Title | Measurement Based Evaluation and Mitigation of Flood Attacks on a LAN Test-Bed |
Publication Type | Conference Paper |
Year of Publication | In Press |
Authors | Nasereddin M, Nakip M, Gelenbe E |
Conference Name | The 48th IEEE Conference on Local Computer Networks |
Publisher | IEEE |
Conference Location | Daytona Beach, Florida, USA |
Keywords | Cybersecurity, Internet of Things, Intrusion Detection and Mitigation, Local Area Networks, UDP Flood Attacks |
Abstract | The IoT's vulnerability to network attacks has motivated the design of intrusion detection schemes (IDS) using Machine Learning (ML), with a low computational cost for online detection but intensive offline learning. Such IDS can have high attack detection accuracy and are easily installed on servers that communicate with IoT devices. However, they are seldom evaluated in realistic operational conditions where IDS processing may be held up by the system overload created by attacks. Thus we first present an experimental study of UDP Flood Attacks on a Local Area Network Test-Bed, where the first line of defence is an accurate IDS using an Auto-Associative Dense Random Neural Network. The experiments reveal that during severe attacks, the packet and protocol management software overloads the multi-core server, and paralyses IDS detection. We therefore propose and experimentally evaluate an IDS design where decisions are made from a very small number of incoming packets, so that attacking traffic is dropped within milli-seconds after an attack begins and the paralysing effect of congestion is avoided. |
DOI | 10.48550/arXiv.2305.10565 |