Using learning time as metrics: an artificial intelligence driven risk assess framework to evaluate DDoS cyber attack

The cloud computing and Internet of Things (IoT) have become two key technologies to meet future business requirements. However, a massive scale of Distributed Denial-of-Service (DDoS) has been widely applied to congest network critical links and to paralyze the cloud and IoT service. This is mainly...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Journal of intelligent & fuzzy systems 2021-01, Vol.40 (4), p.7691-7699
Hauptverfasser: Chen, Yen-Hung, Chang, Arthur, Huang, ChunWei
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The cloud computing and Internet of Things (IoT) have become two key technologies to meet future business requirements. However, a massive scale of Distributed Denial-of-Service (DDoS) has been widely applied to congest network critical links and to paralyze the cloud and IoT service. This is mainly due to DDoS is easily implemented, obfuscated, and occulted by launching large-scale legitimate low-speed flows and rolling target links to paralyze target network areas. Many metrics and risk access management frameworks to evaluate the impact of DDoS are proposed. However, they all lack time granularity to evaluate the cost of different scales of attacks in IoT or large-scale network structure. This study proposes an AI Driven Evaluation framework, called ADE, that applies Convolution Neural Networks to statistically evaluate the network status through end-to-end functionality (Input: network status; Output: DDoS detected or not) without any manual intervention. ADE provides quantitative security risk analysis by using learning time as the control variable, network structure as the independent variable, and time to identify DDoS as the dependent variable. The learning time to detect DDoS event and recover the system is then applied to evaluate the scale of this DDoS, the reasonability of the regulated RTO, and the vulnerability of the current net-work topology and the improvement due to the new security solution. The experiment results demonstrate the contributions of ADE are (1) providing objective and quantitative analytical security risk assessment indicator, (2) providing an autonomic DDoS defense framework without any manual intervention which allows cloud computing and Internet of Things company focuses on their service and leaves security defending to ADE, and (3) demonstrating the possibility of AI assisted risk assessment which enables security defense solution buyer with less security domain experts to evaluate suitable network defense strategy.
ISSN:1064-1246
1875-8967
DOI:10.3233/JIFS-189589