University of Twente Student Theses
A Scalable Recommendation System for Selective Retention of DDoS Traffic : Entropy-Based Network Traffic Analysis
Bleijerveld, Bas (2024) A Scalable Recommendation System for Selective Retention of DDoS Traffic : Entropy-Based Network Traffic Analysis.
|
PDF
7MB |
| Abstract: | This study aims to enhance data retention strategies in the context of DDoS attacks by designing, implementing, and evaluating a novel scalable system. The system is developed to provide near real-time recommendations for retaining only relevant data related to DDoS attacks, thereby reducing storage requirements. Our work is structured into three stages: design, implementation and deployment, and evaluation. The system is designed to utilize IPFIX flow data, which aggregates network traffic into concise records based on unencrypted header fields and metadata, to reduce processing overhead while maintaining an appropriate representation of ongoing network behavior. The system's architecture leverages Apache Kafka and Apache Spark for scalable distributed processing of flow data in near real-time. By employing entropy-based features in a sliding window approach, the system aims to detect anomalies indicative of DDoS attacks. Using a synthetic dataset with self-generated DDoS attacks, the system was evaluated under different cost scenarios related to falsely retained traffic and undetected attacks. The results confirm the feasibility of achieving significant storage reductions while retaining traffic from most DDoS attack types. However, difficulties were encountered in detecting stealthy attacks, as demonstrated by the Slowloris attack. By leveraging the widely supported IPFIX protocol, the system facilitates integration with various existing network infrastructures, making it a viable solution for real-world applications. This research contributes to the field of network traffic data retention by providing a scalable solution to manage the retention of DDoS traffic more efficiently in large high-speed networks. |
| Item Type: | Essay (Master) |
| Faculty: | EEMCS: Electrical Engineering, Mathematics and Computer Science |
| Subject: | 54 computer science |
| Programme: | Computer Science MSc (60300) |
| Link to this item: | https://purl.utwente.nl/essays/104416 |
| Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Show download statistics for this publication
Show download statistics for this publicationRepository Staff Only: item control page