By attacking (e.g., flooding) the bandwidth or resources of a victim (e.g., a web server) on the Internet from multiple compromised systems (e.g., a botnet), distributed Denial-of-Service (DDoS) attacks disrupt the services of the victim and make it unavailable to its legitimate users. Albeit studied many years already, the detection and mitigation of DDoS attacks continue to be a major challenge.
Recently, researchers from the Center for Cyber Security and Privacy (CCSP), including Ph.D. student Yebo Feng and Prof. Jun Li, have made new progress in this direction. They invented a new approach to detecting DDoS traffic, as well as a new approach to defending against application-layer DDoS (also called L7 DDoS) attacks. By leveraging machine learning techniques (e.g., reinforcement learning, KNN), these innovative approaches have many significant advantages. Their DDoS detection method is adaptable to changes of network environments and provides detection results that are easy to review and verify. Their L7 DDoS defense method can apply appropriate strategies under different conditions to protect the victim.
The paper describing the L7 DDoS defense approach, "Application-Layer DDoS Defense with Reinforcement Learning," has been published in IEEE/ACM 28th International Symposium on Quality of Service (IWQoS 2020). Also, the paper describing the detection of DDoS traffic, "Toward Explainable and Adaptable Detection and Classification of Distributed Denial-of-Service Attacks," has been published in the first KDD Workshop on Deployable Machine Learning for Security Defense (KDD MLHat 2020).
The research is partially funded by the Science and Technology Directorate of the United States Department of Homeland Security under contract number D15PC00204.