Attack Mitigation with New Technologies
30/11/2022
Tecnológico de Monterrey has developed a project to mitigate distributed denial-of-service (DDoS) attacks using emerging technologies and artificial intelligence.
Faced with the notorious increase in DDoS attacks, a group of researchers decided to conduct this study, particularly in software-defined networks (SDN).
This work made it possible to identify the characteristics of the most important attacks on next-generation network architectures and to develop strategies for the rapid deployment of high-level security policies on the network, said project coordinator Jesus Arturo Pérez.
At the beginning of the year, the number of DDoS attacks had already tripled compared to the same period of 2021 and has continued to grow since the start of the war between Russia and Ukraine. “These attacks are very easy to launch, as there are simple tools that can be used to do so,” Pérez observed.
The goal of the project was to test whether there are substantial differences in attacks targeting IoT devices, and one of its first conclusions was that there are none. “Whether an attack targets or originates in an IoT device does not make a substantial difference, as it is merely a device with an IP address,” the Tecnológico de Monterrey expert added.
The study was conducted in virtualized environments. Now, the researchers are working with the University of the Basque Country (Spain) to test the behavior on physical devices.
The initiative has achieved interesting results. “We identified which models and artificial intelligence techniques are best suited for the identification and mitigation of attacks,” Pérez said.
(Free access, no subscription required)
Generally speaking, models based on deep learning performed better and were more efficient in identifying DDoS attacks than models based on machine learning.
The research team worked with three datasets, two of which focused on DDos attacks, CIC-2017 and CIC-2019 (high-rate and low-rate attacks), while the third focused on obtaining results for the project and observing the behavior of IoT devices (the BoT-IoT dataset). The experiments varied the number of attackers and the rate of attack connections.
“We achieved excellent results: by testing the dataset we were able to identify 99% of the attacks,” Pérez added.