Crystal ball DDoS detectionStarted in July 2020
This project aims to investigate whether new DDoS attacks can be predicted before they have an actual impact. This is similar to dealing with tsunami alerts. The idea is to achieve this by analysing public and private data using AI techniques.
In the Explore phase, the project team has looked at challenging and innovative methods to pick up early signals of application-based DDoS attacks on the basis of probe detection. This seems promising, has been proven to be innovative based on literature study and external contacts, but it is not yet certain that this will yield a good result. That makes this project even more attractive to continue within the PCSI. It is crucial in this project that sufficient test data is available, both from public sources and from the PCSI partners.
In the Proof of Concept phase an algorithm for probe detection will be developed and tested on DDoS datasets.
This project is part of the trend
Transition to predictive technologies
In the past, security defences were built around preventive measures. This was complemented with monitoring & reponse, to be able to detect attacks that circumvented preventive measures. But the gap between attackers' odds and defenders' strategy is still growing. That is why we also have to make use of predictive technologies to be able to better prepare for the next attacks. This becomes increasingly important in the face of more sophisticated attacks.