Digital Twin-Enabled Intelligent DDoS Detection Mechanism for Autonomous Core Networks
This addresses the need for efficient DDoS detection in autonomous core networks, offering a domain-specific incremental improvement over prior methods.
The paper tackles the problem of detecting DDoS attacks in ISP core networks, where existing solutions fail with high data rates, by proposing a digital twin-enabled mechanism with online learning, achieving a 97% true classification rate and detection within about 15 minutes of attack start.
Existing distributed denial of service attack (DDoS) solutions cannot handle highly aggregated data rates; thus, they are unsuitable for Internet service provider (ISP) core networks. This article proposes a digital twin-enabled intelligent DDoS detection mechanism using an online learning method for autonomous systems. Our contributions are three-fold: we first design a DDoS detection architecture based on the digital twin for ISP core networks. We implemented a Yet Another Next Generation (YANG) model and an automated feature selection (AutoFS) module to handle core network data. We used an online learning approach to update the model instantly and efficiently, improve the learning model quickly, and ensure accurate predictions. Finally, we reveal that our proposed solution successfully detects DDoS attacks and updates the feature selection method and learning model with a true classification rate of ninety-seven percent. Our proposed solution can estimate the attack within approximately fifteen minutes after the DDoS attack starts.