Filtering DDoS Attacks from Unlabeled Network Traffic Data Using Online Deep Learning

by   Wesley Joon-Wie Tann, et al.

DDoS attacks are simple, effective, and still pose a significant threat even after more than two decades. Given the recent success in machine learning, it is interesting to investigate how we can leverage deep learning to filter out application layer attack requests. There are challenges in adopting deep learning solutions due to the ever-changing profiles, the lack of labeled data, and constraints in the online setting. Offline unsupervised learning methods can sidestep these hurdles by learning an anomaly detector N from the normal-day traffic 𝒩. However, anomaly detection does not exploit information acquired during attacks, and their performance typically is not satisfactory. In this paper, we propose two frameworks that utilize both the historic 𝒩 and the mixture β„³ traffic obtained during attacks, consisting of unlabeled requests. We also introduce a machine learning optimization problem that aims to sift out the attacks using 𝒩 and β„³. First, our proposed approach, inspired by statistical methods, extends an unsupervised anomaly detector N to solve the problem using estimated conditional probability distributions. We adopt transfer learning to apply N on 𝒩 and β„³ separately and efficiently, combining the results to obtain an online learner. Second, we formulate a specific loss function more suited for deep learning and use iterative training to solve it in the online setting. On publicly available datasets, our online learners achieve a 99.3% improvement on false-positive rates compared to the baseline detection methods. In the offline setting, our approaches are competitive with classifiers trained on labeled data.



There are no comments yet.


page 1

page 2

page 3

page 4

βˆ™ 07/27/2021

Poisoning of Online Learning Filters: DDoS Attacks and Countermeasures

The recent advancements in machine learning have led to a wave of intere...
βˆ™ 05/16/2021

Understanding the Effect of Bias in Deep Anomaly Detection

Anomaly detection presents a unique challenge in machine learning, due t...
βˆ™ 08/15/2018

Anomaly Detection in Cyber Network Data Using a Cyber Language Approach

As the amount of cyber data continues to grow, cyber network defenders a...
βˆ™ 02/29/2020

Unsupervised Dictionary Learning for Anomaly Detection

We investigate the possibilities of employing dictionary learning to add...
βˆ™ 10/04/2020

DNS Covert Channel Detection via Behavioral Analysis: a Machine Learning Approach

Detecting covert channels among legitimate traffic represents a severe c...
βˆ™ 04/14/2021

Defending against Adversarial Denial-of-Service Attacks

Data poisoning is one of the most relevant security threats against mach...
βˆ™ 05/28/2020

Detection of Lying Electrical Vehicles in Charging Coordination Application Using Deep Learning

The simultaneous charging of many electric vehicles (EVs) stresses the d...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.