Predição Não-supervisionada de Ataques DDoS por Sinais Precoces e One-Class SVM
Abstract
Predicting Distributed Denial of Service (DDoS) attacks is essential to allow more time to combat attacks. Most DDoS attack prediction solutions utilize labeled data, which is costly and constraints their application in real environments. This work presents PREDICTOR, a system for predicting DDoS attacks based on the theory of early warning signals and outliers detection. PREDICTOR mainly aims at reducing the dependence on labeled data. It predicts the attack using the One-Class SVM algorithm, an outlier detector. The results indicate that the prediction occurred 31 minutes before the onset of the attack with an accuracy of 91%.
References
Amer, M., Goldstein, M., and Abdennadher, S. (2013). Enhancing one-class support vector machines for unsupervised anomaly detection. In ACM SIGKDD, pages 8–15.
Antonakakis, M., April, T., Bailey, M., Bernhard, M., Bursztein, E., Cochran, J., Durumeric, Z., Halderman, J. A., Invernizzi, L., Kallitsis, M., Kumar, D., Lever, C., Ma, Z., Mason, J., Menscher, D., Seaman, C., Sullivan, N., Thomas, K., and Zhou, Y. (2017). Understanding the Mirai botnet. In USENIX CSS, page 1093–1110, USA. USENIX.
Arp, D., Quiring, E., Pendlebury, F., Warnecke, A., Pierazzi, F., Wressnegger, C., Cavallaro, L., and Rieck, K. (2022). Dos and don’ts of machine learning in computer security. In USENIX, pages 3971–3988, MA. USENIX Association.
Bedeian, A. G. and Mossholder, K. W. (2000). On the use of the coefficient of variation as a measure of diversity. ORM, 3(3):285–297.
Biggs, R., Carpenter, S. R., and Brock, W. A. (2009). Turning back from the brink: Detecting an impending regime shift in time to avert it. PNAS, 106(3):826–831.
Bouke, M. A., Abdullah, A., ALshatebi, S. H., Abdullah, M. T., and Atigh, H. E. (2023). An intelligent DDoS attack detection tree-based model using Gini index feature selection method. MICPRO, 98:104823.
Bury, T. M., Bauch, C. T., and Anand, M. (2020). Detecting and distinguishing tipping points using spectral early warning signals. J. R. Soc., 17(170).
Dakos, V., Carpenter, S. R., Brock, W. A., Ellison, A. M., Guttal, V., Ives, A. R., Kéfi, S., Livina, V., Seekell, D. A., van Nes, E. H., and Scheffer, M. (2012). Methods for detecting early warnings of critical transitions in time series illustrated using simulated ecological data. PLOS ONE, 7(7):1–20.
de Neira, A. B., Borges, L. F., de Araújo, A. M., and Nogueira, M. (2023). Engenharia de sinais precoces de alerta para a predição de ataques DDoS. In WGRS, page 14. SBC.
Devi, D., Biswas, S. K., and Purkayastha, B. (2019). Learning in presence of class imbalance and class overlapping by using One-Class SVM and undersampling technique. Connection Science, 31(2):105–142.
Dietzel, C., Feldmann, A., and King, T. (2016). Blackholing at IXPs: On the effectiveness of DDoS mitigation in the wild. In PAM, pages 319–332, Cham. Springer.
Feng, Y., Akiyama, H., Lu, L., and Sakurai, K. (2018). Feature selection for machine learning-based early detection of distributed cyber attacks. In DASC, page 8. IEEE.
Garcia, S., Grill, M., Stiborek, J., and Zunino, A. (2014). An empirical comparison of botnet detection methods. Computers & Security, 45:100–123.
Guttal, V. and Jayaprakash, C. (2008). Changing skewness: an early warning signal of regime shifts in ecosystems. Ecology Letters, 11(5):450–460.
Joanes, D. N. and Gill, C. A. (1998). Comparing measures of sample skewness and kurtosis. J. R. Stat. Soc, 47(1):183–189.
Jyoti, N. and Behal, S. (2021). A meta-evaluation of machine learning techniques for detection of DDoS attacks. In INDIACom, pages 522–526, India. IEEE.
