GraphDDoS: Effective DDoS Attack Detection Using Graph Neural Networks

Distributed Denial of Service (DDoS) attacks have occurred frequently in recent years, causing massive damage. It is critical to detect DDoS attacks fast and accurately. Previous Deep Learning (DL) methods for detecting DDoS attacks barely leverage the relationships between packets and between flows in traffic, which are crucial information that can significantly improve detection performance. This paper proposes GraphDDoS, a GNN-based approach for detecting DDoS attacks using endpoint traffic graphs. Concretely, we convert traffic into endpoint traffic graphs, containing information of packets’ relationships (structure of a single flow) and flows’ relationships (burst information and periodic information of multiple flows). Then, converted endpoint traffic graphs are sent to the GNN classifier to learn DDoS attack patterns accurately. The experiments with well-known datasets show that GraphDDoS outperforms the state-of-the-art DL-based approaches. The effectiveness is mainly introduced by the capability of GraphDDoS to learn patterns of attacks structured as graphs.