Multi-domain collaborative two-level DDoS detection via hybrid deep learning

In this paper, we investigate the problem of multiple network domains being threatened by Distributed Denial-of-Service (DDoS) attacks, in which a DDoS attack detection scheme is constructed based on the Software Defined Networks (SDN) hierarchical distributed control plane architecture. Specificall...

Celý popis

Uložené v:
Podrobná bibliografia
Vydané v:Computer networks (Amsterdam, Netherlands : 1999) Ročník 242; s. 110251
Hlavní autori: Feng, Huifen, Zhang, Weiting, Liu, Ying, Zhang, Chuan, Ying, Chenhao, Jin, Jian, Jiao, Zhenzhen
Médium: Journal Article
Jazyk:English
Vydavateľské údaje: Elsevier B.V 01.04.2024
Predmet:
Distributed Denial-of-Service (DDoS)
Improved hybrid deep learning
Multi-domain
Rényi entropy
Software Defined Networks (SDN)
Software Defined Networks (SDN)
Multi-domain
Distributed Denial-of-Service (DDoS)
Rényi entropy
Improved hybrid deep learning
ISSN:1389-1286, 1872-7069
On-line prístup:Získať plný text
Tagy: Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
Popis
Shrnutí:In this paper, we investigate the problem of multiple network domains being threatened by Distributed Denial-of-Service (DDoS) attacks, in which a DDoS attack detection scheme is constructed based on the Software Defined Networks (SDN) hierarchical distributed control plane architecture. Specifically, we propose a two-level detection framework for collaborative DDoS attack detection in multi-domain scenarios. To detect the signs of DDoS attacks as early as possible on the attack path, a first-level coarse-grained anomaly detection method based on the Rényi entropy algorithm is proposed. The purpose is to calculate the feature entropy of normal and abnormal traffic in a simple statistical way within the local network domain, achieving rapid perception of network anomalies. Then, the root server aggregates all abnormal traffic data uploaded by each local network domain, and the DCNN-LSTM algorithm based on a hybrid deep learning model as the second-level detection method extracts the features of the suspicious traffic from both temporal and spatial dimensions to achieve fine-grained DDoS attack classification. Finally, theoretical analysis and experimental results indicate that the proposed two-level detection method in multi-domain scenarios is effective and feasible, while with high detection accuracy.
ISSN:1389-1286
1872-7069
DOI:10.1016/j.comnet.2024.110251