HollywooDDoS: Detecting Volumetric Attacks in Moving Images of Network Traffic

Fast detection of Distributed Denial of Service attacks is key for establishing appropriate countermeasures in order to protect potential targets. HollywooDDoS applies well-known techniques from movie classification to the challenge of DDoS detection. The proposed approach utilizes a traffic aggregation scheme representing traffic volumes between IP subnets as two-dimensional images, while preserving detection relevant traffic characteristics. These images serve as input for a convolutional neural network, learning IP address space distributions of both background and attack traffic intensities. It is shown that a real-world DDoS attack can be precisely detected on the time scale of milliseconds. We evaluate classification of images without temporal information about attack traffic development to outline the impact of image resolution and aggregation time frames. We then show that attack detection further improves by 17% when utilizing a consecutive series of images capturing traffic dynamics.