MHC-DDoS: A Multi-class Classifier Using Mixed Graph Learning For DoS and DDoS Detection

In the last few years, an increasing wave of Distributed Denial of Service (DDoS) attacks with serious damages has been observed. Recently, promising results have been reported using Graph Neural Networks (GNNs) in the construction of effective DDoS attack detection systems. This paper proposes a novel scheme based on GNNs and Host-Connection Graphs for DDoS attack detection. The proposed MHC-DDoS model uses host-connection graphs with oriented edges to encode the network hosts and the connections between them. Then, a message-passing mechanism with two parallel phases—flow to-host message-passing (F2H-MP) and host-to-flow message-passing (H2F MP)—isapplied to make each flow embedding express itself and other flows of the same attack. Finally, the resulting flow embeddings are fed into a readout function that outputs their labels. The proposed approach was evaluated using three well-known datasets that are: CIC-DDoS2019, EdgeIIoTset and CIC-IDS2017, and achieved significant classification results.