DoS and DDoS attacks have been growing in size and number over the last decade and existing solutions to mitigate these attacks are in general inefficient. Compared to other types of malicious cyber attacks, DoS and DDoS attacks are particularly more challenging to combat. With their ability to mask themselves as legitimate traffic, developing methods to detect these types of attacks on a packet or flow level, has proven to be a difficult task. In this paper, we explore the potential of Variational Autoencoders to serve as a component within an intelligent security solution that differentiates between normal and malicious traffic. Two methods based on the ability of Variational Autoencoders to learn latent representations from network traffic flows are proposed. The first method resorts to a classifier based on the latent encodings obtained from Variational Autoencoders learned from traffic traces. The second method is rather an anomaly detection method where the Variational Autoencoder is used to learn the abstract feature representations of exclusively legitimate traffic. Then anomalies are filtered out by relying on the reconstruction loss of the Variational Autoencoder. Both of the proposed methods have been thoroughly tested on two separate datasets with a similar feature space. The results show that both methods are promising, with a slight superiority of the classifier based method over the anomaly based one. %that the first method is able to successfully detect individual traffic flows with high precision on the training and validation data, slightly less successfully on the test data. For the second method, the Variational Autoencoder will require further adjustments to be able to sufficiently filter out anomalies from network traffic flows.
翻译:过去十年来,DoS 和 DDoS 袭击的规模和数量一直在增加,缓解这些袭击的现有解决方案总的来说是低效的。 与其他类型的恶意网络袭击相比, DoS 和 DDoS 袭击尤其具有更大的战斗挑战性。 由于它们能够将自己伪装成合法交通,因此开发在包装或流量水平上检测这些类型的袭击的方法是一项困难的任务。 在本文中, 我们探索Variational Autencoders 的潜力, 将之作为智能安全解决方案的一部分, 从而区分正常交通和恶意交通。 根据Variational Autoencoder 的能力, 两种方法可以从网络流量中学习潜变异的表达方式。 与Variational Autoconder 相比, 两种方法都更难。 使用Variational Autoencoder 的方法, 一种方法可以彻底测试, 一种方法可以顺利地检测, 一种方法可以追溯性地检测。