Towards Inference of DDoS Mitigation Rules

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F63839172%3A_____%2F22%3A10133463" target="_blank" >RIV/63839172:_____/22:10133463 - isvavai.cz</a>

Výsledek na webu

<a href="https://ieeexplore.ieee.org/document/9789798" target="_blank" >https://ieeexplore.ieee.org/document/9789798</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1109/NOMS54207.2022.9789798" target="_blank" >10.1109/NOMS54207.2022.9789798</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Towards Inference of DDoS Mitigation Rules

Popis výsledku v původním jazyce

DDoS attacks still represent a severe threat to network services. While there are more or less workable solutions to defend against these attacks, there is a significant space for further research regarding automation of reactions and subsequent management. In this paper, we focus on one piece of the whole puzzle. We strive to automatically infer filtering rules which are specific to the current DoS attack to decrease the time to mitigation. We employ a machine learning technique to create a model of the traffic mix based on observing network traffic during the attack and normal period. The model is converted into the filtering rules. We evaluate our approach with various setups of hyperparameters. The results of our experiments show that the proposed approach is feasible in terms of the capability of inferring successful filtering rules.

Název v anglickém jazyce

Towards Inference of DDoS Mitigation Rules

Popis výsledku anglicky

DDoS attacks still represent a severe threat to network services. While there are more or less workable solutions to defend against these attacks, there is a significant space for further research regarding automation of reactions and subsequent management. In this paper, we focus on one piece of the whole puzzle. We strive to automatically infer filtering rules which are specific to the current DoS attack to decrease the time to mitigation. We employ a machine learning technique to create a model of the traffic mix based on observing network traffic during the attack and normal period. The model is converted into the filtering rules. We evaluate our approach with various setups of hyperparameters. The results of our experiments show that the proposed approach is feasible in terms of the capability of inferring successful filtering rules.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

<a href="/cs/project/VI20192022137" target="_blank" >VI20192022137: Adaptivní ochrana před DDoS útoky</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2022

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Proceedings of the IEEE/IFIP Network Operations and Management Symposium 2022

ISBN

978-1-66540-601-7

ISSN

2374-9709

e-ISSN

—

Počet stran výsledku

5

Strana od-do

1-5

Název nakladatele

Institute of Electrical and Electronics Engineers Inc.

Místo vydání

Budapest, Hungary

Místo konání akce

Budapest, Hungary

Datum konání akce

25. 4. 2022

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

000851572700054