Please use this identifier to cite or link to this item: http://hdl.handle.net/10125/64534

An Unsupervised Approach to DDoS Attack Detection and Mitigation in Near-Real Time

File Size Format  
0639.pdf 684.73 kB Adobe PDF View/Open

Item Summary

Title:An Unsupervised Approach to DDoS Attack Detection and Mitigation in Near-Real Time
Authors:Mcandrew, Robert
Hayne, Stephen
Wang, Haonan
Keywords:Machine Learning and Cyber Threat Intelligence and Analytics
ddos
functional principal component analysis
k-means clustering
network monitoring
show 1 moreunsupervised learning
show less
Date Issued:07 Jan 2020
Abstract:We present an approach for Distributed Denial of Service (DDoS) attack detection and mitigation in near-real time. The adaptive unsupervised machine learning methodology is based on volumetric thresholding, Functional Principal Component Analysis, and K-means clustering (with tuning parameters for flexibility), which dissects the dataset into categories of outlier source IP addresses. A probabilistic risk assessment technique is used to assign “threat levels” to potential malicious actors. We use our approach to analyze a synthetic DDoS attack with ground truth, as well as the Network Time Protocol (NTP) amplification attack that occurred during January of 2014 at a large mountain-range university. We demonstrate the speed and capabilities of our technique through replay of the NTP attack. We show that we can detect and attenuate the DDoS within two minutes with significantly reduced volume throughout the six waves of the attack.
Pages/Duration:10 pages
URI:http://hdl.handle.net/10125/64534
ISBN:978-0-9981331-3-3
DOI:10.24251/HICSS.2020.792
Rights:Attribution-NonCommercial-NoDerivatives 4.0 International
https://creativecommons.org/licenses/by-nc-nd/4.0/
Appears in Collections: Machine Learning and Cyber Threat Intelligence and Analytics


Please email libraryada-l@lists.hawaii.edu if you need this content in ADA-compliant format.

This item is licensed under a Creative Commons License Creative Commons