在线网络 DoS/DDoS 检测：采样、变化点检测和机器学习方法

IF 34.4 1区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

IEEE Communications Surveys and Tutorials Pub Date : 2024-10-30 DOI:10.1109/COMST.2024.3488580

Evans Owusu;Mohamed Rahouti;Senthil Kumar Jagatheesaperumal;Kaiqi Xiong;Yufeng Xin;Lu Lu;D. Frank Hsu

{"title":"在线网络 DoS/DDoS 检测：采样、变化点检测和机器学习方法","authors":"Evans Owusu;Mohamed Rahouti;Senthil Kumar Jagatheesaperumal;Kaiqi Xiong;Yufeng Xin;Lu Lu;D. Frank Hsu","doi":"10.1109/COMST.2024.3488580","DOIUrl":null,"url":null,"abstract":"Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks continue to pose significant threats to networked systems, causing disruptions that can lead to substantial financial losses. These attacks exploit vulnerabilities in network architecture to overwhelm systems, rendering them unavailable to legitimate users. The complexity and evolving nature of DoS/DDoS attacks necessitate advanced detection techniques that can operate effectively in real-time environments. This paper comprehensively examines current methodologies for online DoS/DDoS attack detection. We explore integrating sampling techniques and Change Point Detection (CPD) with Machine Learning (ML) approaches to enhance the detection and identification of DoS/DDoS activities in network traffic. We further assess the various sampling methods and their impact on the performance of online detection, considering both the efficiency and accuracy of these techniques in real-world applications. Lastly, we delve into the challenges of deploying these technologies in operational network environments, highlighting practical implications and future research directions. Our review synthesizes findings from recent studies, providing a critical analysis of existing strategies and proposing a unified framework that leverages CPD, ML, and targeted sampling to improve the resilience of networks against these disruptive cyber threats.","PeriodicalId":55029,"journal":{"name":"IEEE Communications Surveys and Tutorials","volume":"27 4","pages":"2543-2580"},"PeriodicalIF":34.4000,"publicationDate":"2024-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Online Network DoS/DDoS Detection: Sampling, Change Point Detection, and Machine Learning Methods\",\"authors\":\"Evans Owusu;Mohamed Rahouti;Senthil Kumar Jagatheesaperumal;Kaiqi Xiong;Yufeng Xin;Lu Lu;D. Frank Hsu\",\"doi\":\"10.1109/COMST.2024.3488580\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks continue to pose significant threats to networked systems, causing disruptions that can lead to substantial financial losses. These attacks exploit vulnerabilities in network architecture to overwhelm systems, rendering them unavailable to legitimate users. The complexity and evolving nature of DoS/DDoS attacks necessitate advanced detection techniques that can operate effectively in real-time environments. This paper comprehensively examines current methodologies for online DoS/DDoS attack detection. We explore integrating sampling techniques and Change Point Detection (CPD) with Machine Learning (ML) approaches to enhance the detection and identification of DoS/DDoS activities in network traffic. We further assess the various sampling methods and their impact on the performance of online detection, considering both the efficiency and accuracy of these techniques in real-world applications. Lastly, we delve into the challenges of deploying these technologies in operational network environments, highlighting practical implications and future research directions. Our review synthesizes findings from recent studies, providing a critical analysis of existing strategies and proposing a unified framework that leverages CPD, ML, and targeted sampling to improve the resilience of networks against these disruptive cyber threats.\",\"PeriodicalId\":55029,\"journal\":{\"name\":\"IEEE Communications Surveys and Tutorials\",\"volume\":\"27 4\",\"pages\":\"2543-2580\"},\"PeriodicalIF\":34.4000,\"publicationDate\":\"2024-10-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Communications Surveys and Tutorials\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10738394/\",\"RegionNum\":1,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Communications Surveys and Tutorials","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10738394/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

拒绝服务（DoS）和分布式拒绝服务（DDoS）攻击继续对网络系统构成重大威胁，造成中断，可能导致大量经济损失。这些攻击利用网络架构中的漏洞使系统不堪重负，使合法用户无法访问这些系统。DoS/DDoS攻击的复杂性和不断发展的性质需要能够在实时环境中有效运行的先进检测技术。本文全面考察了当前在线DoS/DDoS攻击检测的方法。我们探索将采样技术和变化点检测（CPD）与机器学习（ML）方法相结合，以增强对网络流量中DoS/DDoS活动的检测和识别。我们进一步评估了各种采样方法及其对在线检测性能的影响，同时考虑了这些技术在实际应用中的效率和准确性。最后，我们深入研究了在运营网络环境中部署这些技术所面临的挑战，强调了实际意义和未来的研究方向。我们的综述综合了最近的研究结果，对现有策略进行了批判性分析，并提出了一个统一的框架，该框架利用CPD、ML和有针对性的抽样来提高网络对这些破坏性网络威胁的弹性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Online Network DoS/DDoS Detection: Sampling, Change Point Detection, and Machine Learning Methods

Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks continue to pose significant threats to networked systems, causing disruptions that can lead to substantial financial losses. These attacks exploit vulnerabilities in network architecture to overwhelm systems, rendering them unavailable to legitimate users. The complexity and evolving nature of DoS/DDoS attacks necessitate advanced detection techniques that can operate effectively in real-time environments. This paper comprehensively examines current methodologies for online DoS/DDoS attack detection. We explore integrating sampling techniques and Change Point Detection (CPD) with Machine Learning (ML) approaches to enhance the detection and identification of DoS/DDoS activities in network traffic. We further assess the various sampling methods and their impact on the performance of online detection, considering both the efficiency and accuracy of these techniques in real-world applications. Lastly, we delve into the challenges of deploying these technologies in operational network environments, highlighting practical implications and future research directions. Our review synthesizes findings from recent studies, providing a critical analysis of existing strategies and proposing a unified framework that leverages CPD, ML, and targeted sampling to improve the resilience of networks against these disruptive cyber threats.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IEEE Communications Surveys and Tutorials COMPUTER SCIENCE, INFORMATION SYSTEMS-TELECOMMUNICATIONS

CiteScore

80.20

自引率

2.50%

发文量

审稿时长

6 months

期刊介绍： IEEE Communications Surveys & Tutorials is an online journal published by the IEEE Communications Society for tutorials and surveys covering all aspects of the communications field. Telecommunications technology is progressing at a rapid pace, and the IEEE Communications Society is committed to providing researchers and other professionals the information and tools to stay abreast. IEEE Communications Surveys and Tutorials focuses on integrating and adding understanding to the existing literature on communications, putting results in context. Whether searching for in-depth information about a familiar area or an introduction into a new area, IEEE Communications Surveys & Tutorials aims to be the premier source of peer-reviewed, comprehensive tutorials and surveys, and pointers to further sources. IEEE Communications Surveys & Tutorials publishes only articles exclusively written for IEEE Communications Surveys & Tutorials and go through a rigorous review process before their publication in the quarterly issues. A tutorial article in the IEEE Communications Surveys & Tutorials should be designed to help the reader to become familiar with and learn something specific about a chosen topic. In contrast, the term survey, as applied here, is defined to mean a survey of the literature. A survey article in IEEE Communications Surveys & Tutorials should provide a comprehensive review of developments in a selected area, covering its development from its inception to its current state and beyond, and illustrating its development through liberal citations from the literature. Both tutorials and surveys should be tutorial in nature and should be written in a style comprehensible to readers outside the specialty of the article.