Multi-Domain Malicious Behavior Knowledge Base Framework for Multi-Type DDoS Behavior Detection

Due to the many types of distributed denial-of-service attacks (DDoS) attacks and the large amount of data generated, it becomes a challenge to manage and apply the malicious behavior knowledge generated by DDoS attacks. We propose a malicious behavior knowledge base framework for DDoS attacks, which completes the construction and application of a multi-domain malicious behavior knowledge base. First, we collected malicious behavior traffic generated by five mainstream DDoS attacks. At the same time, we completed the knowledge collection mechanism through data pre-processing and dataset design. Then, we designed a malicious behavior category graph and malicious behavior structure graph for the characteristic information and spatial structure of DDoS attacks and completed the knowledge learning mechanism using a graph neural network model. To protect the data privacy of multiple multi-domain malicious behavior knowledge bases, we implement the knowledge-sharing mechanism based on federated learning. Finally, we store the constructed knowledge graphs, graph neural network model, and Federated model into the malicious behavior knowledge base to complete the knowledge management mechanism. The experimental results show that our proposed system architecture can effectively construct and apply the malicious behavior knowledge base, and the detection capability of multiple DDoS attacks occurring in the network reaches above 0.95, while there exists a certain anti-interference capability for data poisoning cases.