Affiliations: [a] Department of Information Management, National Taipei University of Nursing and Health Sciences, Taipei, Taiwan
| [b] Bachelor Program in Interdisciplinary Studies, National Yunlin University of Science and Technology, Yunlin, Taiwan
| [c] Department of Information Management, National Taiwan University of Science and Technology, Taipei, Taiwan
Correspondence:
[*]
Corresponding author. Yen-Hung Chen, Department of Information Management, National Taipei University of Nursing and Health Sciences, No. 365, Ming-te Road, Peitou District, Taipei City, 112, Taiwan. E-mail: pplong@gmail.com.
Abstract: The cloud computing and Internet of Things (IoT) have become two key technologies to meet future business requirements. However, a massive scale of Distributed Denial-of-Service (DDoS) has been widely applied to congest network critical links and to paralyze the cloud and IoT service. This is mainly due to DDoS is easily implemented, obfuscated, and occulted by launching large-scale legitimate low-speed flows and rolling target links to paralyze target network areas. Many metrics and risk access management frameworks to evaluate the impact of DDoS are proposed. However, they all lack time granularity to evaluate the cost of different scales of attacks in IoT or large-scale network structure. This study proposes an AI Driven Evaluation framework, called ADE, that applies Convolution Neural Networks to statistically evaluate the network status through end-to-end functionality (Input: network status; Output: DDoS detected or not) without any manual intervention. ADE provides quantitative security risk analysis by using learning time as the control variable, network structure as the independent variable, and time to identify DDoS as the dependent variable. The learning time to detect DDoS event and recover the system is then applied to evaluate the scale of this DDoS, the reasonability of the regulated RTO, and the vulnerability of the current net-work topology and the improvement due to the new security solution. The experiment results demonstrate the contributions of ADE are (1) providing objective and quantitative analytical security risk assessment indicator, (2) providing an autonomic DDoS defense framework without any manual intervention which allows cloud computing and Internet of Things company focuses on their service and leaves security defending to ADE, and (3) demonstrating the possibility of AI assisted risk assessment which enables security defense solution buyer with less security domain experts to evaluate suitable network defense strategy.
