Pub Date : 2022-09-26DOI: 10.1109/LCN53696.2022.9843650
Abdelmounaim Bouroudi, A. Outtagarts, Y. H. Aoul
Network slicing, also known as the virtual network embedding (VNE) problem, is an NP-hard optimization problem. Compared to traditional approaches, the methods relying on deep reinforcement learning yield better performance without exhibiting issues such as stacking at local minima and/or solutions’ space exploration limits. These algorithms present, however, different performances according to the employed approach, and the problem to be treated, resulting in robustness problems. To overcome these limits, we propose the adoption of the best algorithm, from a selection of learning strategies, in terms of reward and sample efficiency at each time step. The proposed strategy acts as a meta-algorithm that brings more robustness to the network by dynamically selecting the best solution for a specific scenario. Our solution proved its efficiency and managed to dynamically select the best algorithm in terms of the best acceptance ratio of the deployed services and outperform all the standalone algorithms.
{"title":"Robust Deep Reinforcement Learning Algorithm for VNF-FG Embedding","authors":"Abdelmounaim Bouroudi, A. Outtagarts, Y. H. Aoul","doi":"10.1109/LCN53696.2022.9843650","DOIUrl":"https://doi.org/10.1109/LCN53696.2022.9843650","url":null,"abstract":"Network slicing, also known as the virtual network embedding (VNE) problem, is an NP-hard optimization problem. Compared to traditional approaches, the methods relying on deep reinforcement learning yield better performance without exhibiting issues such as stacking at local minima and/or solutions’ space exploration limits. These algorithms present, however, different performances according to the employed approach, and the problem to be treated, resulting in robustness problems. To overcome these limits, we propose the adoption of the best algorithm, from a selection of learning strategies, in terms of reward and sample efficiency at each time step. The proposed strategy acts as a meta-algorithm that brings more robustness to the network by dynamically selecting the best solution for a specific scenario. Our solution proved its efficiency and managed to dynamically select the best algorithm in terms of the best acceptance ratio of the deployed services and outperform all the standalone algorithms.","PeriodicalId":303965,"journal":{"name":"2022 IEEE 47th Conference on Local Computer Networks (LCN)","volume":"52 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134069258","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-09-26DOI: 10.1109/LCN53696.2022.9843597
E. Scheid, M. Franco, Fabian Küffer, Niels Kübler, Pascal Kiechl, B. Stiller
Network Functions Virtualization (NFV) has been a key part of evolving communication systems in the last few years. However, the life-cycle management of Virtual Network Functions (VNF) is still a not trivial task. Blockchains (BC), due to their decentralization and immutability characteristics, together with the automation provided by Smart Contracts (SC), can be employed to enable such automated and trustworthy VNF management.Thus, this paper proposes VeNiCE to automate the deployment and life-cycle management of VNFs using events emitted on SCs. VeNiCE provides automation and auditability by relying on a BC to provide a decentralized approach for VNF management, which performs management actions, such as VNF deployment and deletion, and based on events and communicates with an SC to provide immutable logging of the VNF life-cycle. VeNiCE provides (i) a frontend for user interaction, (ii) a backend implementing the communication with the NFV framework, and (iii) an SC that emits events, stores VNF allocations, and authenticates users. A prototype of VeNiCE was developed and deployed in the Ethereum BC using OpenStack Tacker as an NFV platform. Experiments were conducted in a real-world deployment of such a prototype to analyze the economic costs of using SCs and the time required to process requests by each component of VeNiCE and the BC. Those results obtained show VeNiCE’s feasibility, highlight its benefits achieved with the automation and provide insights on reducing costs by exploring additional BC platforms and different deployment types, which introduce centralization and management concerns.
