As the current detection solutions of distributed denial of service attacks (DDoS) need additional infrastructures to handle high aggregate data rates, they are not suitable for sensor networks or the Internet of Things. Besides, the security architecture of software-defined sensor networks needs to pay attention to the vulnerabilities of both software-defined networks and sensor networks. In this paper, we propose a network-aware automated machine learning (AutoML) framework which detects DDoS attacks in software-defined sensor networks. Our framework selects an ideal machine learning algorithm to detect DDoS attacks in network-constrained environments, using metrics such as variable traffic load, heterogeneous traffic rate, and detection time while preventing over-fitting. Our contributions are two-fold: (i) we first investigate the trade-off between the efficiency of ML algorithms and network/traffic state in the scope of DDoS detection. (ii) we design and implement a software architecture containing open-source network tools, with the deployment of multiple ML algorithms. Lastly, we show that under the denial of service attacks, our framework ensures the traffic packets are still delivered within the network with additional delays.

翻译：摘要：由于当前的分布式拒绝服务攻击（DDoS）检测方案需要额外的基础设施来处理高聚合数据速率，因此不适用于传感器网络或物联网。此外，软件定义传感网络的安全架构需要同时关注软件定义网络和传感器网络的脆弱性。本文提出了一种面向软件定义传感网络的网络感知自动机器学习（AutoML）框架，用于检测DDoS攻击。该框架在防止过拟合的同时，利用可变流量负载、异构流量速率和检测时间等指标，在网络受限环境中选择理想的机器学习算法来检测DDoS攻击。我们的贡献体现在两个方面：（i）首先，我们研究了DDoS检测场景下机器学习算法效率与网络/流量状态之间的权衡关系；（ii）我们设计并实现了一个包含开源网络工具的软件架构，并部署了多种机器学习算法。最后，我们证明在拒绝服务攻击下，该框架仍能确保网络中的数据包在额外延迟的情况下正常传输。