Detection of VSI-DDoS Attacks on the Edge: A Sequential Modeling Approach

The advent of crucial areas such as smart healthcare and autonomous transportation, bring in new requirements on the computing infrastructure, including higher demand for real-time processing capability with minimized latency and maximized availability. The traditional cloud infrastructure has several deficiencies when meeting such requirements due to its centralization. Edge clouds seems to be the solution for the aforementioned requirements, in which the resources are much closer to the edge devices and provides local computing power and high Quality of Service (QoS). However, there are still security issues that endanger the functionality of edge clouds. One of the recent types of such issues is Very Short Intermittent Distributed Denial of Service (VSI-DDoS) which is a new category of low-rate DDoS attacks that targets both small and large-scale web services. This attack generates very short bursts of HTTP request intermittently towards target services to encounter unexpected degradation of QoS at edge clouds. In this paper, we formulate the problem with a sequence modeling approach to address short intermittent intervals of DDoS attacks during the rendering of services on edge clouds using Long Short-Term Memory (LSTM) with local attention. The proposed approach ameliorates the detection performance by learning from the most important discernible patterns of the sequence data rather than considering complete historical information and hence achieves a more sophisticated model approximation. Experimental results confirm the feasibility of the proposed approach for VSI-DDoS detection on edge clouds and it achieves 2% more accuracy when compared with baseline methods.