Netinfo Security ›› 2024, Vol. 24 ›› Issue (4): 509-519.doi: 10.3969/j.issn.1671-1122.2024.04.002

Previous Articles     Next Articles

Application Layer DDoS Detection Method Based on Spatio-Temporal Graph Neural Network

WANG Jian(), CHEN Lin, WANG Kailun, LIU Jiqiang   

  1. Beijing Key Laboratory of Security and Privacy in Intelligent Transportation, Beijing Jiaotong University, Beijing 100044, China
  • Received:2024-02-25 Online:2024-04-10 Published:2024-05-16

Abstract:

Distributed denial of service (DDoS) attacks have emerged as one of the principal threats to cybersecurity, among which application layer DDoS attacks stand as a primary mode of assault. Application layer DDoS attacks target specific application services and exhibit normal behavior at the network layer, rendering traditional security devices ineffective against them. Moreover, existing detection methods for application layer DDoS attacks are insufficient in detection capability and struggle to adapt to the changing patterns of attacks. In response, this paper proposed a detection method for application layer DDoS attacks based on spatio-temporal graph neural network (STGNN). This method utilized the characteristics of application layer services, starting from application layer data and protocol interaction information. It introduced an attention mechanism and combined multiple GraphSAGE layers to learn the patterns of entity interactions across different time windows. Consequently, it calculated the deviation between the detection traffic and normal traffic to accomplish attack detection. The method effectively identified application layer DDoS attacks using only five dimensional data, including time, source IP, destination IP, communication frequency, and average packet size. According to the experimental results, this method achieves higher Recall and F1 scores compared to benchmark methods, even with a smaller number of attack samples.

Key words: DDoS attacks, spatio-temporal graph neural network, anomaly detection, attention mechanism

CLC Number: