Early Detection of Campus Network DDoS Attacks using Predictive Models

• Published in: GLOBECOM 2022 - 2022 IEEE Global Communications Conference pp. 3362 - 3367
• Main Authors: Araki, Ryusei, Hsu, Ying-Feng, Matsuoka, Morito
• Format: Conference Proceeding
• Language: English
• Published: IEEE 04.12.2022
• Subjects: Benchmark testing; Campus network; DDoS; Denial-of-service attack; GBDT; IDS; Machine learning; Predictive models; Sequential analysis; Social networking (online); Telecommunication traffic; Training data
• DOI: 10.1109/GLOBECOM48099.2022.10000974

DDoS attacks are one of the most threatening types of cyberattacks in the growing number of Internet-based services. In late 2016, a DDoS attack by IoT botnets of up to 1.5 Tbps caused many U.S. websites, including Twitter and Facebook, to become inaccessible. In addition, DDoS attacks are increasing every year, and the volume of attacks is expected to double in 2023, as compared to 2018. To protect services from DDoS attacks, much research has been done on IDS and has discussed methods with higher and more accurate detection. However, many studies use public benchmark datasets rather than real network traffic data, and as a result, their practicality is unknown. Threshold detection is already in place on our campus firewalls, but threshold detection cannot detect attacks until they actually come. In order to detect attacks before they actually come, we propose a system that uses machine learning to detect signs of attacks. In this study, we examined machine learning models for early detection of DDoS attacks using actual logs generated by servers at our campus, which contains about 400 million daily session logs. To ensure the feasibility and applicability of our proposed approach, we tested seven different machine learning methods, including GBDT, which has received much attention recently. A sliding window was also used for feature creation to improve the accuracy of predictive detection.