Affordable Access

Access to the full text

ML-Based DDoS Detection and Identification Using Native Cloud Telemetry Macroscopic Monitoring

Authors
  • Corrêa, João Henrique1
  • Ciarelli, Patrick M.1
  • Ribeiro, Moises R. N.1
  • Villaça, Rodolfo S.1
  • 1 Federal University of Espírito Santo (Ufes), Vitória, ES, Brazil , Vitória (Brazil)
Type
Published Article
Journal
Journal of Network and Systems Management
Publisher
Springer US
Publication Date
Jan 20, 2021
Volume
29
Issue
2
Identifiers
DOI: 10.1007/s10922-020-09578-1
Source
Springer Nature
Keywords
License
Yellow

Abstract

The detection and identification of Distributed Denial-of-Service (DDoS) attacks remains a challenge in cloud/edge/fog computing environments. It usually requires network middleboxes, such as deep packet inspectors (DPI), for detection task mostly. But clouds and fogs have native powerful telemetry systems that are not yet fully exploited for DDoS detection; and provide so much information that could aid attack identification tasks as well. Machine Learning (ML) algorithms can help one diving into the richness of cloud’s native data collection services, which have a multitude of metrics from both physical and virtual hosts. This paper evaluates the use of ML algorithms over datasets collected from a experimental testbed based on OpenStack. Controlled attack scenarios were used to investigate the ability of ML for tasks such as detecting and identifying SYN_Flood and GET_Flood DDoS attacks mixed, in different proportions, with legitimate clients. kNN and Random Forest ML algorithms were trained and tested, and for evaluation the metrics accuracy, recall, precision, and F1-score were used. Our experiments presented about 87% of accuracy in the detection of SYN_Flood and GET_Flood DDoS attacks, whereas Snort IDS mostly fails to detect the latter attack by processing the corresponding packet traces. Also, the detection of PING_Flood DDoS attack was tested without training as an initial evaluation towards the generalization of the proposal.

Report this publication

Statistics

Seen <100 times