Summary
Asia-Pacific Network Operations and Management Symposium
2022
Session Number:TS2
Session:
Number:TS2-03
DDoS Attack Detection Combining Time Series-based Multi-dimensional Sketch and Machine Learning
Yanchao Sun, Yuanfeng Han, Yue Zhang, Mingsong Chen, Shui Yu, Yimin Xu,
pp.-
Publication Date:2022/09/28
Online ISSN:2188-5079
PDF download
Summary:
Machine learning-based DDoS attack detection methods are mostly implemented at the packet level with expensive computational time costs, and the space cost of those sketch-based detection methods is uncertain. This paper proposes a two-stage DDoS attack detection algorithm combining time series-based multi-dimensional sketch and machine learning technologies. Besides packet numbers, total lengths, and protocols, we construct the time series-based multi-dimensional sketch with limited space cost by storing elephant flow information with the Boyer-Moore voting algorithm and hash index. For the first stage of detection, we adopt CNN to generate sketch-level DDoS attack detection results from the time series-based multi-dimensional sketch. For the sketch with potential DDoS attacks, we use RNN with flow information extracted from the sketch to implement flow-level DDoS attack detection in the second stage. Experimental results show that not only is the detection accuracy of our proposed method much close to that of packet-level DDoS attack detection methods based on machine learning, but also the computational time cost of our method is much smaller with regard to the number of machine learning operations.