IDAD: An improved tensor train based distributed DDoS attack detection framework and its application in complex networks

With the vigorous development of Internet technology, the scale of systems in the network has increased sharply, which provides a great opportunity for potential attacks, especially the Distributed Denial of Service (DDoS) attack. In this case, detecting DDoS attacks is critical to system security....

Full description

Saved in:
Bibliographic Details
Published in:Future generation computer systems 2025-01, Vol.162, p.107471, Article 107471
Main Authors: Fan, Qiyuan, Li, Xue, Wang, Puming, Jin, Xin, Yao, Shaowen, Miao, Shengfa, An, Min, Zhao, Yuqing
Format: Article
Language:English
Subjects:
DDoS attack detection
Distributed computing
Machine learning
System storage efficiency
Tensor train decomposition
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:With the vigorous development of Internet technology, the scale of systems in the network has increased sharply, which provides a great opportunity for potential attacks, especially the Distributed Denial of Service (DDoS) attack. In this case, detecting DDoS attacks is critical to system security. However, current detection methods exhibit limitations, leading to compromises in accuracy and efficiency. To cope with it, three key strategies are implemented in this paper: (i) Using tensors to model large-scale and heterogeneous data in complex networks; (ii) Proposing a denoising algorithm based on the improved and distributed tensor train (IDTT) decomposition, which optimizes the tensor train(TT) decomposition in terms of parallel computation and low-rank estimation; (iii) Combining (i), (ii) and Light Gradient Boosting Machine (LightGBM) classification model, an efficient DDoS attack detection framework is proposed. Datasets CIC-DDoS2019 and NSL-KDD are used to evaluate the framework, and results demonstrate that accuracy can reach 99.19% while having the characteristics of low storage consumption and well speedup ratio. •We propose a denoising algorithm based on IDTT, which solve the inefficiency of traditional TT decomposition through low-rank estimation and distributed computing.•We propose a framework for DDoS attack detection by combining three aspects: data preprocessing, data denoising, data classification.
ISSN:0167-739X
DOI:10.1016/j.future.2024.07.049