Online Network DoS/DDoS Detection: Sampling, Change Point Detection, and Machine Learning Methods
Evans Owusu, Mohamed Rahouti, Senthil Kumar Jagatheesaperumal, Kaiqi Xiong, Yufeng Xin, Lu Lu, D. Frank Hsu
Abstract
Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks continue to pose significant threats to networked systems, causing disruptions that can lead to substantial financial losses. These attacks exploit vulnerabilities in network architecture to overwhelm systems, rendering them unavailable to legitimate users. The complexity and evolving nature of DoS/DDoS attacks necessitate advanced detection techniques that can operate effectively in real-time environments. This paper comprehensively examines current methodologies for online DoS/DDoS attack detection. We explore integrating sampling techniques and Change Point Detection (CPD) with Machine Learning (ML) approaches to enhance the detection and identification of DoS/DDoS activities in network traffic. We further assess the various sampling methods and their impact on the performance of online detection, considering both the efficiency and accuracy of these techniques in real-world applications. Lastly, we delve into the challenges of deploying these technologies in operational network environments, highlighting practical implications and future research directions. Our review synthesizes findings from recent studies, providing a critical analysis of existing strategies and proposing a unified framework that leverages CPD, ML, and targeted sampling to improve the resilience of networks against these disruptive cyber threats.