LOADING

BCDM : An Early-Stage DDoS Incident Monitoring Mechanism Based on Binary-CNN in IPv6 Network

Wang, Yufu and Wang, Xingwei and Ni, Qiang and Yu, Wenjuan and Huang, Min (2024) BCDM : An Early-Stage DDoS Incident Monitoring Mechanism Based on Binary-CNN in IPv6 Network. IEEE Transactions on Network and Service Management, 21 (5). pp. 5873-5887. ISSN 1932-4537

[thumbnail of Author accepted version]
Text (Author accepted version)
Author_accepted_version.pdf - Accepted Version
Available under License Creative Commons Attribution-NonCommercial.
Download (1MB)

Abstract

The rapid adoption of IPv6 has increased network access scale while also escalating the threat of Distributed Denial of Service (DDoS) attacks. By the time a DDoS attack is recognized, the overwhelming volume of attack traffic has already made mitigation extremely difficult. Therefore, continuous network monitoring is essential for early warning and defense preparation against DDoS attacks, requiring both sensitive perception of network changes when DDoS occurs and reducing monitoring overhead to adapt to network resource constraints. In this paper, we propose a novel DDoS incident monitoring mechanism that uses macro-level network traffic behavior as a monitoring anchor to detect subtle malicious behavior indicative of the existence of DDoS traffic in the network. This behavior feature can be abstracted from our designed traffic matrix sample by aggregating continuous IPv6 traffic. Compared to IPv4, the fixed-length header of IPv6 allows more efficient packet parsing in preprocessing. As the decision core of monitoring, we construct a lightweight Binary Convolution DDoS Monitoring (BCDM) model, compressed by binarized convolutional filters and hierarchical pooling strategies, which can detect the malicious behavior abstracted from input traffic matrix if DDoS traffic is involved, thereby signaling an ongoing DDoS attack. Experiment on IPv6 replayed CIC-DDoS2019 shows that BCDM, being lightweight in terms of parameter quantity and computational complexity, achieves monitoring accuracies of 90.9%, 96.4%, and 100% when DDoS incident intensities are as low as 6%, 10%, and 15%, respectively, significantly outperforming comparison methods.

Item Type:
Journal Article
Journal or Publication Title:
IEEE Transactions on Network and Service Management
Uncontrolled Keywords:
/dk/atira/pure/subjectarea/asjc/1700/1705
Subjects:
?? computer networks and communicationselectrical and electronic engineering ??
Departments:
Faculty of Science and Technology > School of Computing & Communications
ID Code:
222702
Deposited By:
ep_importer_pure
Deposited On:
06 Aug 2024 11:00
Refereed?:
Yes
Published?:
Published
Last Modified:
15 Jan 2025 02:15
URI:
https://eprints.lancs.ac.uk/id/eprint/222702