Lucid: A Practical, Lightweight Deep Learning Solution for DDoS Attack Detection

Doriguzzi-Corin, Roberto; Millar, Stuart; Scott-Hayward, Sandra; Rincón, Jesús Martínez del; Siracusa, Domenico

doi:10.1109/tnsm.2020.2971776

Cited by 250 publications

(126 citation statements)

References 57 publications

Supporting

Mentioning

121

Contrasting

Unclassified

Order By: Relevance

“…Despite the detection performance of the proposed MLP is not the best when considering CIC-IDS2017, it still presents outstanding results, with Acc = 98.95%, DR = 98.31% and FAR = 0.15%. Note that our scheme is outperformed by [10], in which a convolutional neural network (CNN) based IDS is proposed. In [10], DDoS attacks and legitimate traffic patterns are learnt by CNN through convolutional filters sliding over packet flow inputs to identify anomalous characteristics, which may explain its higher Acc and DR results compared to our MLP based solution.…”

Section: A Resultsmentioning

confidence: 92%

Noise-Robust Multilayer Perceptron Architecture for Distributed Denial of Service Attack Detection

et al. 2021

View full text Add to dashboard Cite

Distributed Denial of Service (DDoS) attacks are one of the most challenging security threats, since a single victim is attacked by several compromised malicious nodes. As a consequence, legitimate end users can be prevented to access network resources. This letter proposes a noise-robust multilayer perceptron (MLP) architecture for DDoS attack detection trained with corrupted data. In the proposed approach, the average value of the common features among dataset instances is iteratively filtered out by applying Higher Order Singular Value Decomposition (HOSVD) based techniques. The effectiveness of the proposed architecture is validated through comparison with state-of-the-art methods.

show abstract

Section: A Resultsmentioning

confidence: 92%

Noise-Robust Multilayer Perceptron Architecture for Distributed Denial of Service Attack Detection

et al. 2021

View full text Add to dashboard Cite

show abstract

“…Although it is not the best IDS among the compared ones, the proposed scheme still presents a considerable performance, with Acc =

, DR =

and FAR =

for gradient boosting algorithm, outperforming almost all competitor schemes. It is worth to mention the performance shown by LUCID, proposed by Doriguzzi-Corin et al in [ 29 ], with Acc, DR and FAR of

and

, respectively. The authors presented a practical, lightweight CNN-based DDoS detection architecture with low processing overhead and attack detection time.…”

Section: Simulation Resultsmentioning

confidence: 99%

Error-Robust Distributed Denial of Service Attack Detection Based on an Average Common Feature Extraction Technique

Maranhão

Costa

Freitas

et al. 2020

Sensors

View full text Add to dashboard Cite

In recent years, advanced threats against Cyber–Physical Systems (CPSs), such as Distributed Denial of Service (DDoS) attacks, are increasing. Furthermore, traditional machine learning-based intrusion detection systems (IDSs) often fail to efficiently detect such attacks when corrupted datasets are used for IDS training. To face these challenges, this paper proposes a novel error-robust multidimensional technique for DDoS attack detection. By applying the well-known Higher Order Singular Value Decomposition (HOSVD), initially, the average value of the common features among instances is filtered out from the dataset. Next, the filtered data are forwarded to machine learning classification algorithms in which traffic information is classified as a legitimate or a DDoS attack. In terms of results, the proposed scheme outperforms traditional low-rank approximation techniques, presenting an accuracy of 98.94%, detection rate of 97.70% and false alarm rate of 4.35% for a dataset corruption level of 30% with a random forest algorithm applied for classification. In addition, for error-free conditions, it is found that the proposed approach outperforms other related works, showing accuracy, detection rate and false alarm rate of 99.87%, 99.86% and 0.16%, respectively, for the gradient boosting classifier.

show abstract

“…Obviously, there are more sophisticated types of neural networks [52,53] that can classify DDoS network traffic with a higher accuracy. The above examples were only meant as an illustration of how security analysts could contribute different ML models and/or adversarial examples that are misclassified.…”

Section: Discussionmentioning

confidence: 99%

Sharing Machine Learning Models as Indicators of Compromise for Cyber Threat Intelligence

Preuveneers

Joosen

2021

JCP

View full text Add to dashboard Cite

Cyber threat intelligence (CTI) sharing is the collaborative effort of sharing information about cyber attacks to help organizations gain a better understanding of threats and proactively defend their systems and networks from cyber attacks. The challenge that we address is the fact that traditional indicators of compromise (IoC) may not always capture the breath or essence of a cyber security threat or attack campaign, possibly leading to false alert fatigue and missed detections with security analysts. To tackle this concern, we designed and evaluated a CTI solution that complements the attribute and tagging based sharing of indicators of compromise with machine learning (ML) models for collaborative threat detection. We implemented our solution on top of MISP, TheHive, and Cortex—three state-of-practice open source CTI sharing and incident response platforms—to incrementally improve the accuracy of these ML models, i.e., reduce the false positives and false negatives with shared counter-evidence, as well as ascertain the robustness of these models against ML attacks. However, the ML models can be attacked as well by adversaries that aim to evade detection. To protect the models and to maintain confidentiality and trust in the shared threat intelligence, we extend our previous research to offer fine-grained access to CP-ABE encrypted machine learning models and related artifacts to authorized parties. Our evaluation demonstrates the practical feasibility of the ML model based threat intelligence sharing, including the ability of accounting for indicators of adversarial ML threats.

show abstract

Lucid: A Practical, Lightweight Deep Learning Solution for DDoS Attack Detection

Cited by 250 publications

References 57 publications

Noise-Robust Multilayer Perceptron Architecture for Distributed Denial of Service Attack Detection

Noise-Robust Multilayer Perceptron Architecture for Distributed Denial of Service Attack Detection

Error-Robust Distributed Denial of Service Attack Detection Based on an Average Common Feature Extraction Technique

Sharing Machine Learning Models as Indicators of Compromise for Cyber Threat Intelligence

Contact Info

Product

Resources

About