An Unsupervised Approach to DDoS Attack Detection and Mitigation in Near-Real Time
| dc.contributor.author | Mcandrew, Robert | |
| dc.contributor.author | Hayne, Stephen | |
| dc.contributor.author | Wang, Haonan | |
| dc.date.accessioned | 2020-01-04T08:31:41Z | |
| dc.date.available | 2020-01-04T08:31:41Z | |
| dc.date.issued | 2020-01-07 | |
| dc.description.abstract | We present an approach for Distributed Denial of Service (DDoS) attack detection and mitigation in near-real time. The adaptive unsupervised machine learning methodology is based on volumetric thresholding, Functional Principal Component Analysis, and K-means clustering (with tuning parameters for flexibility), which dissects the dataset into categories of outlier source IP addresses. A probabilistic risk assessment technique is used to assign “threat levels” to potential malicious actors. We use our approach to analyze a synthetic DDoS attack with ground truth, as well as the Network Time Protocol (NTP) amplification attack that occurred during January of 2014 at a large mountain-range university. We demonstrate the speed and capabilities of our technique through replay of the NTP attack. We show that we can detect and attenuate the DDoS within two minutes with significantly reduced volume throughout the six waves of the attack. | |
| dc.format.extent | 10 pages | |
| dc.identifier.doi | 10.24251/HICSS.2020.792 | |
| dc.identifier.isbn | 978-0-9981331-3-3 | |
| dc.identifier.uri | http://hdl.handle.net/10125/64534 | |
| dc.language.iso | eng | |
| dc.relation.ispartof | Proceedings of the 53rd Hawaii International Conference on System Sciences | |
| dc.rights | Attribution-NonCommercial-NoDerivatives 4.0 International | |
| dc.rights.uri | https://creativecommons.org/licenses/by-nc-nd/4.0/ | |
| dc.subject | Machine Learning and Cyber Threat Intelligence and Analytics | |
| dc.subject | ddos | |
| dc.subject | functional principal component analysis | |
| dc.subject | k-means clustering | |
| dc.subject | network monitoring | |
| dc.subject | unsupervised learning | |
| dc.title | An Unsupervised Approach to DDoS Attack Detection and Mitigation in Near-Real Time | |
| dc.type | Conference Paper | |
| dc.type.dcmi | Text |
Files
Original bundle
1 - 1 of 1