Kivalov, S. and Strelkovskaya, I. (2022). Detection and prediction of DDoS cyber attacks using spline functions. In TCSET, page 4, UA.
Liu, Y., Zhang, J., Sarabi, A., Liu, M., Karir, M., and Bailey, M. (2015). Predicting cyber security incidents using feature-based characterization of network-level malicious activities. In IWSPA, page 3–9, USA. ACM.
Machaka, P., Ajayi, O., Maluleke, H., Kahenga, F., Bagula, A., and Kyamakya, K. (2021). Modelling DDoS attacks in IoT networks using machine learning. arXiv, pages 1–20.
Muhammad, A., Asad, M., and Javed, A. R. (2020). Robust early stage botnet detection using machine learning. In ICCWS, pages 1–6, Pakistan. IEEE.
Muller, K.-R., Mika, S., Ratsch, G., Tsuda, K., and Scholkopf, B. (2001). An introduction to kernel-based learning algorithms. IEEE TNN, 12(2):181–201.
Rahal, B. M., Santos, A., and Nogueira, M. (2020). A distributed architecture for DDoS prediction and bot detection. IEEE Access, 8:159756–159772.
Said, D. (2023). Quantum computing and machine learning for cybersecurity: Distributed denial of service (DDoS) attack detection on smart micro-grid. Energies, 16(8).
Sharafaldin, I., Lashkari, A. H., Hakak, S., and Ghorbani, A. A. (2019). Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy. In ICCST.
Silva, G. L. F. M., de Neira, A. B., and Nogueira, M. (2022). A deep learning-based system for ddos attack anticipation. In LATINCOM, pages 1–6.
Wichtlhuber, M., Strehle, E., Kopp, D., Prepens, L., Stegmueller, S., Rubina, A., Dietzel, C., and Hohlfeld, O. (2022). IXP scrubber: learning from blackholing traffic for mldriven DDoS detection at scale. In SIGCOMM, pages 707–722.
Yoachimik, O., Desgats, J., and Forster, A. (2023). Cloudflare mitigates record-breaking 71 million request-per-second DDoS attack. Acesso em: 05/2023. [link].
Zhong, L., Cheng, L., Xu, H., Wu, Y., Chen, Y., and Li, M. (2017). Segmentation of individual trees from TLS and MLS data. IEEE J-STARS, 10(2):774–787.
Antonakakis, M., April, T., Bailey, M., Bernhard, M., Bursztein, E., Cochran, J., Durumeric, Z., Halderman, J. A., Invernizzi, L., Kallitsis, M., Kumar, D., Lever, C., Ma, Z., Mason, J., Menscher, D., Seaman, C., Sullivan, N., Thomas, K., and Zhou, Y. (2017). Understanding the Mirai botnet. In USENIX CSS, page 1093–1110, USA. USENIX.
Arp, D., Quiring, E., Pendlebury, F., Warnecke, A., Pierazzi, F., Wressnegger, C., Cavallaro, L., and Rieck, K. (2022). Dos and don’ts of machine learning in computer security. In USENIX, pages 3971–3988, MA. USENIX Association.
Bedeian, A. G. and Mossholder, K. W. (2000). On the use of the coefficient of variation as a measure of diversity. ORM, 3(3):285–297.
Biggs, R., Carpenter, S. R., and Brock, W. A. (2009). Turning back from the brink: Detecting an impending regime shift in time to avert it. PNAS, 106(3):826–831.
Bouke, M. A., Abdullah, A., ALshatebi, S. H., Abdullah, M. T., and Atigh, H. E. (2023). An intelligent DDoS attack detection tree-based model using Gini index feature selection method. MICPRO, 98:104823.
Bury, T. M., Bauch, C. T., and Anand, M. (2020). Detecting and distinguishing tipping points using spectral early warning signals. J. R. Soc., 17(170).
Dakos, V., Carpenter, S. R., Brock, W. A., Ellison, A. M., Guttal, V., Ives, A. R., Kéfi, S., Livina, V., Seekell, D. A., van Nes, E. H., and Scheffer, M. (2012). Methods for detecting early warnings of critical transitions in time series illustrated using simulated ecological data. PLOS ONE, 7(7):1–20.
de Neira, A. B., Borges, L. F., de Araújo, A. M., and Nogueira, M. (2023). Engenharia de sinais precoces de alerta para a predição de ataques DDoS. In WGRS, page 14. SBC.
