TY - CHAP
T1 - Design and Performance Evaluation of a Two-Stage Detection of DDoS Attacks Using a Trigger with a Feature on Riemannian Manifolds
AU - Lyu, Yang
AU - Feng, Yaokai
AU - Sakurai, Kouichi
N1 - Publisher Copyright:
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.
PY - 2024
Y1 - 2024
N2 - The DDoS attack remains one of the leading attacks today. To reduce the number of resource-consuming detection algorithm calls, the trigger-based two-stage detection approach has been proposed. In such systems, trigger mechanisms, including trigger features and threshold update algorithms, play an important role in detection performance. It is also important what features are used in the second stage of detection. In this study, 1) we introduce a Riemannian manifold metric (work) as a trigger feature for the first time since it was proven that traffic data is a Riemannian manifold; 2) we propose a new mechanism to update the trigger threshold based on historical flow data and the feedback of the second-stage detection results; 3) the feature selection algorithm ECOFS is used for the second stage detection. Experimental results using public datasets show that our proposal calls much less of the second-stage detection than the latest trigger-based two-step detection systems.
AB - The DDoS attack remains one of the leading attacks today. To reduce the number of resource-consuming detection algorithm calls, the trigger-based two-stage detection approach has been proposed. In such systems, trigger mechanisms, including trigger features and threshold update algorithms, play an important role in detection performance. It is also important what features are used in the second stage of detection. In this study, 1) we introduce a Riemannian manifold metric (work) as a trigger feature for the first time since it was proven that traffic data is a Riemannian manifold; 2) we propose a new mechanism to update the trigger threshold based on historical flow data and the feedback of the second-stage detection results; 3) the feature selection algorithm ECOFS is used for the second stage detection. Experimental results using public datasets show that our proposal calls much less of the second-stage detection than the latest trigger-based two-step detection systems.
UR - http://www.scopus.com/inward/record.url?scp=85191292857&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85191292857&partnerID=8YFLogxK
U2 - 10.1007/978-3-031-57916-5_12
DO - 10.1007/978-3-031-57916-5_12
M3 - Chapter
AN - SCOPUS:85191292857
T3 - Lecture Notes on Data Engineering and Communications Technologies
SP - 133
EP - 144
BT - Lecture Notes on Data Engineering and Communications Technologies
PB - Springer Science and Business Media Deutschland GmbH
ER -