DDoS Attack Detection via Privacy-aware Federated Machine-Learning and Collaborative Mitigation in Multi-domain Cyber Infrastructures

Lecture / Panel
For NYU Community



Vasilis Maglaris

Professor Emeritus

National Technical University of Athens


DDoS Attack Detection via Privacy-aware Federated Machine-Learning and Collaborative Mitigation in Multi-domain Cyber Infrastructures


Interconnected cyber infrastructure, accessible via the Internet, are a common target of DDoS attacks intending to downgrade their operations and services. Collaborative protection mechanisms are prime candidates to defend against massive attacks but, although collaborations were instrumental in the Internet success story, this is largely not extended to multidomain cyber security. Notably, collaborative DDoS detection is hindered by data privacy legislations, while mitigation is limited to operations of stand-alone rigid firewalls. Motivated by these shortcomings, we propose a Federated Learning schema for collaborative privacy-aware DDoS detection. Coordination is orchestrated by a third trusted party that aggregates machine learning models proposed by collaborators based on their private attack and benign traces, without exchanging sensitive data. Attacks detected via the privacy-aware federated model are subsequently mitigated by efficient and scalable firewalls, implemented within the eXpress Data Path (XDP) data plane programmability framework. Our approach was evaluated using production traffic traces in terms of packet classification accuracy and packet processing performance. We conclude that our proposed Federated Learning framework enabled collaborators to accurately classify benign and attack packets, thereby improving individual domain accuracy. Furthermore, our data plane programmable firewalls promptly  mitigated large-scale attacks in emulated federated cyber infrastructures.

Index Terms—Federated Machine Learning, Federated Clouds, Multi-domain DDoS Protection, Programmable Data Planes, eXpress Data Path (XDP) 


Professor Vasilis Maglaris holds an Engineering Degree from the National Technical University of Athens – NTUA (Athens, Greece, 1974), an M.Sc. from Polytechnic University (Brooklyn NY, 1975) and a Ph.D. degree from Columbia University (New York, USA, 1979). Between 1979 and 1989 he held industrial and academic positions in the USA, all in advanced electronic communications. From 1981 to 1990 he was with the faculty of EE/CS of Polytechnic University - now NYU Tandon/Poly - Brooklyn NY.  From 1990 to 2019 he was with the faculty of the School of Electrical & Computer Engineering at NTUA teaching and performing research on Internet technologies, directing the Network Management & Optimal Design (NETMODE) Laboratory that he established. He was responsible for the development of the NTUA Campus LAN and of GRNET, the National Research & Education Network (NREN) of Greece. From 2004 to 2012 he was the GÉANT Policy Committee Chairman, the governance body of the advanced Internet serving the 37 NRENs of the extended European Research Area. From July 2012 to June 2013 he served as General Secretary for Research & Technology appointed by the Greek coalition Government, on hold from his duties at NTUA. In 2020 the NTUA Senate conferred upon him the title of Professor Emeritus, enabling him to continue his teaching and research activities beyond his retirement in 2019. His current research interest focus on attack protection of cyber-infrastructures via machine learning algorithms, possibly leveraging on data-plane technologies.