Authors: Qingyang Li, Yihang Zhang, Zhidong Jia, Yannan Hu, Lei Zhang, Jianrong Zhang, Yongming Xu, Yong Cui, Zongming Guo, Xinggong Zhang

Published on: May 13, 2024

Impact Score: 7.4

Arxiv code: Arxiv:2405.07638

Summary

• What is new: Utilizing large language models (LLMs) to interpret and analyze non-language network data for detecting new DDoS attacks like Carpet Bombing.
• Why this is important: Traditional DDoS defenses struggle against Carpet Bombing attacks due to their low-rate, multi-vector characteristics.
• What the research proposes: DoLLM, a model that reorganizes network flows into Flow-Sequences and uses LLMs to understand and detect DDoS activities.
• Results: Significant improvements in DDoS detection; F1 score increased by up to 33.3% in zero-shot scenarios and by at least 20.6% in real ISP traces.

Technical Details

Technological frameworks used: Open-source LLMs

Models used: DoLLM

Data used: CIC-DDoS2019, NetFlow trace from top-3 countrywide ISP

Potential Impact

Cybersecurity vendors, ISPs, cloud service providers

Want to implement this idea in a business?

We have generated a startup concept here: FlowGuard.