An intelligent, distributed and collaborative DDoS defense system

The Distributed Denial-of-Service (DDoS) attack is known as one of the most destructive attacks on the Internet. With the advent of new computing paradigms, such as Cloud and Mobile computing, and the emergence of pervasive technology, such as the Internet of Things, on one hand, these revolutionized technologies enable the availability of services and applications to everyone. On the other hand, these techniques also benefit attackers to exploit the vulnerabilities and deploy attacks in more efficient ways. Latest network security reports have shown that distributed Denial of Service (DDoS) attacks have been growing dramatically in volume, frequency, sophistication and impact, making it one of the most challenging threats in the Internet. An unfortunate state of affairs is that the remediation strategies have fallen behind attackers. The severe impact caused by recent DDoS attacks strongly indicates the need for an effective DDoS defense system. We study the current existing solution space, and summarize three fundamental requirements for an effective DDoS defense system: 1) an accurate detection with minimal false alarms; 2) an effective inline inspection and instant mitigation, and 3) a dynamic, distributed and collaborative defense infrastructure. This thesis aims at providing such a defense system that fulfills all the requirements. In this thesis, we explore and address the problem from three directions: 1) we strive to understand the existing detection strategies and provide a survey of an empirical analysis of machine learning based detection techniques; 2) we develop a novel hybrid detection model which ensembles a deep learning model for a practical flow by flow detection and a classic machine learning model that is aware of the network status, and 3) we present the design and implementation of an intelligent, distributed and collaborative DDoS defense system that effectively mitigate the impact of DDoS attacks. The performance evaluation results show that our proposed defense system is capable of effectively mitigating DDoS attacks impacts and maintaining a limited disturbing for legitimate services