DELA: A Deep Ensemble Learning Approach for Cross-layer VSI-DDoS Detection on the Edge

Abstract

Web application services and networks become a major target of low-rate Distributed Denial of Service (DDoS) attacks such as Very Short Intermittent DDoS (VSI-DDoS). These threats exploit the TCP congestion control mechanism to cause transient resource outage and impute delays for legitimate users’ requests, while they bypass the secure systems. Besides that, cross-layer VSI-DDoS attacks, where the performed attacks are towards the different layers of the edge cloud infrastructures, are able to cause violation of customers’ Service-Level Agreements (SLAs) with less visible behavioral patterns. In this work, we propose a novel Deep Ensemble Learning Approach named DELA for detection of cross-layer VSI-DDoS on the edge cloud. This approach is developed based on Long Short-Term Memory (LSTM), ensemble learning, and a new voting mechanism based on Feed-Forward Neural Network (FFNN). In addition, it employs a novel training and detection algorithm to combat such attacks in web services and networks. The model shows improved results due to the utilization of historical information in decision- making and also the usage of neural network as aggregator instead of a static threshold-based aggregation. Moreover, we propose a novel overlapped data chunking algorithm that is able to ameliorate the detection performance. Furthermore, the evaluation of DELA shows its superior performance over our testbed and benchmark datasets. Accordingly, DELA achieves on average 4.88% higher F 1 score compared to state-of-the-art methods.