Real-time monitoring model of DDoS attacks using distance thresholds in Edge cooperation networks

IF 3.8 2区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Mingyue Li , Liudong Zheng , Xiaoxue Ma , Shuang Li
{"title":"Real-time monitoring model of DDoS attacks using distance thresholds in Edge cooperation networks","authors":"Mingyue Li ,&nbsp;Liudong Zheng ,&nbsp;Xiaoxue Ma ,&nbsp;Shuang Li","doi":"10.1016/j.jisa.2025.103972","DOIUrl":null,"url":null,"abstract":"<div><div>Edge networks have an increasing demand for real-time attack detection as the duration of Distributed Denial-of-Service (DDoS) attacks decreases and causes missing of reporting insecure cases. However, the training and testing time of the existing detection model deployed on the edge server side is more expensive and cannot be well applied in practice. In this paper, we propose a real-time monitoring framework for DDoS attacks with edge server-device collaboration to solve these problems. Specifically, the edge server uses the k-means algorithm to represent the model boundaries and builds a separate group of recognition and monitoring models for each device by splitting the feature vectors. Furthermore, each device monitors the generated data in real-time through the model and submits suspicious data to the edge server for analysis. Finally, the server utilizes the k-neighbor algorithm which adds threshold selection and judgment to fine-grained identify updated benign data and specific categories of attack data. Experimental results show that the proposed scheme can effectively monitor benign data and attack data and identify attack types while the train time, test time and storage cost are less than that of the centralized model.</div></div>","PeriodicalId":48638,"journal":{"name":"Journal of Information Security and Applications","volume":"89 ","pages":"Article 103972"},"PeriodicalIF":3.8000,"publicationDate":"2025-01-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Information Security and Applications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2214212625000109","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

Edge networks have an increasing demand for real-time attack detection as the duration of Distributed Denial-of-Service (DDoS) attacks decreases and causes missing of reporting insecure cases. However, the training and testing time of the existing detection model deployed on the edge server side is more expensive and cannot be well applied in practice. In this paper, we propose a real-time monitoring framework for DDoS attacks with edge server-device collaboration to solve these problems. Specifically, the edge server uses the k-means algorithm to represent the model boundaries and builds a separate group of recognition and monitoring models for each device by splitting the feature vectors. Furthermore, each device monitors the generated data in real-time through the model and submits suspicious data to the edge server for analysis. Finally, the server utilizes the k-neighbor algorithm which adds threshold selection and judgment to fine-grained identify updated benign data and specific categories of attack data. Experimental results show that the proposed scheme can effectively monitor benign data and attack data and identify attack types while the train time, test time and storage cost are less than that of the centralized model.
边缘协作网络中基于距离阈值的DDoS攻击实时监控模型
随着DDoS (Distributed Denial-of-Service,分布式拒绝服务)攻击持续时间的减少和不安全案例的漏报,边缘网络对实时攻击检测的需求越来越大。但是,现有的部署在边缘服务器端的检测模型的训练和测试时间比较昂贵,不能很好地应用于实践。在本文中,我们提出了一种基于边缘服务器-设备协作的DDoS攻击实时监控框架来解决这些问题。具体而言,边缘服务器使用k-means算法表示模型边界,并通过拆分特征向量为每个设备构建单独的识别和监控模型组。此外,各设备通过模型实时监控生成的数据,并将可疑数据提交给边缘服务器进行分析。最后,服务器端利用k邻居算法,结合阈值选择和判断,细粒度识别更新的良性数据和特定类别的攻击数据。实验结果表明,该方案能够有效监控良性数据和攻击数据,识别攻击类型,且训练时间、测试时间和存储成本均低于集中式模型。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Journal of Information Security and Applications
Journal of Information Security and Applications Computer Science-Computer Networks and Communications
CiteScore
10.90
自引率
5.40%
发文量
206
审稿时长
56 days
期刊介绍: Journal of Information Security and Applications (JISA) focuses on the original research and practice-driven applications with relevance to information security and applications. JISA provides a common linkage between a vibrant scientific and research community and industry professionals by offering a clear view on modern problems and challenges in information security, as well as identifying promising scientific and "best-practice" solutions. JISA issues offer a balance between original research work and innovative industrial approaches by internationally renowned information security experts and researchers.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信