Title
Traffic-flow analysis for source-side DDoS recognition on 5G environments
Date Issued
15 June 2019
Access level
metadata only access
Resource Type
journal article
Author(s)
Herranz González A.
Lorenzo Fernández B.
Maestre Vidal D.
Rius García G.
Maestre Vidal J.
Complutense University of Madrid
Publisher(s)
Academic Press
Abstract
This paper introduces a novel approach for detecting the participation of a protected network device in flooding-based Distributed Denial of Service attacks. With this purpose, the traffic flows are inspected at source-side looking for discordant behaviors. In contrast to most previous solutions, the proposal assumes the non-stationarity and heterogeneity inherent in the emergent communication environment. In particular, the approach takes advantage of the monitorization and knowledge acquisition capabilities implemented in the SELFNET (H2020-ICT-2014-2/671672) project, which facilitates its implementation as a self-organizing solution on 5G mobile networks. Monitorization, feature extraction and knowledge acquisition tasks are carried out on centralized control plane, hence the proposed architecture minimizes the impact on operational performance and prompts the end-points mobility. The preliminary results observed when considering different metrics, adjustment parameters, and a dataset with traffic observed in 61 real devices proven efficiency when distinguishing normal activities from DDoS behaviors of different intensity. With an optimal granularity selection, the highest AUC reached values close to 1.0 when measured under the most intense attacks, hence demonstrating optimal TPR and FPR relationships by adapting to the instantiated use cases.
Start page
114
End page
131
Volume
136
Language
English
OCDE Knowledge area
Informática y Ciencias de la Información
Ciencias de la computación
Subjects
Scopus EID
2-s2.0-85064242953
Source
Journal of Network and Computer Applications
ISSN of the container
10848045
Sponsor(s)
The authors want to thank the support of the SELFNET (A Framework for Self-Organized Network Management in Virtualized and Software Defined Networks) project, which was funded by the European Commission Horizon 2020 Programme under Grant Agreement number H2020-ICT-2014-2/671672 .
Jorge Maestre Vidal ( https://jmaestrevidal.com ) is Senior Specialist in Cybersecurity (senior researcher) at Indra, and member of the the Department of Software Engineering and Artificial Intelligence (DISIA) of the Faculty of Computer Science and Engineering at the Complutense University of Madrid (UCM), Spain. He received a Computer Science Engineering degree from the UCM in 2012, master degree in Research in Computer Science in 2013, and PhD in Computer Science in 2018. In 2016 he was Visiting Research at Instituto de Telecomunicações (IT), Aveiro, Portugal. His academic experience includes teaching and direction of final degrees projects. In addition, he participated in projects funded by private organizations (Banco Santander, Safelayer Secure Communications S.A., etc.) and public institutions (EDA, FP7, Horizon 2020, Plan Nacional de I + D + i, Spanish Ministry of Defense, etc.). He was recently participant in the European projects SELFNET (H2020-ICT-2014-2/671672) and RAMSES (H2020-FCT-04-2015/700326), and he is an occasional collaborator with the 5G-PPP Security WG. His main research interests are Artificial Intelligence, Information Security and the emerging Communication Technologies, where he has significant background proved by publications in several research journals (Knowledge-Based Systems, Swarm and Evolutionary Computation, Journal of Network and Computer Applications, etc.), conferences (ARES, EuroS&P, ICIT, RAID, etc.), participation at international research projects (H2020, COST, CYTED), experience as peer-reviewer (Elsevier, MDPI, IEEE, Adelaide, etc.) and member of different organizing/technical committees (ICSP-AS, SDN-NGAS, ICQNM, AIR, etc.). He is also evaluator of the National Fund for Scientific and Technological Development (FONDECYT) of the Chilean National Commission for Scientific and Technological Research (CONICYT).
Sources of information:
Directorio de Producción Científica
Scopus