Date of Award
Doctor of Philosophy (PhD)
Robert W. Harrison
Distributed denial of service attacks threaten the security and health of the Internet. These attacks continue to grow in scale and potency. Remediation relies on up-to-date and accurate attack signatures. Signature-based detection is relatively inexpensive computationally. Yet, signatures are inflexible when small variations exist in the attack vector. Attackers exploit this rigidity by altering their attacks to bypass the signatures. The constant need to stay one step ahead of attackers using signatures demonstrates a clear need for better methods of detecting DDoS attacks. In this research, we examine the application of machine learning models to real network data for the purpose of classifying attacks. During training, the models build a representation of their input data. This eliminates any reliance on attack signatures and allows for accurate classification of attacks even when they are slightly modified to evade detection. In the course of our research, we found a significant problem when applying conventional machine learning models. Network traffic, whether benign or malicious, is temporal in nature. This results in differences in its characteristics between any significant time span. These differences cause conventional models to fail at classifying the traffic. We then turned to deep learning models. We obtained a significant improvement in performance, regardless of time span. In this research, we also introduce a new method of transforming traffic data into spectrogram images. This technique provides a way to better distinguish different types of traffic. Finally, we introduce a framework for embedding attack detection in real-world applications.
Freas, Christopher, "Detection and Prediction of Distributed Denial of Service Attacks using Deep Learning." Dissertation, Georgia State University, 2021.
File Upload Confirmation
Available for download on Friday, April 22, 2022