Reducing memory footprints in purity estimations of volumetric DDoS traffic aggregates
Abstract:
Distinguishing between attack and legitimate traffic in volumetric DDoS scenarios is challenging. Hierarchical Heavy Hitter algorithms can efficiently monitor high-volume traffic aggregates, but provide no insight into traffic composition. Monitoring complementary traffic features enables classification of traffic aggregates with machine learning, but increases the memory footprint of Hierarchical Heavy Hitter algorithms. Since the performance of these algorithms depends on the efficiency of memory usage, we evaluate feature importance to find a compact feature set for accurate distinction of legitimate and attack traffic.
| Zugehörige Institution(en) am KIT | Institut für Telematik (TM) Kompetenzzentrum für angewandte Sicherheitstechnologie (KASTEL) |
| Publikationstyp | Proceedingsbeitrag |
| Publikationsdatum | 04.09.2023 |
| Sprache | Englisch |
| Identifikator | KITopen-ID: 1000165551 |
| HGF-Programm | 46.23.01 (POF IV, LK 01) Methods for Engineering Secure Systems |
| Erschienen in | 2nd Workshop on Machine Learning & Netwoking (MaLeNe) Proceedings. Co-located with the 5th International Conference on Networked Systems (NetSys 2023), Potsdam, Germany |
| Veranstaltung | 2nd Workshop "Machine Learing & Networking" Proceedings Co-Located with the "International Conference on Networked Systems" (MaLeNe/NETSYS 2023), Potsdam, Deutschland, 04.09.2023 |
| Verlag | Universität Augsburg |
| Externe Relationen | Abstract/Volltext |
| Schlagwörter | Distributed denial of service, hierarchical heavy hitters, machine learning, feature importance |