A fast all-packets-based DDoS attack detection approach based on network graph and graph kernel. (1st July 2021)
- Record Type:
- Journal Article
- Title:
- A fast all-packets-based DDoS attack detection approach based on network graph and graph kernel. (1st July 2021)
- Main Title:
- A fast all-packets-based DDoS attack detection approach based on network graph and graph kernel
- Authors:
- Liu, Xinqian
Ren, Jiadong
He, Haitao
Zhang, Bing
Song, Chen
Wang, Yunxue - Abstract:
- Abstract: DDoS attack detection methods play a very important role in protecting computer network security. However, the existing flow-based DDoS attack detection methods face the non-negligible time delay and are not general for different types of DDoS attacks at different rates. In order to fill this research gap, a f ast a ll-p ackets-based D DoS attack d etection approach (FAPDD) is proposed. The FAPDD firstly designs a new time series network graph model to effectively simplify the processing of network traffic handling compared with the flow-based detections. Furthermore, it is the first time that the directed Weisfeiler-Lehman graph kernel is built for measuring the divergence between the current network graph and the normalization network graphs. Due to the new graph model and kernel measurement method to judge network changes, the different types and rates of DDoS attacks can be especially detected. In addition, the dynamic threshold and freezing mechanism are constructed to display standard traffic changes and prevent the pollution of attack traffic to the standard network. Finally, a number of real DDoS attack datasets are applied to evaluate the effectiveness of the proposed method, as well as the overall time efficiency and detection effect. Compared with other methods, the FAPDD can better meet the real-time requirements and achieve good detection effects in different types of DDoS attacks with different attack rates. Graphical abstract: Figure 2 The overallAbstract: DDoS attack detection methods play a very important role in protecting computer network security. However, the existing flow-based DDoS attack detection methods face the non-negligible time delay and are not general for different types of DDoS attacks at different rates. In order to fill this research gap, a f ast a ll-p ackets-based D DoS attack d etection approach (FAPDD) is proposed. The FAPDD firstly designs a new time series network graph model to effectively simplify the processing of network traffic handling compared with the flow-based detections. Furthermore, it is the first time that the directed Weisfeiler-Lehman graph kernel is built for measuring the divergence between the current network graph and the normalization network graphs. Due to the new graph model and kernel measurement method to judge network changes, the different types and rates of DDoS attacks can be especially detected. In addition, the dynamic threshold and freezing mechanism are constructed to display standard traffic changes and prevent the pollution of attack traffic to the standard network. Finally, a number of real DDoS attack datasets are applied to evaluate the effectiveness of the proposed method, as well as the overall time efficiency and detection effect. Compared with other methods, the FAPDD can better meet the real-time requirements and achieve good detection effects in different types of DDoS attacks with different attack rates. Graphical abstract: Figure 2 The overall frame of the fast DDoS attack detection approach. Image 1 Highlights: It is the first time to propose a fast DDoS attack detection method to achieve the real-time online attack detection. Based on the interaction between network packets, a simplified network graph model is proposed. A novel directed WL graph kernel method is proposed to measure the divergence between the current network graph and NNGs. The dynamic threshold and freezing mechanism are designed to detect and judge the network divergence. The FAPDD can detect different types of DDoS attacks with different attack rates by evaluating two datasets. … (more)
- Is Part Of:
- Journal of network and computer applications. Volume 185(2021)
- Journal:
- Journal of network and computer applications
- Issue:
- Volume 185(2021)
- Issue Display:
- Volume 185, Issue 2021 (2021)
- Year:
- 2021
- Volume:
- 185
- Issue:
- 2021
- Issue Sort Value:
- 2021-0185-2021-0000
- Page Start:
- Page End:
- Publication Date:
- 2021-07-01
- Subjects:
- Network security -- Fast DDoS attack detection -- Network graph based all packets -- Directed weisfeiler-lehman graph kernel -- Dynamic threshold mechanism
Microcomputers -- Periodicals
Computer networks -- Periodicals
Application software -- Periodicals
Micro-ordinateurs -- Périodiques
Réseaux d'ordinateurs -- Périodiques
Logiciels d'application -- Périodiques
Application software
Computer networks
Microcomputers
Periodicals
004.05
004 - Journal URLs:
- http://www.sciencedirect.com/science/journal/10848045 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.jnca.2021.103079 ↗
- Languages:
- English
- ISSNs:
- 1084-8045
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 5021.410600
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 16754.xml