A fast all-packets-based DDoS attack detection approach based on network graph and graph kernel

Abstract

Abstract DDoS attack detection methods play a very important role in protecting computer network security. However, the existing flow-based DDoS attack detection methods face the non-negligible time delay and are not general for different types of DDoS attacks at different rates. In order to fill this research gap, a fast all-packets-based DDoS attack detection approach (FAPDD) is proposed. The FAPDD firstly designs a new time series network graph model to effectively simplify the processing of network traffic handling compared with the flow-base detections. Furthermore, it is the first time that the directed Weisfeiler-Lehman graph kernel is introduced for measuring the divergence between the current network graph and the normalization network graphs. Due to the new graph model and kernel measurement method to judge network changes, the different types and rates of DDoS attacks can be detected especially. In addition, the dynamic threshold and freezing mechanism are constructed to display standard traffic changes and prevent the pollution of attack traffic to the standard network. Finally, a number of real DDoS attack datasets are applied to evaluate the effectiveness of the proposed method, as well as the overall time efficiency and detection effect. Compared with other methods, the FAPDD can better meet the real-time requirements and achieve good detection effects in different types of DDoS attacks with different attack rates.