{"title":"VeNiCE: Enabling Automatic VNF Management based on Smart Contract Events","authors":"E. Scheid, M. Franco, Fabian Küffer, Niels Kübler, Pascal Kiechl, B. Stiller","doi":"10.1109/LCN53696.2022.9843597","DOIUrl":"https://doi.org/10.1109/LCN53696.2022.9843597","url":null,"abstract":"Network Functions Virtualization (NFV) has been a key part of evolving communication systems in the last few years. However, the life-cycle management of Virtual Network Functions (VNF) is still a not trivial task. Blockchains (BC), due to their decentralization and immutability characteristics, together with the automation provided by Smart Contracts (SC), can be employed to enable such automated and trustworthy VNF management.Thus, this paper proposes VeNiCE to automate the deployment and life-cycle management of VNFs using events emitted on SCs. VeNiCE provides automation and auditability by relying on a BC to provide a decentralized approach for VNF management, which performs management actions, such as VNF deployment and deletion, and based on events and communicates with an SC to provide immutable logging of the VNF life-cycle. VeNiCE provides (i) a frontend for user interaction, (ii) a backend implementing the communication with the NFV framework, and (iii) an SC that emits events, stores VNF allocations, and authenticates users. A prototype of VeNiCE was developed and deployed in the Ethereum BC using OpenStack Tacker as an NFV platform. Experiments were conducted in a real-world deployment of such a prototype to analyze the economic costs of using SCs and the time required to process requests by each component of VeNiCE and the BC. Those results obtained show VeNiCE’s feasibility, highlight its benefits achieved with the automation and provide insights on reducing costs by exploring additional BC platforms and different deployment types, which introduce centralization and management concerns.","PeriodicalId":303965,"journal":{"name":"2022 IEEE 47th Conference on Local Computer Networks (LCN)","volume":"135 1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132218945","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-09-26DOI: 10.1109/LCN53696.2022.9843450
Ji Li, Chunxiang Gu, Luan Luan, Fushan Wei, Wenfen Liu
Encrypted traffic classification is a key technology for network monitoring and management, and its recent research results are mostly based on deep learning. Due to the difficulty in obtaining sufficient labeled data, few-shot traffic classification has received considerable attention. However, most of the existing results have two defects. First, they are mostly based on the assumption of a labeled base dataset for pre-training. Second, they neglect the problem of unknown traffic discovery under open-set conditions. In this paper, aiming at the problem of few-shot open-set encrypted traffic classification, a corresponding framework FSOSTC is constructed under the condition of unsupervised pre-training. Two data augmentation methods for packet feature map are proposed to assist the pre-training through self-supervised learning, which is combined with parameter fine-tuning, unknown discovery and class extension strategies. Experiments on public datasets verify the effectiveness of FSOSTC. For the few-shot open-set malicious traffic classification task, the CSA reaches 95.41% and the AUROC reaches 0.8664.
{"title":"Few-Shot Open-Set Traffic Classification Based on Self-Supervised Learning","authors":"Ji Li, Chunxiang Gu, Luan Luan, Fushan Wei, Wenfen Liu","doi":"10.1109/LCN53696.2022.9843450","DOIUrl":"https://doi.org/10.1109/LCN53696.2022.9843450","url":null,"abstract":"Encrypted traffic classification is a key technology for network monitoring and management, and its recent research results are mostly based on deep learning. Due to the difficulty in obtaining sufficient labeled data, few-shot traffic classification has received considerable attention. However, most of the existing results have two defects. First, they are mostly based on the assumption of a labeled base dataset for pre-training. Second, they neglect the problem of unknown traffic discovery under open-set conditions. In this paper, aiming at the problem of few-shot open-set encrypted traffic classification, a corresponding framework FSOSTC is constructed under the condition of unsupervised pre-training. Two data augmentation methods for packet feature map are proposed to assist the pre-training through self-supervised learning, which is combined with parameter fine-tuning, unknown discovery and class extension strategies. Experiments on public datasets verify the effectiveness of FSOSTC. For the few-shot open-set malicious traffic classification task, the CSA reaches 95.41% and the AUROC reaches 0.8664.","PeriodicalId":303965,"journal":{"name":"2022 IEEE 47th Conference on Local Computer Networks (LCN)","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123723346","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-09-26DOI: 10.1109/LCN53696.2022.9843526
Aakash Soni, Jean-Luc Scharbarg
Deficit Round-Robin (DRR) is a promising service discipline for real-time Ethernet without a global synchronisation. Two improved Network Calculus approaches have been proposed to provide the required bounds on end-to-end delays. The first one is fast but can be optimistic for cornet cases. The second one is safe but highly time consuming. In this paper, we remove the potential optimism of the first approach while keeping its low complexity.
