Distributed Denial of Service (DDoS) is one of the most common cyber-attacks and caused several damages in recent years. Such attacks can be executed either through the orchestration of multiple devices that synchronously send requests or through specific patterns followed by a single device to force the victim to keep resources overrun. It becomes crucial to develop robust techniques to promptly detect those two kinds of DDoS attacks and mitigate their consequences. Most of the existing Machine Learning (ML) methods are based on flow and traffic information aggregations expressed in the form of independent vectors of statistical data, ignoring topological connections. Few recent solutions try to exploit the structural information of the network to improve the classification results. In particular, Graph Neural Network (GNN) based models can process traffic-level or flow-level relationships, represented as graphs, to detect malicious patterns.The objective of this paper is to combine the relationships at both the traffic-level and the flow-level by developing a two-level hierarchical graph representation and a GNN model able to process it, maximizing the information brought by the traffic structure and removing the necessity of stateful features. Experiments on the CIC-IDS2017 dataset show that the performances are comparable to the state-of-the-art solutions even using only the traffic structure.

FTG-Net: Hierarchical Flow-to-Traffic Graph Neural Network for DDoS Attack Detection

De Marinis, Lorenzo
;
Cugini, Filippo;Paolucci, Francesco
2023-01-01

Abstract

Distributed Denial of Service (DDoS) is one of the most common cyber-attacks and caused several damages in recent years. Such attacks can be executed either through the orchestration of multiple devices that synchronously send requests or through specific patterns followed by a single device to force the victim to keep resources overrun. It becomes crucial to develop robust techniques to promptly detect those two kinds of DDoS attacks and mitigate their consequences. Most of the existing Machine Learning (ML) methods are based on flow and traffic information aggregations expressed in the form of independent vectors of statistical data, ignoring topological connections. Few recent solutions try to exploit the structural information of the network to improve the classification results. In particular, Graph Neural Network (GNN) based models can process traffic-level or flow-level relationships, represented as graphs, to detect malicious patterns.The objective of this paper is to combine the relationships at both the traffic-level and the flow-level by developing a two-level hierarchical graph representation and a GNN model able to process it, maximizing the information brought by the traffic structure and removing the necessity of stateful features. Experiments on the CIC-IDS2017 dataset show that the performances are comparable to the state-of-the-art solutions even using only the traffic structure.
2023
978-1-6654-7640-9
File in questo prodotto:
File Dimensione Formato  
FTG-Net_Hierarchical_Flow-to-Traffic_Graph_Neural_Network_for_DDoS_Attack_Detection.pdf

solo utenti autorizzati

Tipologia: PDF Editoriale
Licenza: Copyright dell'editore
Dimensione 1.05 MB
Formato Adobe PDF
1.05 MB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11382/562074
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
social impact