Zusammenfassung
Volumetric Distributed Denial of Service attacks constitute a significant threat in today’s Internet, as attackers can deny legitimate users access to online services. To mitigate these attacks, i.e., filtering as much attack traffic as possible while preserving legitimate traffic, we propose a novel mitigation approach that copes with large traffic volumes by aggregating ingress network traffic as two-dimensional images. The images serve as input for image segmentation, determining precise IP-based filter rules. Leveraging image segmentation enables powerful machine learning models to achieve high filtering precision. We show the approach’s feasibility by evaluating filtering precision with authentic, real-world traces from CAIDA and MAWI.
This is a preview of subscription content, log in via an institution to check access.
References
Olaf Ronneberger et al. U-net: Convolutional networks for biomedical. image segmentation. CoRR, abs/1505.04597, 2015.
Center for Applied Internet Data Analysis. The caida ucsd ddos attack. https://www.caida.org/catalog/datasets/ddos-20070804 dataset/
MAWI. Backbone trace. 2019. https://mawi.wide.ad.jp/mawi/, samplepoint-F/2019/201909011400.html
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Kopmann, S., Heseding, H. & Zitterbart, M. Toward Joining DDoS Mitigation and Image Segmentation. Datenschutz Datensich 47, 475–477 (2023). https://doi.org/10.1007/s11623-023-1801-1
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11623-023-1801-1