雲端運算(Cloud computing)和物聯網(Internet of Things, IoT)已成為滿足未來企業需求的兩項關鍵技術。然而，大規模的分散式阻斷服務攻擊（Distributed Denial-of-Service, DDoS）已被廣泛應用於壅塞關鍵連結(Target Links)並使雲端和物聯網服務癱瘓。這主要是因為DDoS是透過發動大規模合法的低流量逐步使目標區域網路癱瘓。藉此有許多管理框架來評估DDoS影響的風險指標。然而，這些風險指標都缺乏時間粒度來評估物聯網或大規模網路結構中不同攻擊規模的成本。本研究提出了一種名為ADE (AI Driven Evaluation)的AI驅動評估框架，它應用卷積神經網路(Convolution Neural Networks)透過端到端功能（輸入：網路狀態；輸出：檢測結果）評估網路狀態，無需任何人工干預。ADE透過使用學習時間作為控制變量，網路結構作為自變量，以及將DDoS識別所需的時間作為因變量來提供量化的安全風險分析。然後應用檢測DDoS事件的偵測時間來評估DDoS的規模，及當前網路拓撲的脆弱性。實驗結果表明，ADE的貢獻是：（1）提供客觀和量化的分析安全風險評估指標;（2）提供自主DDoS防禦框架，無需任何人工干預，允許雲端計算和物聯網公司專注於他們的服務並由ADE提供安全保護，以及（3）證明AI輔助安全風險評估的可能性，使處理安全防禦方案的企業能夠減少安全領域專家，來評估合適的網路防禦策略。

The cloud computing and Internet of Things (IoT) have become two key technologies to meet future business requirements. However, a massive scale of Distributed Denial-of-Service (DDoS) has been widely applied to congest network critical links and to paralyze the cloud and IoT service. This is mainly due to DDoS is easily implemented, obfuscated, and occulted by launching large-scale legitimate low-speed flows and rolling target links to paralyze target network areas. Many metrics and risk access management frameworks to evaluate the impact of DDoS are proposed. However, they all lack time granularity to evaluate the cost of different scales of attacks in IoT or large-scale network structure. This study proposes an AI Driven Evaluation framework, called ADE, that applies Convolution Neural Networks to statistically evaluate the network status through end-to-end functionality (Input: network status; Output: detected result) without any manual intervention. ADE provides quantitative security risk analysis by using learning time as the control variable, network structure as the independent variable, and time to identify DDoS as the dependent variable. The learning time to detect DDoS event is then applied to evaluate the scale of this DDoS, the reasonability of the regulated detection time, and the vulnerability of the current network topology. The experiment results demonstrate the contributions of ADE are (1) providing objective and quantitative analytical security risk assessment indicator, (2) providing an autonomic DDoS defense framework without any manual intervention which allows cloud computing and Internet of Things company focuses on their service and leaves security defending to ADE, and (3) demonstrating the possibility of AI assisted risk assessment which enables security defense solution buyer with less security domain experts to evaluate suitable network defense strategy.

[1]R. Millman, OVH suffers 1.1Tbps DDoS attack, 2016. Retrieved from https://www.scmagazineuk.com/ovh-suffers-11tbps-ddos-attack/article/1476220
[2]L. H. Newman, Github survived the biggest DDoS Attack Ever Recorded, 2018. Retrieved from https://www.wired.com/story/github-ddos-memcached/
[3]Y. Juba, H.-H. Huang, and K. Kawagoe, Dynamic Isolation of Network Devices Using OpenFlow for Keeping LAN Secure from Intra-LAN Attack, in proceeding of 17th International Conference in Knowledge Based and Intelligent Information and Engineering Systems – KES, 2013, pp. 810-819.
[4]X. Liu, H. Xue, X. Feng, and Y. Dai, Design of the multi-level security network switch system which restricts covert channel, in proceeding of IEEE 3rd International Conference on Communication Software and Networks (ICCSN), 2011
[5]Y. Chu, M. Tseng, Y. Chen, Y. Chou, and Y. Chen, A novel design for future on-demand service and security, in Proceeding of 12th IEEE International Conference on Communication Technology (ICCT), 2010.
[6]J. H. Jafarian, E. Al-Shaer, and Q. Duan, OpenFlow Random Host Mutation: Transparent Moving Target Defense using Software Defined Networking, in Proceeding of HotSDN 12, August 13, 2012, Helsinki, Finland, 2012, pp. 127-132.
[7]K. Sakuma, H. Asahina, S. Haruta, I. Sasase, Traceroute-based target link flooding attack detection scheme by analyzing hop count to the destination, in Proceeding of Asia-Pacific Conference on Communications (APCC), 2017, pp. 1-6.
[8]C. Liaskos and S. Ioannidis, Network Topology Effects on the Detectability of Crossfire Attacks, IEEE Transactions on Information Forensics and Security, vol. 13, no. 17, 2018, pp. 1682-1695.
[9]J. Zheng, Q. Li, G. Gu, J. Cao, D. K. Y. Yau, and J. Wu, Realtime DDoS Defense Using COTS SDN Switches via Adaptive Correlation Analysis, IEEE Transactions on Information Forensics and Security, vol. 13, no. 7, pp. 1838-1853.
[10]T. Varshney, K. Verma, Rectifying flow of duplicity using Bloom-filter, in proceeding of International Conference on Computer, Communications and Electronics, 2017, pp.300-304.
[11]T. Alves, R. Das, T. Morris, Embedding Encryption and Machine Learning Intrusion Prevention Systems on Programmable Logic Controllers, IEEE Embedded Systems Letters, 2018, pp. 1-1.
[12]A. A. Nayak, N. K. Sridhar, G. R. Poornima, Shivashankar, Ways for protection against various attacks in the Internet, in proceeding of IEEE International Conference on Recent Trends in Electronics, Information & Communication Technology, 2017, pp.24-28.
[13]Forum of Incident Response and Security Teams (FIRST), Common Vulnerability Scoring System, 2019. Retrieved from https://www.first.org/cvss/
[14]International Information System Security Certification Consortium, (ISC)2. Retrieved from https:// https://www.isc2.org/
[15]D. J. Klinedinst, CVSS and the Internet of Things, 2015. Retrieved from https://insights.sei.cmu.edu/cert/2015/09/cvss-and-the-internet-of-things.html
[16]A. Gordon, Official (ISC)2 guide to the CISSP CBK 4th Edition, Auerbach Publications, 2015. ISBN: 97814822627
[17]S. Rasal, V. Rasal, and S. Shelar, Enhancing Security Levels at ISP Server Using Multiple Security Techniques with Proposed Crypo Application, International Journal of Engineering and Technology Innovation, vol. 9, no. 1, 2019, pp. 49-60. Retrieved from http://ojs.imeti.org/index.php/IJETI/article/view/669
[18]A. Jain, and R. Kumar, Scalable Load Balancing Approach for Cloud Environment, International Journal of Engineering and Technology Innovation, vol. 7, no. 4, 2017, pp. 292-307. Retrieved from http://ojs.imeti.org/index.php/IJETI/article/view/483