{"title":"Deficit Round-Robin: Network Calculus based Worst-Case Traversal Time Analysis Revisited","authors":"Aakash Soni, Jean-Luc Scharbarg","doi":"10.1109/LCN53696.2022.9843526","DOIUrl":"https://doi.org/10.1109/LCN53696.2022.9843526","url":null,"abstract":"Deficit Round-Robin (DRR) is a promising service discipline for real-time Ethernet without a global synchronisation. Two improved Network Calculus approaches have been proposed to provide the required bounds on end-to-end delays. The first one is fast but can be optimistic for cornet cases. The second one is safe but highly time consuming. In this paper, we remove the potential optimism of the first approach while keeping its low complexity.","PeriodicalId":303965,"journal":{"name":"2022 IEEE 47th Conference on Local Computer Networks (LCN)","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124922687","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Packet classification shows a key role in kinds of network functions, such as access control, routing, and quality of service (QoS). With the rapid growth of the network size, users have to ignore some fields in packet classification due to resource constraints. In addition, some fields may not always be available in some networks. However, traditional packet classification algorithms can hardly handle packet classification if some fields are missing. In this paper, we propose a novel model to build a robust classifier. In the classifier, we utilize the advantage of Recursive Flow Classification (RFC) in handling fields concurrently. Then, we design a new workflow to deal with field missing based on flows. In addition, two complementary bitmap models are designed to accelerate matching packets to flows, and a buffer mechanism is introduced to further improve the classification accuracy. Our experiments show that the proposed classifier can classify packets with an accuracy of 94%-99.5% when the field missing probability is lower than 0.3.
{"title":"Robust Packet Classification with Field Missing","authors":"Jiayao Wang, Ziling Wei, Baosheng Wang, Bao-kang Zhao, Jincheng Zhong","doi":"10.1109/LCN53696.2022.9843560","DOIUrl":"https://doi.org/10.1109/LCN53696.2022.9843560","url":null,"abstract":"Packet classification shows a key role in kinds of network functions, such as access control, routing, and quality of service (QoS). With the rapid growth of the network size, users have to ignore some fields in packet classification due to resource constraints. In addition, some fields may not always be available in some networks. However, traditional packet classification algorithms can hardly handle packet classification if some fields are missing. In this paper, we propose a novel model to build a robust classifier. In the classifier, we utilize the advantage of Recursive Flow Classification (RFC) in handling fields concurrently. Then, we design a new workflow to deal with field missing based on flows. In addition, two complementary bitmap models are designed to accelerate matching packets to flows, and a buffer mechanism is introduced to further improve the classification accuracy. Our experiments show that the proposed classifier can classify packets with an accuracy of 94%-99.5% when the field missing probability is lower than 0.3.","PeriodicalId":303965,"journal":{"name":"2022 IEEE 47th Conference on Local Computer Networks (LCN)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125096138","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-09-26DOI: 10.1109/LCN53696.2022.9843624
J. Garcia-Luna-Aceves
A new approach to loop-free shortest-path routing is introduced that uses distance vouchers that attest to the acyclic nature of paths. Routers search and find new shortest paths to destinations without ever creating routing loops by trusting updates originated by routers that vouch being closer to destinations. The new approach is shown to converge faster than prior loop-free shortest-path routing methods.
{"title":"Safe, Fast, and Cycle-Free Multi-Path Routing Using Vouchers","authors":"J. Garcia-Luna-Aceves","doi":"10.1109/LCN53696.2022.9843624","DOIUrl":"https://doi.org/10.1109/LCN53696.2022.9843624","url":null,"abstract":"A new approach to loop-free shortest-path routing is introduced that uses distance vouchers that attest to the acyclic nature of paths. Routers search and find new shortest paths to destinations without ever creating routing loops by trusting updates originated by routers that vouch being closer to destinations. The new approach is shown to converge faster than prior loop-free shortest-path routing methods.","PeriodicalId":303965,"journal":{"name":"2022 IEEE 47th Conference on Local Computer Networks (LCN)","volume":"69 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121158528","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-09-26DOI: 10.1109/LCN53696.2022.9843633
Hsiang-Jen Hong, Sang-Yoon Chang, Xiaobo Zhou
Payment Channel Network (PCN) is a scaling solution for Cryptocurrency networks. We advance the practicality of the PCN multi-path routing by better modeling the system to incorporate the cost of routing fee and the privacy requirement of the channel balance. We design our Auto-Tune algorithm to optimize the routing concerning both the success rate and the routing fee and utilizing the limited channel capacity information (due to the privacy of the PCN user, the channel balance information is withheld). The simulation result shows Auto-Tune outperforms the current PCN implementation based on single-path routing in the success rate. We compare Auto-Tune against the state-of-the-art Flash algorithm, utilizing the channel-balance information, violating the PCN user privacy, and diverging from current implementation practices. Auto-Tune achieves the routing fee close to the optimal fee obtained by Flash, and its success rate is also close to the success rate achieved by Flash.
