Feature dynamic deep learning approach for DDoS mitigation within the ISP domain

The emergence of the Mirai malware facilitated a DDoS attack vector to surge to almost 1 Tbps in 2016, instigated by less than 150,000 infected IoT devices. With the infection of five new IoT devices per minute, the size of Mirai botnet was enlarged to 2.5 millions devices by the end of 2016. The continuous adaptation of the Mirai malware enables the modern variant to dynamically update its malware scripts on the fly to launch even more advanced and malevolent DDoS attacks, which dramatically escalates the level of difficulty with mitigating DDoS attacks. Many researchers endeavour to develop mitigation systems to keep up with the increasing security threats. Nonetheless, most presented models provide inefficient solutions either by utilising auxiliary servers at the host site, on the cloud or at dedicated data scrubbing centres. Since internet service providers (ISPs) connect the internet with users, the mitigation system should be deployed within the ISP domain to deliver a more efficient solution. Accordingly, we propose a stacked self-organising map, which is a feature dynamic deep learning approach that utilises netflow data collected by the ISP to combat the dynamic nature of novel DDoS attacks.