Unsupervised target-driven artificial neural networks for dynamic DDoS mitigation within the ISP domain
MetadataShow full item record
This item's downloads: 5 (view details)
Contemporary Distributed Denial-of-Service (DDoS) attack vectors can change their traffic patterns during the time when an attack is underway, and as such, pre-trained models can struggle to identify new attack traffic correctly. Fibre deployments and 5G technology continue to roll out, and an increasing number of Internet of things (IoT) devices are connecting to the Internet, all of which adds another layer of difficulty for DDoS mitigation. The Internet service provider (ISP) is the connector between the users and the Internet. Deploying the DDoS mitigation system within the ISP domain offers an efficient solution. Consequently, this thesis presents several novel models for DDoS mitigation within the ISP domain. The proposed data processing unit exploits the network flow data collected by the ISP to increase the separability of the data to enhance the performance of the detection model. Unsupervised neural networks are utilised to create adaptive mitigation systems guided by a reference target to cope with the dynamic nature of modern DDoS technology. The idea of ’Tell me the number and I will identify them’ motivates and underpins the target-driven model. Three reference targets are used in this research for different models. The first reference target is the number of normal IP addresses contained in the time frame right before the attack. The second reference target is the mean of normal IP addresses calculated from three time frames before the attack. The third reference target is calculated by the model automatically. The results have demonstrated that the target-driven unsupervised models perform well on DDoS flood attacks within the ISP domain.