AI infers DoS mitigation rules

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F63839172%3A_____%2F22%3A10133497" target="_blank" >RIV/63839172:_____/22:10133497 - isvavai.cz</a>

Výsledek na webu

<a href="https://doi.org/10.1007/s10844-022-00728-2" target="_blank" >https://doi.org/10.1007/s10844-022-00728-2</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1007/s10844-022-00728-2" target="_blank" >10.1007/s10844-022-00728-2</a>

Jazyk výsledku

angličtina

Název v původním jazyce

AI infers DoS mitigation rules

Popis výsledku v původním jazyce

DDoS attacks still represent a severe threat to network services. While there are more or less workable solutions to defend against these attacks, there is a significant space for further research regarding automation of reactions. In this article, we focus on one piece of the whole puzzle. We strive to automatically infer filtering rules which are specific to the current DoS attack to decrease the time to mitigation. We employ a machine learning technique to create a model of the traffic mix based on observing network traffic during the attack and normal period. The model is subsequently converted into the filtering rules. We evaluate our approach on several datasets. We experiment with various setups of hyperparameters as well as the various intensity of the attack traffic. The results of our experiments show that the proposed approach is feasible in terms of the capability of inferring successful filtering rules as well as inferring them in a reasonable time.

Název v anglickém jazyce

AI infers DoS mitigation rules

Popis výsledku anglicky

DDoS attacks still represent a severe threat to network services. While there are more or less workable solutions to defend against these attacks, there is a significant space for further research regarding automation of reactions. In this article, we focus on one piece of the whole puzzle. We strive to automatically infer filtering rules which are specific to the current DoS attack to decrease the time to mitigation. We employ a machine learning technique to create a model of the traffic mix based on observing network traffic during the attack and normal period. The model is subsequently converted into the filtering rules. We evaluate our approach on several datasets. We experiment with various setups of hyperparameters as well as the various intensity of the attack traffic. The results of our experiments show that the proposed approach is feasible in terms of the capability of inferring successful filtering rules as well as inferring them in a reasonable time.

Druh

J_imp - Článek v periodiku v databázi Web of Science

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

—

Návaznosti

R - Projekt Ramcoveho programu EK

Rok uplatnění

2022

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název periodika

Journal of Intelligent Information Systems

ISSN

1573-7675

e-ISSN

—

Svazek periodika

2022

Číslo periodika v rámci svazku

23 August 2022

Stát vydavatele periodika

NL - Nizozemsko

Počet stran výsledku

20

Strana od-do

1-19

Kód UT WoS článku

000843424300001

EID výsledku v databázi Scopus

—