DDoS Attack Detection via Privacy-aware Federated Learning and Collaborative Mitigation in Multi-domain Cyber Infrastructures

Interconnected cyber infrastructures, accessible via the Internet, are a common target of DDoS attacks intending to downgrade their operations and services. Collaborative protection mechanisms are prime candidates to defend against massive attacks but, although collaborations were instrumental in the Internet success story, this is largely not extended to multi-domain cyber security. Notably, collaborative DDoS detection is hindered by data privacy legislations, while mitigation is limited to operations of stand-alone rigid firewalls. Motivated by these shortcomings, we propose a Federated Learning schema for collaborative privacy-aware DDoS detection. Coordination is orchestrated by a third trusted party that aggregates machine learning models proposed by collaborators based on their private attack and benign traces, without exchanging sensitive data. Attacks detected via the privacy-aware federated model are subsequently mitigated by efficient and scalable firewalls, implemented within the eXpress Data Path (XDP) data plane programmability framework. Our approach was evaluated using production traffic traces in terms of packet classification accuracy and packet processing performance. We conclude that our proposed Federated Learning framework enabled collaborators to accurately classify benign and attack packets, thereby improving individual domain accuracy. Furthermore, our data plane programmable firewalls promptly mitigated large-scale attacks in emulated federated cyber infrastructures.