Enhanced Security Against Volumetric DDoS Attacks Using Adversarial Machine Learning

Abstract

With the increasing number of Internet users, cybersecurity is becoming more and more critical. Denial of service (DoS) and distributed denial of service (DDoS) attacks are two of the most common types of attacks that can severely affect a website or a server and make them unavailable to other users. The number of DDoS attacks increased by 55% between the period January 2020 and March 2021. Some approaches for detecting the DoS and DDoS attacks employing different machine learning and deep learning techniques are reported in the literature. Recently, it is also observed that the attackers have started leveraging state-of-the-art AI tools such as generative models for generating synthetic attacks which fool the standard detectors. No concrete approach is reported for developing and training the models which are not only robust in the detection of standard DDoS attacks but which can also detect adversarial attacks which are created synthetically by the attackers with harmful intentions. To that end, in this work, we employ a generative adversarial network (GAN) to develop such a robust detector. The proposed framework can generate and classify the synthetic benign (normal) and malignant (DDoS) instances which are very similar to the corresponding real instances as evaluated by similarity scores. The GAN-based model also demonstrates how effectively the malicious actors can generate adversarial DDoS network traffic instances which look like normal instances using feature modification which are very difficult for the classifier to detect. An approach on how to make the classifiers robust enough to detect such kinds of deliberate adversarial attacks via modifying some specific attack features manually is also proposed. This work provides the first step towards developing a generic and robust detector for DDoS attacks originating from various sources.