F-OSFA: A Fog Level Generalizable Solution for Zero-Day DDOS Attacks Detection

The globalization and digitization of society have caused a surge in network traffic, making reliable online services essential for user trust and system functionality. However, these services face ever-increasing threats, particularly complex and well-developed Distributed Denial of Service (DDoS) attacks. Zero-day DDoS attacks, a type of DDoS attack, are especially challenging because their new and unseen nature and lack of training data render traditional Intrusion Detection and Prevention Systems (IDPS) ineffective. To tackle this, we propose the Fog-based One Solution For All (F-OSFA) system - a model with three specialized components. The first component uses a hybrid machine learning and deep learning framework that combines convolutional neural networks (CNNs) and decision trees to detect traditional DDoS attacks. The second component employs a few-shot learning module with a contractive autoencoder for zero-day attack detection. The third component is a signature-based resource usage analyzer to counter attacks mimicking normal traffic. We demonstrate the efficacy of F-OSFA on publicly available datasets and prove the scheme is generalizable and effective. F-OSFA achieves an accuracy of 99.72% on CICDDoS2019 and 99.96% on CICIDS2017. In addition, it demonstrates its efficacy in the zero-day scenario as well by achieving a 96.77% on CICDDoS2019 and 95.98% on CICIDS2017. These evaluations testify to F-OSFA as a reliable and versatile solution against ever-evolving DDoS threats.