Research Proposes Framework for Optimizing DDoS Detection in 5G Networks
A new study looks into ways to detect Distributed Denial-of-Service attacks in cloud-native 5G networks. It presents a simplified decision-making framework that evaluates whether it's better to use time-based or structure-based traits for spotting anomalies before training a model. This framework uses two main diagnostics: the lag-1 autocorrelation of a combined flow signal and the cumulative explained variance from PCA. If the results are unclear, the system may explore a mixed approach in the future. The research tested various algorithms, including Isolation Forest and KMeans, on two distinct datasets. Findings indicate that structural features often outperform time-based ones, especially when temporal dependencies are weaker. This work addresses a gap in research that typically assumes a fixed traffic model without assessing the best feature space. It appears on arXiv under Computer Science and Machine Learning.
Key facts
- The study focuses on unsupervised anomaly detection for DDoS attacks in cloud-native 5G networks.
- A lightweight decision framework prioritizes temporal or structural features before model training.
- Two diagnostics are used: lag-1 autocorrelation of an aggregated flow signal and PCA cumulative explained variance.
- A hybrid option is reserved as a future fallback when diagnostics are inconclusive.
- Experiments used Isolation Forest, One-Class SVM, and KMeans algorithms on two distinct datasets.
- Structural features consistently matched or outperformed temporal features in detection performance.
- The performance gap widens as temporal dependence weakens.
- The research is published on arXiv under Computer Science > Machine Learning.
Entities
Institutions
- arXiv