Early detection of Crossfire attacks using deep learning

by   Saurabh Misra, et al.
Singapore University of Technology and Design

Crossfire attack is a recently proposed threat designed to disconnect whole geographical areas, such as cities or states, from the Internet. Orchestrated in multiple phases, the attack uses a massively distributed botnet to generate low-rate benign traffic aiming to congest selected network links, so-called target links. The adoption of benign traffic, while simultaneously targeting multiple network links, makes the detection of the Crossfire attack a serious challenge. In this paper, we propose a framework for early detection of Crossfire attack, i.e., detection in the warm-up period of the attack. We propose to monitor traffic at the potential decoy servers and discuss the advantages comparing with other monitoring approaches. Since the low-rate attack traffic is very difficult to distinguish from the background traffic, we investigate several deep learning methods to mine the spatiotemporal features for attack detection. We investigate Autoencoder, Convolutional Neural Network (CNN) and Long Short-Term Memory (LSTM) Network to detect the Crossfire attack during its warm-up period. We report encouraging experiment results.


page 1

page 2

page 3

page 4


Detecting Target-Area Link-Flooding DDoS Attacks using Traffic Analysis and Supervised Learning

A novel class of extreme link-flooding DDoS (Distributed Denial of Servi...

Early detection of the advanced persistent threat attack using performance analysis of deep learning

One of the most common and important destructive attacks on the victim s...

Detecting Abnormal Traffic in Large-Scale Networks

With the rapid technological advancements, organizations need to rapidly...

On the Feasibility and Enhancement of the Tuple Space Explosion Attack against Open vSwitch

Being a crucial part of networked systems, packet classification has to ...

LUCID: A Practical, Lightweight Deep Learning Solution for DDoS Attack Detection

Distributed Denial of Service (DDoS) attacks are one of the most harmful...

The Maestro Attack: Orchestrating Malicious Flows with BGP

We present the Maestro attack, a novel Link Flooding Attack (LFA) that l...

Discovering Long-period Exoplanets using Deep Learning with Citizen Science Labels

Automated planetary transit detection has become vital to prioritize can...

Please sign up or login with your details

Forgot password? Click here to reset