Lightweight DDoS Attack Detection Using Bayesian Space-Time Correlation
DDoS attacks are still one of the primary sources of problems on the Internet and continue to cause significant financial losses for organizations. To mitigate their impact, detection should preferably occur close to the attack origin, e.g., at home routers or edge servers. However, relying on packe...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2025-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/10937175/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849736910972387328 |
|---|---|
| author | Gabriel Mendonca Rosa M. M. Leao Edmundo De Souza E. Silva Don Towsley |
| author_facet | Gabriel Mendonca Rosa M. M. Leao Edmundo De Souza E. Silva Don Towsley |
| author_sort | Gabriel Mendonca |
| collection | DOAJ |
| description | DDoS attacks are still one of the primary sources of problems on the Internet and continue to cause significant financial losses for organizations. To mitigate their impact, detection should preferably occur close to the attack origin, e.g., at home routers or edge servers. However, relying on packet inspection may bring serious privacy and scalability issues. We propose a lightweight system for DDoS detection that solely employs byte and packet counts from off-the-shelf home routers. To detect attacks with such a limited amount of information, our key insight consists in defining two detection layers: 1) a ML classifier trained with data from real home user and malware; 2) and a Bayesian hierarchical model that exploits the synchronized nature of DDoS attacks by correlating alarms from multiple homes to check the approach in the wild. We collect data on DDoS attacks by generating real attack traffic from the homes of a selected group of volunteers, utilizing authentic malware source code. In that experiment, conducted using the residences of volunteers and over one month, our system detected 99.1% of all DDoS attacks launched, with no false alarms. |
| format | Article |
| id | doaj-art-b1d7c38e929a4e48b0287a3fa665aef0 |
| institution | DOAJ |
| issn | 2169-3536 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-b1d7c38e929a4e48b0287a3fa665aef02025-08-20T03:07:06ZengIEEEIEEE Access2169-35362025-01-0113557695580010.1109/ACCESS.2025.355374210937175Lightweight DDoS Attack Detection Using Bayesian Space-Time CorrelationGabriel Mendonca0https://orcid.org/0000-0002-2294-0103Rosa M. M. Leao1https://orcid.org/0000-0001-6411-9252Edmundo De Souza E. Silva2https://orcid.org/0000-0003-0912-7860Don Towsley3https://orcid.org/0000-0002-7808-7375Systems Engineering and Computer Science, Graduate School and Research in Engineering, Federal University of Rio de Janeiro, Rio de Janeiro, BrazilSystems Engineering and Computer Science, Graduate School and Research in Engineering, Federal University of Rio de Janeiro, Rio de Janeiro, BrazilSystems Engineering and Computer Science, Graduate School and Research in Engineering, Federal University of Rio de Janeiro, Rio de Janeiro, BrazilUniversity of Massachusetts Amherst, Amherst, MA, USADDoS attacks are still one of the primary sources of problems on the Internet and continue to cause significant financial losses for organizations. To mitigate their impact, detection should preferably occur close to the attack origin, e.g., at home routers or edge servers. However, relying on packet inspection may bring serious privacy and scalability issues. We propose a lightweight system for DDoS detection that solely employs byte and packet counts from off-the-shelf home routers. To detect attacks with such a limited amount of information, our key insight consists in defining two detection layers: 1) a ML classifier trained with data from real home user and malware; 2) and a Bayesian hierarchical model that exploits the synchronized nature of DDoS attacks by correlating alarms from multiple homes to check the approach in the wild. We collect data on DDoS attacks by generating real attack traffic from the homes of a selected group of volunteers, utilizing authentic malware source code. In that experiment, conducted using the residences of volunteers and over one month, our system detected 99.1% of all DDoS attacks launched, with no false alarms.https://ieeexplore.ieee.org/document/10937175/DDoS attacksnetwork securityMirai botnetmachine learning algorithmsIoTBayesian model |
| spellingShingle | Gabriel Mendonca Rosa M. M. Leao Edmundo De Souza E. Silva Don Towsley Lightweight DDoS Attack Detection Using Bayesian Space-Time Correlation IEEE Access DDoS attacks network security Mirai botnet machine learning algorithms IoT Bayesian model |
| title | Lightweight DDoS Attack Detection Using Bayesian Space-Time Correlation |
| title_full | Lightweight DDoS Attack Detection Using Bayesian Space-Time Correlation |
| title_fullStr | Lightweight DDoS Attack Detection Using Bayesian Space-Time Correlation |
| title_full_unstemmed | Lightweight DDoS Attack Detection Using Bayesian Space-Time Correlation |
| title_short | Lightweight DDoS Attack Detection Using Bayesian Space-Time Correlation |
| title_sort | lightweight ddos attack detection using bayesian space time correlation |
| topic | DDoS attacks network security Mirai botnet machine learning algorithms IoT Bayesian model |
| url | https://ieeexplore.ieee.org/document/10937175/ |
| work_keys_str_mv | AT gabrielmendonca lightweightddosattackdetectionusingbayesianspacetimecorrelation AT rosammleao lightweightddosattackdetectionusingbayesianspacetimecorrelation AT edmundodesouzaesilva lightweightddosattackdetectionusingbayesianspacetimecorrelation AT dontowsley lightweightddosattackdetectionusingbayesianspacetimecorrelation |