SAFFIRRE: Selective Aggregate Filtering Through Filter Rule Refinement
Abstract:
Volumetric Distributed Denial of Service attacks send unsolicited high-volume traffic to overwhelm network infrastructures and disrupt service availability. To counteract such attacks, we introduce Selective Aggregate Filtering through Filter Rule Refinement. This novel approach monitors traffic aggregates over the IP address hierarchy with hierarchical heavy hitter algorithms. Based on this, it builds effective droplists for upstream filtering to protect network infrastructures. By estimating attack traffic volumes in traffic aggregates with machine learning, filter rule refinement compensates several drawbacks of hierarchical heavy hitters to achieve low false positive and false negative rates. Furthermore, it enables adaptation to dynamic traffic by tracking filter rule precision over time. We evaluate mitigation effectiveness in dynamic situations with challenging mixed legitimate and attack traffic distributions.
| Zugehörige Institution(en) am KIT | Institut für Telematik (TM) Kompetenzzentrum für angewandte Sicherheitstechnologie (KASTEL) |
| Publikationstyp | Proceedingsbeitrag |
| Publikationsdatum | 02.11.2023 |
| Sprache | Englisch |
| Identifikator | ISBN: 979-83-503-3807-2 KITopen-ID: 1000164123 |
| HGF-Programm | 46.23.01 (POF IV, LK 01) Methods for Engineering Secure Systems |
| Erschienen in | 2023 14th International Conference on Network of the Future (NoF), Izmir, 4th-06th October 2023 |
| Veranstaltung | 14th International Conference on Network of the Future (NoF 2023), Izmir, Türkei, 04.10.2023 – 06.10.2023 |
| Verlag | Institute of Electrical and Electronics Engineers (IEEE) |
| Seiten | 42–46 |
| Schlagwörter | distributed denial of service, hierarchical heavy hitters, machine learning |
| Nachgewiesen in | Dimensions Scopus |