be analysed. In this paper, we present a practical, lightweight deep learning DDoS detection system called Lucid, which exploits the properties of Convolutional Neural Networks (CNNs) to classify traffic flows as either malicious or benign. We make four main contributions; (1) an innovative application of a CNN to detect DDoS traffic with low processing overhead, (2) a dataset-agnostic preprocessing mechanism to produce traffic observations for online attack detection, (3) an activation analysis to explain Lucid's DDoS classification, and (4) an empirical validation of the solution on a resource-constrained hardware platform. Using the latest datasets, Lucid matches existing state-of-the-art detection accuracy whilst presenting a 40x reduction in processing time, as compared to the state-of-the-art. With our evaluation results, we prove that the proposed approach is suitable for effective DDoS detection in resource-constrained operational environments.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available