Among the several threats to the Internet and its underlying systems, Distributed Denial-of-Service (DDoS) attacks continue to be one of the most significant challenges to the availability of Internet services. The year 2022 registered unprecedented attacks in terms of requests per second. For example, an attack on CloudFlare's infrastructure hit its peak at 26 million HTTP (Hypertext Transfer Protocol) requests per second (rps) and the second, posing a new record on Google's infrastructure with 45 million rps.
The highly distributed nature of DDoS attacks indicates that an ideal counter strategy also involves a highly distributed defense. An alternative in this direction is to share attack information in the form of DDoS fingerprints, which describe attack characteristics (e.g. protocols, ports, source IPs, packet payload lengths) based on DDoS network traffic (e.g., PCAPs).
Assuming that each Autonomous System (AS) holds its repository of DDoS fingerprints, this thesis aims at sharing these fingerprints in data mesh repositories, allowing different ASes to perform cross-domain analysis. While a data lake refers to a centralized repository of structured or non-structured data, a data mesh presents a similar concept in a decentralized manner.
General goals:
- Build decentralized repositories of DDoS fingerprints. Use existing fingerprints or create new ones based on existing datasets. Fingerprints can be generated based on existing tools
- Design and develop an algorithm to cluster and rank DDoS fingerprints based on temporal and specific characteristics (e.g., protocol, ports, sources). The algorithm should operate based on well-defined APIs determining an independent service to ensure modularity (at a later stage, the thesis can have a follow-up).
- Evaluate different aspects of the clustering engine based on performance, reliability, and confidence level.
[1] Rodrigues, B., Scheid, E., Killer, C., Franco, M., & Stiller, B. (2020). Blockchain signaling system (bloss): Cooperative signaling of distributed denial-of-service attacks. Journal of Network and Systems Management, 28(4), 953-989.
[2] DDoS Dissector. URL: https://github.com/ddos-clearing-house/ddos_dissector
[3] Beall, M. W., & Shephard, M. S. (1997). A general topology‐based mesh data structure. International Journal for Numerical Methods in Engineering, 40(9), 1573-1596.
Supervisors: Dr. Bruno Rodrigues
back to the main page