Attack Mitigation with New Technologies
30/11/2022
Tecnológico de Monterrey has developed a project to mitigate distributed denial-of-service (DDoS) attacks using emerging technologies and artificial intelligence.
Faced with the notorious increase in DDoS attacks, a group of researchers decided to conduct this study, particularly in software-defined networks (SDN).
This work made it possible to identify the characteristics of the most important attacks on next-generation network architectures and to develop strategies for the rapid deployment of high-level security policies on the network, said project coordinator Jesus Arturo Pérez.
At the beginning of the year, the number of DDoS attacks had already tripled compared to the same period of 2021 and has continued to grow since the start of the war between Russia and Ukraine. “These attacks are very easy to launch, as there are simple tools that can be used to do so,” Pérez observed.
The goal of the project was to test whether there are substantial differences in attacks targeting IoT devices, and one of its first conclusions was that there are none. “Whether an attack targets or originates in an IoT device does not make a substantial difference, as it is merely a device with an IP address,” the Tecnológico de Monterrey expert added.
The study was conducted in virtualized environments. Now, the researchers are working with the University of the Basque Country (Spain) to test the behavior on physical devices.
The initiative has achieved interesting results. “We identified which models and artificial intelligence techniques are best suited for the identification and mitigation of attacks,” Pérez said.
Generally speaking, models based on deep learning performed better and were more efficient in identifying DDoS attacks than models based on machine learning.
The research team worked with three datasets, two of which focused on DDos attacks, CIC-2017 and CIC-2019 (high-rate and low-rate attacks), while the third focused on obtaining results for the project and observing the behavior of IoT devices (the BoT-IoT dataset). The experiments varied the number of attackers and the rate of attack connections.
“We achieved excellent results: by testing the dataset we were able to identify 99% of the attacks,” Pérez added.
Likewise, the IPS mitigated low-speed DDoS attacks with 100% success for some attackers. “The results show that the proposed architecture provides effective responses to malicious and legitimate connections,” the expert noted.
Another goal of the project is the autonomy of the global architecture, in other words, allowing decisions to be made automatically, without human intervention. “We often depend on an administrator to block the traffic of an attack,” Pérez explained.
If the architecture comprised of the IDS and the IPS can make decisions on its own, there will be autonomy regardless of human intervention.
Pérez highlighted the project’s contribution: the creation of an automated architecture that identifies high-rate and low-rate attacks and their scalability.
He confirmed that distributed denial-of-service attacks are difficult to mitigate with existing defense tools, which is why they have attempted to find a new modular, flexible, and scalable solution that can provide effective responses to legitimate and malicious connections.
This project by the Monterrey Institute of Technology and Higher Studies received a FRIDA grant in 2021.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of LACNIC.