Litcius/Paper detail

BACKORDERS

Bruno Loureiro Coelho, Alberto Schaeffer-Filho

202228 citationsDOI

Abstract

Networks and the services they support form the communication backbone of our society, and it is important that potential Distributed Denial of Service (DDoS) attacks are detected quickly, in order to avoid or minimize the impact they may have on the availability of services. Recent technological advances in programmable networks - specifically the programmability of data planes in switches and routers, have made available new ways of detecting such attacks. By relying on this newfound possibility, this paper proposes the utilization of a Random Forest (RF) to aid in quickly and accurately detecting DDoS attacks in a programmable switch. Random forests utilize several classification trees, each of them for independently classifying an input as one of a set of classes. Here, each decision tree will classify a network flow as potentially malicious, i.e. part of a DDoS attack, or a legitimate user flow. Despite utilizing multiple classification trees to improve accuracy, random forests are relatively lightweight, with each tree requiring few and simple computations to arrive at a classification. Our results show that even small RFs, requiring as few as 63 match+action table entries, can achieve F1-Scores of over 90%.

Topics & Concepts

Denial-of-service attackComputer scienceTree (set theory)Decision treeRandom forestComputer networkSet (abstract data type)Table (database)Service (business)Distributed computingComputer securityData miningArtificial intelligenceThe InternetWorld Wide WebEconomyProgramming languageMathematicsEconomicsMathematical analysisNetwork Security and Intrusion DetectionSoftware-Defined Networks and 5GInternet Traffic Analysis and Secure E-voting
BACKORDERS | Litcius