A spatiotemporal-oriented deep ensemble learning model to defend link flooding attacks in iot network

Abstract

(1) Background: Link flooding attacks (LFA) are a spatiotemporal attack pattern of distributed denial-of-service (DDoS) that arranges bots to send low-speed traffic to backbone links and par-alyze servers in the target area. (2) Problem: The traditional methods to defend against LFA are heu-ristic and cannot reflect the changing characteristics of LFA over time; the AI-based methods only de-tect the presence of LFA without considering the spatiotemporal series attack pattern and defense sug-gestion. (3) Methods: This study designs a deep ensemble learning model (Stacking-based integrated Convolutional neural network–Long short term memory model, SCL) to defend against LFA: (a) com-bining continuous network status as an input to represent “continuous/combination attacking action” and to help CNN operation to extract features of spatiotemporal attack pattern; (b) applying LSTM to periodically review the current evolved LFA patterns and drop the obsolete ones to ensure decision accuracy and confidence; (c) stacking System Detector and LFA Mitigator module instead of only one module to couple with LFA detection and mediation at the same time. (4) Results: The simulation results show that the accuracy rate of SCL successfully blocking LFA is 92.95%, which is 60.81% higher than the traditional method. (5) Outcomes: This study demonstrates the potential and suggested de-velopment trait of deep ensemble learning on network security.