Abstract: Expert-driven labeling of network traffic for Denial of Service (DoS) detection is error prone and prohibitively expensive in large-scale environments, such as Internet Service Provider (ISP) networks. However, supervised Machine Learning-based (ML) DoS detection approaches require high-quality and up-to-date training data sets. To ensure fast and high-quality data set creation for ML model training while facing evolving traffic patterns in the legitimate and the attack traffic, there is a need for a
labeling approach without an expert in the loop. This presentation outlines FeADable, a retrospective and fully autonomous labeling approach that leverages autoencoders to distinguish between legitimate and attack traffic based on reported feedback about occurred attacks. FeADable enables the scalable labeling of application layer DoS attacks and volumetric Distributed DoS (DDoS) attacks with near-perfect precision and false-positive feedback resilience, which ensures fast retraining of deployed detection models in response to successful attacks. The presentation covers evaluation results of FeADable with authentic, real-world data sets that are publicly available, i.e., from the Canadian Institute for Cybersecurity, and with network traffic of a tier-1 ISP. I will further outline FeADable’s compatibility with different monitoring approaches, i.e., micro-flows and traffic aggregates, to emphasize its labeling capability of DoS traffic independent of the traffic representation.
About Cookies
Our website uses cookies to ensure you get the best experience on our website, for analytical purposes, to provide social media features, and for targeted advertising. This it is necessary in order to pass information on to respective service providers. If you would like additional information about cookies on this website, please see our Data Protection Declaration.
-
These cookies are required to help our website run smoothly.
Name Purpose Lifetime Type Provider wordpress_test_cookie Testing-Cookie to check whether cookies are allowed. 1 Year HTTP Homepage TUW PHPSESSID Used by WordPress to retain the state of your current user session for all page requests. Session HTTP Homepage TUW wordpress_logged_in_{hash} Used by Wordpress to keep users logged in. {hash} represents an unique user token. 1 Year HTTP Homepage TUW wp-settings-time-{id} Used to customize your view of admin interface, and possibly also the main site interface. 1 Year HTTP Homepage TUW wordpress_sec_{hash} This cookie is used to store your authentication details. Its use is limited to the admin console area. {hash} represents an unique user token. 1 Year HTTP Homepage TUW wp-settings-{id} Used to customize your view of admin interface, and possibly also the main site interface. 1 Year HTTP Homepage TUW wp-wpml_current_language Stores the current language. This cookie is enabled by default on sites that use the Language filtering for AJAX operations feature. 1 Day HTTP Homepage TUW wp-wpml_current_admin_language_{hash} Stores the current WordPress administration area language. {hash} represents an unique user token. 1 Day HTTP Homepage TUW CookieConsent_117a3e Saves your settings for the use of cookies on this website. 1 Year HTML Homepage TUW -
These cookies help us to continuously improve our services and adapt our website to your needs. We statistically evaluate the pseudonymized data collected from our website.
Name Purpose Lifetime Type Provider _pk_id.136.56ce Used to store a few details about the user such as the unique visitor ID. 13 months HTML Matomo TUW _pk_ref Is used to store the information of the users home website. 6 months HTML Matomo TUW _pk_ses.136.56ce Is needed to store temporary data of the visit. 30 minutes HTML Matomo TUW