Devi, D., Biswas, S. K., and Purkayastha, B. (2019). Learning in presence of class imbalance and class overlapping by using One-Class SVM and undersampling technique. Connection Science, 31(2):105–142.
Dietzel, C., Feldmann, A., and King, T. (2016). Blackholing at IXPs: On the effectiveness of DDoS mitigation in the wild. In PAM, pages 319–332, Cham. Springer.
Feng, Y., Akiyama, H., Lu, L., and Sakurai, K. (2018). Feature selection for machine learning-based early detection of distributed cyber attacks. In DASC, page 8. IEEE.
Garcia, S., Grill, M., Stiborek, J., and Zunino, A. (2014). An empirical comparison of botnet detection methods. Computers & Security, 45:100–123.
Guttal, V. and Jayaprakash, C. (2008). Changing skewness: an early warning signal of regime shifts in ecosystems. Ecology Letters, 11(5):450–460.
Joanes, D. N. and Gill, C. A. (1998). Comparing measures of sample skewness and kurtosis. J. R. Stat. Soc, 47(1):183–189.
Jyoti, N. and Behal, S. (2021). A meta-evaluation of machine learning techniques for detection of DDoS attacks. In INDIACom, pages 522–526, India. IEEE.
Kivalov, S. and Strelkovskaya, I. (2022). Detection and prediction of DDoS cyber attacks using spline functions. In TCSET, page 4, UA.
Liu, Y., Zhang, J., Sarabi, A., Liu, M., Karir, M., and Bailey, M. (2015). Predicting cyber security incidents using feature-based characterization of network-level malicious activities. In IWSPA, page 3–9, USA. ACM.
Machaka, P., Ajayi, O., Maluleke, H., Kahenga, F., Bagula, A., and Kyamakya, K. (2021). Modelling DDoS attacks in IoT networks using machine learning. arXiv, pages 1–20.
Muhammad, A., Asad, M., and Javed, A. R. (2020). Robust early stage botnet detection using machine learning. In ICCWS, pages 1–6, Pakistan. IEEE.
Muller, K.-R., Mika, S., Ratsch, G., Tsuda, K., and Scholkopf, B. (2001). An introduction to kernel-based learning algorithms. IEEE TNN, 12(2):181–201.
Rahal, B. M., Santos, A., and Nogueira, M. (2020). A distributed architecture for DDoS prediction and bot detection. IEEE Access, 8:159756–159772.
Said, D. (2023). Quantum computing and machine learning for cybersecurity: Distributed denial of service (DDoS) attack detection on smart micro-grid. Energies, 16(8).
Sharafaldin, I., Lashkari, A. H., Hakak, S., and Ghorbani, A. A. (2019). Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy. In ICCST.
Silva, G. L. F. M., de Neira, A. B., and Nogueira, M. (2022). A deep learning-based system for ddos attack anticipation. In LATINCOM, pages 1–6.
Wichtlhuber, M., Strehle, E., Kopp, D., Prepens, L., Stegmueller, S., Rubina, A., Dietzel, C., and Hohlfeld, O. (2022). IXP scrubber: learning from blackholing traffic for mldriven DDoS detection at scale. In SIGCOMM, pages 707–722.
Yoachimik, O., Desgats, J., and Forster, A. (2023). Cloudflare mitigates record-breaking 71 million request-per-second DDoS attack. Acesso em: 05/2023. [link].
Zhong, L., Cheng, L., Xu, H., Wu, Y., Chen, Y., and Li, M. (2017). Segmentation of individual trees from TLS and MLS data. IEEE J-STARS, 10(2):774–787.
Published
2023-09-18
How to Cite
LIMA, Matheus H.; NEIRA, Anderson B. de; BORGES, Ligia F.; NOGUEIRA, Michele.
Predição Não-supervisionada de Ataques DDoS por Sinais Precoces e One-Class SVM. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 23. , 2023, Juiz de Fora/MG.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2023
.
p. 403-416.
DOI: https://doi.org/10.5753/sbseg.2023.233512.
