BCDM: An Early-Stage DDoS Incident Monitoring Mechanism Based on Binary-CNN in IPv6 Network

IF 4.7 2区 计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS
Yufu Wang;Xingwei Wang;Qiang Ni;Wenjuan Yu;Min Huang
{"title":"BCDM: An Early-Stage DDoS Incident Monitoring Mechanism Based on Binary-CNN in IPv6 Network","authors":"Yufu Wang;Xingwei Wang;Qiang Ni;Wenjuan Yu;Min Huang","doi":"10.1109/TNSM.2024.3431701","DOIUrl":null,"url":null,"abstract":"The rapid adoption of IPv6 has increased network access scale while also escalating the threat of Distributed Denial of Service (DDoS) attacks. By the time a DDoS attack is recognized, the overwhelming volume of attack traffic has already made mitigation extremely difficult. Therefore, continuous network monitoring is essential for early warning and defense preparation against DDoS attacks, requiring both sensitive perception of network changes when DDoS occurs and reducing monitoring overhead to adapt to network resource constraints. In this paper, we propose a novel DDoS incident monitoring mechanism that uses macro-level network traffic behavior as a monitoring anchor to detect subtle malicious behavior indicative of the existence of DDoS traffic in the network. This behavior feature can be abstracted from our designed traffic matrix sample by aggregating continuous IPv6 traffic. Compared to IPv4, the fixed-length header of IPv6 allows more efficient packet parsing in preprocessing. As the decision core of monitoring, we construct a lightweight Binary Convolution DDoS Monitoring (BCDM) model, compressed by binarized convolutional filters and hierarchical pooling strategies, which can detect the malicious behavior abstracted from input traffic matrix if DDoS traffic is involved, thereby signaling an ongoing DDoS attack. Experiment on IPv6 replayed CIC-DDoS2019 shows that BCDM, being lightweight in terms of parameter quantity and computational complexity, achieves monitoring accuracies of 90.9%, 96.4%, and 100% when DDoS incident intensities are as low as 6%, 10%, and 15%, respectively, significantly outperforming comparison methods.","PeriodicalId":13423,"journal":{"name":"IEEE Transactions on Network and Service Management","volume":"21 5","pages":"5873-5887"},"PeriodicalIF":4.7000,"publicationDate":"2024-07-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Network and Service Management","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10606044/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

The rapid adoption of IPv6 has increased network access scale while also escalating the threat of Distributed Denial of Service (DDoS) attacks. By the time a DDoS attack is recognized, the overwhelming volume of attack traffic has already made mitigation extremely difficult. Therefore, continuous network monitoring is essential for early warning and defense preparation against DDoS attacks, requiring both sensitive perception of network changes when DDoS occurs and reducing monitoring overhead to adapt to network resource constraints. In this paper, we propose a novel DDoS incident monitoring mechanism that uses macro-level network traffic behavior as a monitoring anchor to detect subtle malicious behavior indicative of the existence of DDoS traffic in the network. This behavior feature can be abstracted from our designed traffic matrix sample by aggregating continuous IPv6 traffic. Compared to IPv4, the fixed-length header of IPv6 allows more efficient packet parsing in preprocessing. As the decision core of monitoring, we construct a lightweight Binary Convolution DDoS Monitoring (BCDM) model, compressed by binarized convolutional filters and hierarchical pooling strategies, which can detect the malicious behavior abstracted from input traffic matrix if DDoS traffic is involved, thereby signaling an ongoing DDoS attack. Experiment on IPv6 replayed CIC-DDoS2019 shows that BCDM, being lightweight in terms of parameter quantity and computational complexity, achieves monitoring accuracies of 90.9%, 96.4%, and 100% when DDoS incident intensities are as low as 6%, 10%, and 15%, respectively, significantly outperforming comparison methods.
BCDM:基于二进制网络的 IPv6 网络 DDoS 事件早期监控机制
IPv6 的快速应用在扩大网络访问规模的同时,也加剧了分布式拒绝服务(DDoS)攻击的威胁。当 DDoS 攻击被识别出来时,巨大的攻击流量已经使缓解变得极为困难。因此,持续的网络监控对于针对 DDoS 攻击的早期预警和防御准备至关重要,既需要在 DDoS 发生时敏锐地感知网络变化,又需要减少监控开销以适应网络资源限制。在本文中,我们提出了一种新颖的 DDoS 事件监控机制,该机制使用宏观层面的网络流量行为作为监控锚,以检测表明网络中存在 DDoS 流量的细微恶意行为。这种行为特征可以通过聚合连续的 IPv6 流量从我们设计的流量矩阵样本中抽象出来。与 IPv4 相比,IPv6 的固定长度报头允许在预处理中更有效地解析数据包。作为监控的决策核心,我们构建了一个轻量级二值化卷积 DDoS 监控(BCDM)模型,该模型由二值化卷积滤波器和分层池策略压缩而成,可检测从输入流量矩阵中抽象出的是否涉及 DDoS 流量的恶意行为,从而发出正在进行的 DDoS 攻击信号。在 IPv6 重放 CIC-DDoS2019 上的实验表明,BCDM 在参数数量和计算复杂度方面都很轻便,当 DDoS 事件强度低至 6%、10% 和 15%时,其监测准确率分别达到 90.9%、96.4% 和 100%,明显优于对比方法。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
IEEE Transactions on Network and Service Management
IEEE Transactions on Network and Service Management Computer Science-Computer Networks and Communications
CiteScore
9.30
自引率
15.10%
发文量
325
期刊介绍: IEEE Transactions on Network and Service Management will publish (online only) peerreviewed archival quality papers that advance the state-of-the-art and practical applications of network and service management. Theoretical research contributions (presenting new concepts and techniques) and applied contributions (reporting on experiences and experiments with actual systems) will be encouraged. These transactions will focus on the key technical issues related to: Management Models, Architectures and Frameworks; Service Provisioning, Reliability and Quality Assurance; Management Functions; Enabling Technologies; Information and Communication Models; Policies; Applications and Case Studies; Emerging Technologies and Standards.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信