Unsupervised target-driven artificial neural networks for dynamic DDoS mitigation within the ISP domain
View/ Open
Date
2020-10-08Author
Ko, Ili
Metadata
Show full item recordUsage
This item's downloads: 50 (view details)
Abstract
Contemporary Distributed Denial-of-Service (DDoS) attack vectors can change their
traffic patterns during the time when an attack is underway, and as such, pre-trained
models can struggle to identify new attack traffic correctly. Fibre deployments and 5G
technology continue to roll out, and an increasing number of Internet of things (IoT)
devices are connecting to the Internet, all of which adds another layer of difficulty for
DDoS mitigation. The Internet service provider (ISP) is the connector between the
users and the Internet. Deploying the DDoS mitigation system within the ISP domain
offers an efficient solution. Consequently, this thesis presents several novel models for
DDoS mitigation within the ISP domain.
The proposed data processing unit exploits the network flow data collected by the
ISP to increase the separability of the data to enhance the performance of the detection
model. Unsupervised neural networks are utilised to create adaptive mitigation systems
guided by a reference target to cope with the dynamic nature of modern DDoS technology.
The idea of ’Tell me the number and I will identify them’ motivates and underpins
the target-driven model. Three reference targets are used in this research for different
models. The first reference target is the number of normal IP addresses contained in the
time frame right before the attack. The second reference target is the mean of normal
IP addresses calculated from three time frames before the attack. The third reference
target is calculated by the model automatically. The results have demonstrated that the
target-driven unsupervised models perform well on DDoS flood attacks within the ISP
domain.