Detecting DDoS Attacks on the Network Edge: An Information-Theoretic Correlation Analysis

Publications

Detecting DDoS Attacks on the Network Edge: An Information-Theoretic Correlation Analysis

Year : 2023

Publisher : Institute of Electrical and Electronics Engineers Inc.

Source Title : Proceedings - 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom/BigDataSE/CSE/EUC/iSCI 2023

Document Type :

Abstract

Nowadays, edge computing has become part of the Internet of Things (IoT) that plays a vital role in developing smart applications. As the usage of IoT devices significantly increases, at the same time, network edge infrastructure faces several security challenges. Distributed Denial-of-Service (DDoS) attack is one of the most severe threats to edge-cloud services. Therefore, designing a robust mitigating system is unavoidable for the network edge, and it must be able to recognize emerging attacks. This work proposes an anomaly-based DDoS detection approach that combines information-theoretic metrics and multivariate correlation analysis. The information-theoretic metric captures the randomness and complex nature of traffic behaviour. Similarly, multivariate correlation analysis identifies the relationship among traffic features. Combining information metrics and correlation analysis, we generate normal and attack traffic profiles for the training base to estimate density. The generated profiles build on the metrics including Triangle Area Mapping (TAM) with correlation analysis, Renyi’s divergence, covariance, mean, and standard deviation, which enhances the detection performance of the proposed approach. The effectiveness of the proposed approach is evaluated using testbed and benchmark datasets. The results show that the proposed approach achieves 0.17% and 2.32%, and 0.50% higher accuracy compared to the baseline approaches on the testbed, UNSW and CIC-DDoS datasets, respectively.