The Transactions of the Korea Information Processing Society (정보처리학회 논문지)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Attention Based Collaborative Source-Side DDoS Attack Detection

어텐션 기반 협업형 소스측 분산 서비스 거부 공격 탐지

  • 김휘수 ((주)나눔테크 기업부설연구소) ;
  • 정송헌 (전남대학교 정보보안협동과정 ) ;
  • 김경백 (전남대학교 인공지능학부/소프트웨어공학과 )
  • Received : 2023.12.26
  • Accepted : 2024.02.26
  • Published : 2024.04.30
Download PDF
⟨ Previous Next ⟩

Abstract

The evolution of the Distributed Denial of Service Attack(DDoS Attack) method has increased the difficulty in the detection process. One of the solutions to overcome the problems caused by the limitations of the existing victim-side detection method was the source-side detection technique. However, there was a problem of performance degradation due to network traffic irregularities. In order to solve this problem, research has been conducted to detect attacks using a collaborative network between several nodes based on artificial intelligence. Existing methods have shown limitations, especially in nonlinear traffic environments with high Burstness and jitter. To overcome this problem, this paper presents a collaborative source-side DDoS attack detection technique introduced with an attention mechanism. The proposed method aggregates detection results from multiple sources and assigns weights to each region, and through this, it is possible to effectively detect overall attacks and attacks in specific few areas. In particular, it shows a high detection rate with a low false positive of about 6% and a high detection rate of up to 4.3% in a nonlinear traffic dataset, and it can also confirm improvement in attack detection problems in a small number of regions compared to methods that showed limitations in the existing nonlinear traffic environment.

분산 서비스 거부 공격(DDoS Attack, Distributed Denial of Service Attack) 수법의 진화는 탐지 과정에서의 어려움을 가중시켰다. 기존 피해자측 탐지 방식의 한계로 인해 발생하는 문제를 극복하기 위한 솔루션 중 하나가 소스측 탐지 기법이었다. 그러나 네트워크 트래픽의 불규칙성으로 인한 성능 저하 문제가 존재하였다. 이 문제를 해결하기 위해 인공지능을 기반으로 한 여러 노드 간의 협업 네트워크를 활용하여 공격을 탐지하려는 연구가 진행되었다. 기존의 방법들은 특히 높은 버스트(Burstness)와 지터(Jitter)의 비선형적 트래픽 환경에서 한계를 보였다. 이러한 문제점을 극복하기 위해 본 논문에서는 어텐션(Attention) 메커니즘을 도입한 협업형 소스측 DDoS 공격 탐지 기법을 제시한다. 제안하는 방식은 여러 소스에서의 탐지 결과를 집계하여 각 지역에 가중치를 할당하며, 이를 통해 전반적인 공격 및 특정 소수 지역에서의 공격을 효과적으로 탐지할 수 있다. 특히, 비선형적인 트래픽 데이터셋에서 약 6% 수치의 낮은 가양성(False Positive)과 최대 4.3% 수치가 향상된 높은 탐지율을 보이며, 기존 비선형적 트래픽 환경에서 한계를 보였던 방법들에 비해 소수 지역의 공격 탐지 문제에 대한 개선도 확인할 수 있다.

Keywords

Acknowledgement

이 논문은 정부(과학기술정보통신부)의 재원으로 정보통신기획평가원의 지원을 받아 수행된 지역지능화혁신인재양성사업(IITP-2024-00156287, 50%)과 2022년도 정부(과학기술정보통신부)의 재원으로 정보통신기획평가원의 지원을 받아 수행된 연구임(IITP-2022-0-01203, 50%).

References

  1. Y. R. Siwakoti, M. Bhurtel, D. B. Rawat, A. Oest, and R. C. Johnson, "Advances in IoT security: Vulnerabilities, enabled criminal services, attacks, and countermeasures," IEEE Internet of Things Journal, Vol.10, Iss.13, 2023. 
  2. Y. Al-Hadhrami and F. K. Hussain, "DDoS attacks in IoT networks: a comprehensive systematic literature review," World Wide Web, Article, 06 Jan. 2021 Vol.24, pp.971-1001, 2021.  https://doi.org/10.1007/s11280-020-00855-2
  3. R. Alkanhel, E. S. M. El-kenawy, D. L. Elsheweikh, A. A. Abdelhamid, A. Ibrahim and D. S. Khafaga, "Metaheuristic optimization of time series models for predicting networks traffic," Computers, Materials & Continua, Vol.75, No.1, pp.427-442, 2023, https://doi.org/10.32604/cmc.2023.032885 
  4. Q. Li, X. Wu, Z. Cao, and J. Ling, "Anomaly detection of iot traffic based on LSTM and attention mechanism," ICMLC '23: Proceedings of the 2023 15th International Conference on Machine Learning and Computing, pp.457-463, 2023, https://doi.org/10.1145/3587716.3587792 
  5. M. Alizadeh, M. T. Beheshti, A. Ramezani and H. Saadatinezhad, "Network traffic forecasting based on fixed telecommunication data using deep learning," 2020 6th Iranian Conference on Signal Processing and Intelligent Systems (ICSPIS), 23-24 Dec. 2020. 
  6. A. Feldmann et al., "The lockdown effect: Implications of the COVID-19 pandemic on internet traffic," Proceedings of the ACM Internet Measurement Conference, pp.1-18, 2020. 
  7. R. S. Tambe, H. Dand, and M. D. Salunke, "Role of machine learning ensemble in DDoS intrusion detection," 2023 IEEE 5th International Conference on Cybernetics, Cognition and Machine Learning Applications (ICCCMLA), 2023. 
  8. S. Yeom, and K. Kim, "Improving performance of collaborative source-side DDoS attack detection," 2020 21st AsiaPacific Network Operations and Management Symposium (APNOMS), pp.239-242, IEEE, 2020. 
  9. S. Yeom, C. Choi, and K. Kim, "LSTM-based collaborative source-side DDoS attack detection," IEEE Access, Vol.10, pp.44033-44045, 2022.  https://doi.org/10.1109/ACCESS.2022.3169616
  10. S. Yeom, C. Choi, and K. Kim, "Source-side DoS attack detection with LSTM and seasonality embedding," Proceedings of the 36th Annual ACM Symposium on Applied Computing, pp.1130-1137, 2021. 
  11. T. Kawazoe and N. Fukuta, "On implementing a simulation environment for a cooperative multi-agent learning approach to mitigate DRDoS attacks," International Joint Conference on Artificial Intelligence, IJCAI 2022: Recent Advances in Agent-Based Negotiation: Applications and Competition Challenges, pp.15-29, 2022. 
  12. K. Hwisoo "A study on attention based collaborative source-side DDoS attack detection," Chonnam National University Master's Thesis, 2023.