We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:


Current browse context:


Change to browse by:


References & Citations

DBLP - CS Bibliography


(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo ScienceWISE logo

Computer Science > Cryptography and Security

Title: Early detection of Crossfire attacks using deep learning

Abstract: Crossfire attack is a recently proposed threat designed to disconnect whole geographical areas, such as cities or states, from the Internet. Orchestrated in multiple phases, the attack uses a massively distributed botnet to generate low-rate benign traffic aiming to congest selected network links, so-called target links. The adoption of benign traffic, while simultaneously targeting multiple network links, makes the detection of the Crossfire attack a serious challenge. In this paper, we propose a framework for early detection of Crossfire attack, i.e., detection in the warm-up period of the attack. We propose to monitor traffic at the potential decoy servers and discuss the advantages comparing with other monitoring approaches. Since the low-rate attack traffic is very difficult to distinguish from the background traffic, we investigate several deep learning methods to mine the spatiotemporal features for attack detection. We investigate Autoencoder, Convolutional Neural Network (CNN) and Long Short-Term Memory (LSTM) Network to detect the Crossfire attack during its warm-up period. We report encouraging experiment results.
Comments: 5 pages, 5 figures.Presented at Deep Learning Security Workshop 2017, Singapore. Added references for section 2 and section 4. Added new author
Subjects: Cryptography and Security (cs.CR)
Cite as: arXiv:1801.00235 [cs.CR]
  (or arXiv:1801.00235v3 [cs.CR] for this version)

Submission history

From: Mengxuan Tan [view email]
[v1] Sun, 31 Dec 2017 04:29:21 GMT (589kb,D)
[v2] Thu, 4 Jan 2018 08:51:19 GMT (590kb,D)
[v3] Fri, 20 Apr 2018 03:30:25 GMT (590kb,D)

Link back to: arXiv, form interface, contact.