Existing distributed denial of service attack (DDoS) solutions cannot handle highly aggregated data rates; thus, they are unsuitable for Internet service provider (ISP) core networks. This article proposes a digital twin-enabled intelligent DDoS detection mechanism using an online learning method for autonomous systems. Our contributions are three-fold: we first design a DDoS detection architecture based on the digital twin for ISP core networks. We implemented a Yet Another Next Generation (YANG) model and an automated feature selection (AutoFS) module to handle core network data. We used an online learning approach to update the model instantly and efficiently, improve the learning model quickly, and ensure accurate predictions. Finally, we reveal that our proposed solution successfully detects DDoS attacks and updates the feature selection method and learning model with a true classification rate of ninety-seven percent. Our proposed solution can estimate the attack within approximately fifteen minutes after the DDoS attack starts.

翻译：现有分布式拒绝服务攻击（DDoS）解决方案无法处理高度聚合的数据速率，因此不适用于互联网服务提供商（ISP）核心网络。本文提出一种基于数字孪生的智能DDoS检测机制，采用在线学习方法用于自治系统。我们的贡献体现在三个方面：首先，针对ISP核心网络设计了一种基于数字孪生的DDoS检测架构。我们实现了新一代配置管理（YANG）模型和自动化特征选择（AutoFS）模块以处理核心网络数据。采用在线学习方法实时高效地更新模型，快速改进学习模型并确保预测准确性。最后，我们证明所提方案能够成功检测DDoS攻击，并以97%的真实分类率更新特征选择方法与学习模型。该方案可在DDoS攻击开始后约15分钟内完成攻击预估。