{"title":"Auto-Tune: Efficient Autonomous Routing for Payment Channel Networks","authors":"Hsiang-Jen Hong, Sang-Yoon Chang, Xiaobo Zhou","doi":"10.1109/LCN53696.2022.9843633","DOIUrl":"https://doi.org/10.1109/LCN53696.2022.9843633","url":null,"abstract":"Payment Channel Network (PCN) is a scaling solution for Cryptocurrency networks. We advance the practicality of the PCN multi-path routing by better modeling the system to incorporate the cost of routing fee and the privacy requirement of the channel balance. We design our Auto-Tune algorithm to optimize the routing concerning both the success rate and the routing fee and utilizing the limited channel capacity information (due to the privacy of the PCN user, the channel balance information is withheld). The simulation result shows Auto-Tune outperforms the current PCN implementation based on single-path routing in the success rate. We compare Auto-Tune against the state-of-the-art Flash algorithm, utilizing the channel-balance information, violating the PCN user privacy, and diverging from current implementation practices. Auto-Tune achieves the routing fee close to the optimal fee obtained by Flash, and its success rate is also close to the success rate achieved by Flash.","PeriodicalId":303965,"journal":{"name":"2022 IEEE 47th Conference on Local Computer Networks (LCN)","volume":"461 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125810753","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-09-26DOI: 10.1109/LCN53696.2022.9843315
Zakaria Abou El Houda, L. Khoukhi, B. Brik
Attacks against the IoT network are increasing rapidly, leading to an exponential growth in the number of unsecured IoT devices. Existing security mechanisms are facing several issues due to the lack of real-time decisions, high energy consumption, and high time delays. In this context, we propose a novel Low-Latency Fog-based Framework, called FogFed, to secure IoT applications using Fog computing and Federated Learning (FL). The fog brings security mechanisms near IoT devices reducing delays in communication, while FL enables a privacy-aware collaborative learning between IoT while preserving their privacy. FogFed combines two levels of detection, Fog-based IoT attack detection using a binary FL classifier and cloud-based IoT attack detection using a Multiclass FL classifier. The in-depth experiments results with well-known IoT attack/malware using, the UNSW-NB15 datastet, show the significant accuracy (99%) and detection rate (99%), which outperforms centralized ML/DL models, while significantly reducing delays and preserving the privacy.
{"title":"A Low-Latency Fog-based Framework to secure IoT Applications using Collaborative Federated Learning","authors":"Zakaria Abou El Houda, L. Khoukhi, B. Brik","doi":"10.1109/LCN53696.2022.9843315","DOIUrl":"https://doi.org/10.1109/LCN53696.2022.9843315","url":null,"abstract":"Attacks against the IoT network are increasing rapidly, leading to an exponential growth in the number of unsecured IoT devices. Existing security mechanisms are facing several issues due to the lack of real-time decisions, high energy consumption, and high time delays. In this context, we propose a novel Low-Latency Fog-based Framework, called FogFed, to secure IoT applications using Fog computing and Federated Learning (FL). The fog brings security mechanisms near IoT devices reducing delays in communication, while FL enables a privacy-aware collaborative learning between IoT while preserving their privacy. FogFed combines two levels of detection, Fog-based IoT attack detection using a binary FL classifier and cloud-based IoT attack detection using a Multiclass FL classifier. The in-depth experiments results with well-known IoT attack/malware using, the UNSW-NB15 datastet, show the significant accuracy (99%) and detection rate (99%), which outperforms centralized ML/DL models, while significantly reducing delays and preserving the privacy.","PeriodicalId":303965,"journal":{"name":"2022 IEEE 47th Conference on Local Computer Networks (LCN)","volume":"50 11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130986609","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-09-26DOI: 10.1109/LCN53696.2022.9843593
T. Dahanayaka, Zhiyi Wang, Guillaume Jourjon, Suranga Seneviratne
Even though end-to-end encryption was introduced to Domain Name System (DNS) communications to ensure user privacy and there is an increase in adoption of DNS over HTTPS (DoH), prior research has demonstrated that encrypted DNS traffic is vulnerable to traffic analysis attacks. However, these attacks were demonstrated under strong assumptions such as handling only closed-set classification or doing only post-event analysis. In this work we demonstrate traffic analysis attacks on DoH without such strong assumptions. We first show the feasibility of website fingerprinting over DoH traffic and present an inline traffic analysis attack that achieve over 90% accuracy using DoH traces of length as short as ten packets. Next, we propose a novel open-set classification method and achieve over 75% accuracy on both closed-set and open-set samples for the open-set scenario. Finally, we demonstrate that the same attack can be performed without any knowledge on the start of the activity.
