As the current detection solutions of distributed denial of service attacks (DDoS) need additional infrastructures to handle high aggregate data rates, they are not suitable for sensor networks or the Internet of Things. Besides, the security architecture of software-defined sensor networks needs to pay attention to the vulnerabilities of both software-defined networks and sensor networks. In this paper, we propose a network-aware automated machine learning (AutoML) framework which detects DDoS attacks in software-defined sensor networks. Our framework selects an ideal machine learning algorithm to detect DDoS attacks in network-constrained environments, using metrics such as variable traffic load, heterogeneous traffic rate, and detection time while preventing over-fitting. Our contributions are two-fold: (i) we first investigate the trade-off between the efficiency of ML algorithms and network/traffic state in the scope of DDoS detection. (ii) we design and implement a software architecture containing open-source network tools, with the deployment of multiple ML algorithms. Lastly, we show that under the denial of service attacks, our framework ensures the traffic packets are still delivered within the network with additional delays.

翻译：摘要：针对分布式拒绝服务（DDoS）攻击的现有检测方案需要额外基础设施以处理高聚合数据速率，因此不适用于传感器网络或物联网。此外，软件定义传感器网络的安全架构需同时关注软件定义网络与传感器网络的脆弱性。本文提出一种网络感知的自动化机器学习（AutoML）框架，用于检测软件定义传感器网络中的DDoS攻击。该框架在防止过拟合的前提下，通过使用可变流量负载、异构流量速率及检测时间等指标，在受限网络环境中选取最优机器学习算法检测DDoS攻击。本文贡献体现在两方面：（i）首次在DDoS检测范畴内探究机器学习算法效率与网络/流量状态之间的权衡关系；（ii）设计并实现包含开源网络工具的软件架构，部署多种机器学习算法。最后我们证明，在拒绝服务攻击下，本框架仍能确保流量数据包在网络中传输，但会引入额外延迟。