Service and Infrastructure Anomaly Detection (L-ADS and LUCID)
L-ADS (Live Anomaly Detection System) allows the detection of anomalies in the network, that is, cyber-attacks, maintenance notifications, issues out of normality. It works by monitoring the traffic which is entering into FogAtlas and among the microservices and alerts about any abnormal situation. It is integrable with any type of platform.
ATOS has evolved this asset within the DECENTER project which initially was developed in several cybersecurity EU research projects, and now it has been improved in Edge, Fog and Cloud systems.
L-ADS is a high potential asset for cybersecurity environments and has been successfully presented in several workshops and conferences. More information about this asset can be found in the paper, “LADS: A Live Anomaly Detection System based on Machine Learning Methods”.
More on the link: https://www.scitepress.org/Papers/2019/79489/pdf/index.html
LUCID (Lightweight, Usable CNN in DDoS Detection) is a lightweight Deep Learning-based DDoS detection framework suitable for online resource-constrained environments, which leverages Convolutional Neural Networks (CNNs) to learn the behavior of DDoS and benign traffic flows with both low processing overhead and attack detection time. LUCID includes a dataset-agnostic pre-processing mechanism that produces traffic observations consistent with those collected in existing online systems, where the detection algorithms must cope with segments of traffic flows collected over pre-defined time windows.
The current LUCID’s CNN and pre-processing tools are implemented in Python v3.8 with Keras and Tensorflow 2 and the source code is publicly available at: https://github.com/doriguzzi/lucid-ddos under the Apache 2.0 license. The code is provided with the guidelines on how to install the required libraries and how to use LUCID, from the pre-processing of the traffic traces, to the training and testing phases.
In addition, the latest version of the code implements the “online inference” mode to perform inference on live network traffic or on pre-recorded traffic traces saved in pcap format.
More details on the architecture of LUCID and its performance in terms of detection accuracy and execution time are available in the following research paper:
Doriguzzi-Corin, S. Millar, S. Scott-Hayward, J. Martínez-del-Rincón and D. Siracusa, “Lucid: A Practical, Lightweight Deep Learning Solution for DDoS Attack Detection,” in IEEE Transactions on Network and Service Management, vol. 17, no. 2, pp. 876–889, June 2020, doi: 10.1109/TNSM.2020.2971776.