Novel time-series based DDOS attack detection schemes for traditional networks and software defined networks

Abstract

Distributed Denial of Service (DDoS) attacks are always one of the most signifi cant threats for computer networks since they affect the user satisfaction by degrading the availability of on-line services. Although some countermeasures such as Intrusion Detection Systems (IDSs) provide effective mechanisms to discriminate various types of DDoS attacks, they become impotent of detection when bogus packets similar to normal ones are dispatched by the attacker. One promising approach for the DDoS detection in traditional networks is to use the time-series representation of the network traffic while analyzing the incoming packets. Particularly, discriminating features are extracted from the representation of the traffic flow in order to be used with several data analytic techniques such as statistical measures or machine learning algorithms. In this thesis, we first improve the previous works in the literature for the traditional networks by introducing three methods using frequency domain analysis and statistical measures. Later, we extend our findings for SDNs and we propose three different DDoS detection and countermeasure schemes for SDN by employing: (i) Auto-Regressive Integrated Moving Average and a dynamic thresholding method, (ii) Discrete Wavelet Transform and Auto-Encoder Networks, and (iii) Continuous Wavelet Transform and Convolu tional Neural Network. Experimental results show that proposed schemes have high detection and low false alarm rates. Finally, we compare proposed schemes in terms of their attack detection performance and computational complexity cost analysis.