{"title":"Inline Traffic Analysis Attacks on DNS over HTTPS","authors":"T. Dahanayaka, Zhiyi Wang, Guillaume Jourjon, Suranga Seneviratne","doi":"10.1109/LCN53696.2022.9843593","DOIUrl":"https://doi.org/10.1109/LCN53696.2022.9843593","url":null,"abstract":"Even though end-to-end encryption was introduced to Domain Name System (DNS) communications to ensure user privacy and there is an increase in adoption of DNS over HTTPS (DoH), prior research has demonstrated that encrypted DNS traffic is vulnerable to traffic analysis attacks. However, these attacks were demonstrated under strong assumptions such as handling only closed-set classification or doing only post-event analysis. In this work we demonstrate traffic analysis attacks on DoH without such strong assumptions. We first show the feasibility of website fingerprinting over DoH traffic and present an inline traffic analysis attack that achieve over 90% accuracy using DoH traces of length as short as ten packets. Next, we propose a novel open-set classification method and achieve over 75% accuracy on both closed-set and open-set samples for the open-set scenario. Finally, we demonstrate that the same attack can be performed without any knowledge on the start of the activity.","PeriodicalId":303965,"journal":{"name":"2022 IEEE 47th Conference on Local Computer Networks (LCN)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123377732","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-09-26DOI: 10.1109/LCN53696.2022.9843465
Samuel Kopmann, Hauke Heseding, M. Zitterbart
Fast detection of Distributed Denial of Service attacks is key for establishing appropriate countermeasures in order to protect potential targets. HollywooDDoS applies well-known techniques from movie classification to the challenge of DDoS detection. The proposed approach utilizes a traffic aggregation scheme representing traffic volumes between IP subnets as two-dimensional images, while preserving detection relevant traffic characteristics. These images serve as input for a convolutional neural network, learning IP address space distributions of both background and attack traffic intensities. It is shown that a real-world DDoS attack can be precisely detected on the time scale of milliseconds. We evaluate classification of images without temporal information about attack traffic development to outline the impact of image resolution and aggregation time frames. We then show that attack detection further improves by 17% when utilizing a consecutive series of images capturing traffic dynamics.
{"title":"HollywooDDoS: Detecting Volumetric Attacks in Moving Images of Network Traffic","authors":"Samuel Kopmann, Hauke Heseding, M. Zitterbart","doi":"10.1109/LCN53696.2022.9843465","DOIUrl":"https://doi.org/10.1109/LCN53696.2022.9843465","url":null,"abstract":"Fast detection of Distributed Denial of Service attacks is key for establishing appropriate countermeasures in order to protect potential targets. HollywooDDoS applies well-known techniques from movie classification to the challenge of DDoS detection. The proposed approach utilizes a traffic aggregation scheme representing traffic volumes between IP subnets as two-dimensional images, while preserving detection relevant traffic characteristics. These images serve as input for a convolutional neural network, learning IP address space distributions of both background and attack traffic intensities. It is shown that a real-world DDoS attack can be precisely detected on the time scale of milliseconds. We evaluate classification of images without temporal information about attack traffic development to outline the impact of image resolution and aggregation time frames. We then show that attack detection further improves by 17% when utilizing a consecutive series of images capturing traffic dynamics.","PeriodicalId":303965,"journal":{"name":"2022 IEEE 47th Conference on Local Computer Networks (LCN)","volume":"31 2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123542703","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: