Shuhan Chen,Congqi Shen,Danrui Yu,Yuqin Wu,Chunming Wu

DOI: https://doi.org/10.1109/isncc52172.2021.9615889

2021-01-01

Abstract:Botnets provide a fundamental infrastructure for various kinds of network attacks, such as DDoS attack, etc. Detecting DDoS attack in botnet is a long-standing challenge. In this paper, we propose a novel method to detect DDoS attack in botnet through the analysis of packet forwarding and network traffic. The primary idea is to collect features from both overall network traffic and packet to describe the attack pattern and conduct a detection model with high accuracy. Firstly, apart from overall network traffic, we calculate several statistics related to looking up functions of flow tables during packet forwarding on switches to describe attack pattern. Secondly, these features are put into a deep learning model to detect DDoS attack. We perform evaluations under Software Defined Networking (SDN) paradigm. In particular, we compare the proposed method with traditional methods. The experimental results demonstrate that the proposed method is meaningful in improving the accuracy of DDoS attack detection by adding packet-level features extracted from packet forwarding.

Jie Ma,Wei Su,Yikun Li,Yihua Peng

DOI: https://doi.org/10.1016/j.future.2023.12.033

IF: 7.307

2024-01-05

Future Generation Computer Systems

Abstract:The availability of SD-IoT is now under complex and serious cyber threats, especially distributed denial-of-service attacks. However, traditional defense schemes suffer from coarse-grained centralized sampling approaches, low accuracy of detection models, and inefficient mitigation methods. In this paper, a novel DDoS defense scheme is proposed, which consists of a high-accuracy detection mechanism based on a Graph Convolutional Neural Network learning model and a mitigation mechanism based on fast traffic migration. In the detection stage, a fine-grained INT sampling approach is utilized to obtain multidimensional network topology and status information. The Graph Convolutional Neural Network learning model detects switches containing DDoS attack traffic with high accuracy because the detection model not only extracts and utilizes multiple temporal and spatial features of the collected information, but also has a better learning and representation capability. In the mitigation stage, the enhanced whitelist with dynamic threshold-based values is automatically adapted to the real-time state of the network environment for enhanced mitigation flexibility. The fast programmable segment rerouting strategy can block attack traffic in time and ensure the continuity of network services. The results of several comparison experiments show that the proposed scheme can detect DDoS attacks more accurately and mitigate them more effectively than traditional schemes.

computer science, theory & methods

Jie Ma,Wei Su

DOI: https://doi.org/10.1016/j.inffus.2024.102820

IF: 18.6

2024-01-01

Information Fusion

Abstract:The massive number of edge-connected IoT devices currently in SD-AIoT can be weaponized to launch Distributed Denial of Service attacks. Nevertheless, centralized DDoS defense schemes that excessively rely on up-to-date labeled training data are significantly inefficient due to the scarcity of such datasets. The privacy of these datasets and the widespread emergence of adversarial attacks make it difficult for autonomous system collaborators to share such sensitive data. To this end, we propose a novel decentralized defense scheme based on a trusted Federated Learning framework for AIoT scenarios. In particular, it consists of: (1) an outlier-aware Semi-supervised attack detection model for anomaly detection based on a Federated Learning framework that supports the robust identification of attack classes with a limited number of labeled outliers to reduce the false alarm rate; (2) a novel Secure Multiparty Computation method for trusted aggregation of local model updates to enhance the transmission privacy of collaborators’ parameters; (3) a mitigation mechanism based on horizontal cooperation to reduce the impact of packet loss on normal traffic by deploying differentiated speed-limiting policies with attack path pushback. Our evaluation of various attack scenarios and traces from real datasets CICIDS2017 and InSDN shows that the proposed scheme shows significant improvement in terms of accuracy, effectiveness, etc., compared to state-of-the-art SDN-based defense schemes.

Haosu Cheng,Jianwei Liu,Tongge Xu,Bohan Ren,Jian Mao,Wei Zhang

DOI: https://doi.org/10.1504/ijsnet.2020.109720

2020-01-01

International Journal of Sensor Networks

Abstract:The software-defined network (SDN) enabled internet of things (IoT) architecture is deployed in many industrial systems. The ability of SDN to intelligently route traffic and use underutilised network resources, enables IoT networks to cope with data onslaught smoothly. SDN also eliminates bottlenecks and helps to process IoT data efficiently without placing a larger strain on the network. The SDN-based IoT network is vulnerable to DDoS attack in a sophisticated usage environment. The SDN-based IoT network behaviours are different from traditional networks, which makes the detection of low-traffic DDoS attacks more difficult. In this paper, we propose a learning-based detection approach that deploys learning algorithms and utilizes stateful and stateless features from Openflow packages to identify attack traffics in SDN control and data planes. Our prototype approach and experiment results show that our system identified the low-rate DDoS attack traffic accurately with relatively low system performance overheads.

Dan Tang,Yudong Yan,Siqi Zhang,Jingwen Chen,Zheng Qin

DOI: https://doi.org/10.1109/jsac.2021.3126053

IF: 16.4

2022-01-01

IEEE Journal on Selected Areas in Communications

Abstract:Software-Defined Networking (SDN) is an emerging network architecture. The decoupled data and control plane provides programmability for efficient network management. However, the centralized control mode of SDN also exposes unique vulnerabilities. Low-rate Denial of Service (LDoS) has a lower attack rate than ordinary DDoS attacks with the characteristics of periodicity and concealment, which is among one of the severe threats to SDN. In this paper, we propose a lightweight, real-time framework Performance and Features (P&F) to detect and mitigate LDoS attacks with SDN. We implement LDoS attacks in SDN, extract traffic features with OpenFlow, and classify the features into two categories. By analyzing the performance (P) of normal traffic under attack state, P&F determines whether LDoS attacks take effect based on machine learning. Meanwhile, P&F tries to locate attack sources and victims according to flow features (F) of LDoS attacks based on time-frequency analysis. According to detection and locating results, P&F sets corresponding mitigation schemes. Experimental results show that P&F has a high detection rate and low false positive rate for detecting LDoS attacks. P&F can deploy on controllers to achieve real-time attack detection and mitigation with low system cost, which can defend against LDoS attacks effectively.

telecommunications,engineering, electrical & electronic

Xuan-Bo Huang,Kai-Ping Xue,Yi-Tao Xing,Ding-Wen Hu,Ruidong Li,Qi-Bin Sun

DOI: https://doi.org/10.1007/s11390-022-1495-0

IF: 1.871

2022-01-01

Journal of Computer Science and Technology

Abstract:Software-defined networking (SDN) decouples the data and control planes. However, attackers can lead catastrophic results to the whole network using manipulated flooding packets, called the data-to-control-plane saturation attacks. The existing methods, using centralized mitigation policies and ignoring the buffered attack flows, involve extra network entities and make benign traffic suffer from long network recovery delays. For these purposes, we propose LFSDM, a saturation attack detection and mitigation system, which solves these challenges by leveraging three new techniques: 1) using linear discriminant analysis (LDA) and extracting a novel feature called control channel occupation rate (CCOR) to detect the attacks, 2) adopting the distributed mitigation agents to reduce the number of involved network entities and, 3) cleaning up the buffered attack flows to enable fast recovery. Experiments show that our system can detect the attacks timely and accurately. More importantly, compared with the previous work, we save 81% of the network recovery delay under attacks ranging from 1 000 to 4 000 packets per second (PPS) on average, and 87% of the network recovery delay under higher attack rates with PPS ranging from 5 000 to 30 000.

Jiushuang Wang,Ying Liu,Wei Su,Huifen Feng

DOI: https://doi.org/10.1109/vtc2020-fall49728.2020.9348652

2020-01-01

Abstract:With the popularity of Internet of Things (IoT) applications, security has become extremely important. A recent distributed denial-of-service (DDoS) attack revealed vulnerabilities that are prevalent in IoT, and many IoT devices accidentally contributed to the DDoS attack. software-defined network provides a way to securely manage IoT devices. In this paper, we first present a general framework for software-defined Internet of Things (SD-IoT). The proposed framework consists of a SD-IoT controller, SD-IoT switches integrated with an IoT gateway, and IoT devices. We then propose a deep learning detection algorithm based on time series using the proposed SD-IoT framework. Finally, experimental results show that the proposed algorithm has good performance.

Muhammad Aslam,Dengpan Ye,Aqil Tariq,Muhammad Asad,Muhammad Hanif,David Ndzi,Samia Allaoua Chelloug,Mohamed Abd Elaziz,Mohammed A A Al-Qaness,Syeda Fizzah Jilani

DOI: https://doi.org/10.3390/s22072697

2022-03-31

Abstract:The development of smart network infrastructure of the Internet of Things (IoT) faces the immense threat of sophisticated Distributed Denial-of-Services (DDoS) security attacks. The existing network security solutions of enterprise networks are significantly expensive and unscalable for IoT. The integration of recently developed Software Defined Networking (SDN) reduces a significant amount of computational overhead for IoT network devices and enables additional security measurements. At the prelude stage of SDN-enabled IoT network infrastructure, the sampling based security approach currently results in low accuracy and low DDoS attack detection. In this paper, we propose an Adaptive Machine Learning based SDN-enabled Distributed Denial-of-Services attacks Detection and Mitigation (AMLSDM) framework. The proposed AMLSDM framework develops an SDN-enabled security mechanism for IoT devices with the support of an adaptive machine learning classification model to achieve the successful detection and mitigation of DDoS attacks. The proposed framework utilizes machine learning algorithms in an adaptive multilayered feed-forwarding scheme to successfully detect the DDoS attacks by examining the static features of the inspected network traffic. In the proposed adaptive multilayered feed-forwarding framework, the first layer utilizes Support Vector Machine (SVM), Naive Bayes (NB), Random Forest (RF), k-Nearest Neighbor (kNN), and Logistic Regression (LR) classifiers to build a model for detecting DDoS attacks from the training and testing environment-specific datasets. The output of the first layer passes to an Ensemble Voting (EV) algorithm, which accumulates the performance of the first layer classifiers. In the third layer, the adaptive frameworks measures the real-time live network traffic to detect the DDoS attacks in the network traffic. The proposed framework utilizes a remote SDN controller to mitigate the detected DDoS attacks over Open Flow (OF) switches and reconfigures the network resources for legitimate network hosts. The experimental results show the better performance of the proposed framework as compared to existing state-of-the art solutions in terms of higher accuracy of DDoS detection and low false alarm rate.

Meng Yue,Qingxin Yan,Zichao Lu,Zhijun Wu

DOI: https://doi.org/10.1109/tnsm.2024.3363490

2024-01-01

IEEE Transactions on Network and Service Management

Abstract:Software-Defined Networking (SDN) actualizes the separation of control and forwarding, innovates network functionality with a logically centralized controller, and facilitates network-wide collaboration. Contemporary SDN infrastructure exposes potential bottlenecks which are prone to engaging low-rate denial of service (LDoS) attacks. Currently, a great deal of detection methods are deployed in the controller, and the controller needs to poll the switch frequently, which brings heavy load to the controller and the southbound link. According to the analysis of existing researches, we focused on the how to decrease the frequent polling of the controller and improve the detection rate. In this paper, we adopted the idea of cross-plane collaboration and proposed a two-phase detection framework, which carried out the lightweight detection method in the data plane and the in-depth detection based on Bayesian voting mechanism in the control plane. Once LDoS attacks are detected, the controller recalculates routes for the bottleneck nodes using the optimized Dijkstra algorithm to complete mitigation. Theoretical analyses and extensive experiments are conducted to validate the performance of our proposed method. Test results show that our method outperforms other traditional methods in terms of the detection rate of 99.1%, the detection delay of 1.3s and the communication overhead of 1068 Byte/s, the average CPU utilization of controller remains at approximately 3.5%. The proposed method takes a step forward to enhance the security of SDN.

computer science, information systems

Saima Siraj Qureshi,Jingsha He,Sirajuddin Qureshi,Nafei Zhu,Zulfiqar Ali Zardari,Tariq Mahmood,Ahsan Wajahat

DOI: https://doi.org/10.3233/jifs-220932

2023-01-01

Journal of Intelligent & Fuzzy Systems

Abstract:The intelligence-embedded devices also called the Internet of Things, have heterogeneous characteristics and generate enormous data. To oblige the expansion of smart devices in the age of data, software-defined networking (SDN) has emerged as a promising cost-effective, scalable, versatile solution for IoT services. However, the proliferation and pervasiveness of IoT devices also bring some serious security concerns of cyber threats and attacks. This work presents a real-time intrusion detection and mitigation solution for SDN-enabled IoT infrastructure to provide autonomous security in high-traffic IoT networks in the 5G and beyond future. The suggested approach used an ensemble of Convolution Long short-term memory + Bidirectional Long short-term memory (ConvLSTM2D+BLSTM) at the SDN network layer to automate flow feature extraction and classification. For evolving distributed denial of service (DDoS) attacks, the testing is conducted on the CICIDS2017 dataset. The experimental results showed that the proposed security approach could detect and mitigate threats in real-time with high accuracy of 99.69% rate, 99.93% precision, and 99.65% F1-score by performing 10-fold cross-validation.

Jin Wang,Liping Wang

DOI: https://doi.org/10.3390/s22218287

IF: 3.9

2022-10-29

Sensors

Abstract:With the development of Software Defined Networking (SDN), its security is becoming increasingly important. Since SDN has the characteristics of centralized management and programmable, attackers can easily take advantage of the security vulnerabilities of SDN to carry out distributed denial of service (DDoS) attacks, which will cause the memory of controllers and switches to be occupied, network bandwidth and server resources to be exhausted, affecting the use of normal users. To solve this problem, this paper designs and implements an online attack detection and mitigation SDN defense system. The SDN defense system consists of two modules: anomaly detection module and mitigation module. The anomaly detection model uses a lightweight hybrid deep learning method—Convolutional Neural Network and Extreme Learning Machine (CNN-ELM) for anomaly detection of traffic. The mitigation model uses IP traceback to locate the attacker and effectively filters out abnormal traffic by sending flow rule commands from the controller. Finally, we evaluate the SDN defense system. The experimental results show that the SDN defense system can accurately identify and effectively mitigate DDoS attack flows in real-time.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Yuyang Zhou,Guang Cheng,Shui Yu

DOI: https://doi.org/10.1109/tifs.2021.3127009

IF: 7.231

2021-01-01

IEEE Transactions on Information Forensics and Security

Abstract:The Internet of Things (IoT) is becoming truly ubiquitous in every domain of human lives, and a large number of objects can be connected and enabled to communicate with cloud servers at any time. However, complex connections and vulnerabilities of IoT devices introduce inevitable security threats, in which distributed denial-of-service (DDoS) attacks usually incur catastrophic results. Unfortunately, the existing DDoS mitigation methods cannot provide effective protection. Moreover, the amplifying complexity and increasing delay incurred by defense greatly affect the stability of IoT networks. To tackle these problems, we present a novel framework that can proactively adapt the attack surface of IoT networks, dynamically optimize defense strategies, and rapidly deploy the corresponding defense mechanisms. In particular, we establish hybrid proactive defense mechanisms combining Moving Target Defense (MTD) techniques with cyber deception to spread camouflage information to confuse attackers. Based on these mechanisms, we introduce a defender-led signaling game model to formalize defense scenarios and depict the interactions between the defender and the attacker. Besides, we present an optimal algorithm to solve decision problems and optimize defense implementation in a cost-effective manner. Our extensive experiments demonstrate that the proposed approach can effectively mitigate DDoS attacks and maintain a high level of performance in IoT networks with acceptable overhead.

Hong Zhong,Chao Yu,Jie Cui,Xiuwen Sun,Chengjie Gu,Lu Liu

DOI: https://doi.org/10.1109/hpcc-dss-smartcity-dependsys53884.2021.00059

2021-01-01

Abstract:Since software-defined networking (SDN) has the ad-vantages of central control programmability and global view, it is suitable for industrial network. However, large-scale security risks such as distributed denial of service (DDoS) attacks endanger the security and reliability of services in the SDN-based system. Therefore, a comprehensive and efficient solution to this issue is crucial. This paper proposes a scheme for mitigating DDoS attack traffic deployed on an SDN application plane. The framework periodically obtains the traffic statistics of the switch ports and flow tables. After obtaining the traffic characteristics, a machine learning model is used for training. The trained model can identify benign and malicious traffic. After the attack is found, the rules are sent to the switch to control the flow and resist DDoS attacks. We use the CICDDoS2019 dataset to perform experiments. The experimental results show that compared to other schemes, the proposed scheme achieves more accurate classification.

Ying Liu,Ting Zhi,Ming Shen,Lu Wang,Yikun Li,Ming Wan

DOI: https://doi.org/10.1016/j.future.2021.11.009

IF: 7.307

2022-01-01

Future Generation Computer Systems

Abstract:Software Defined Networking (SDN) decouples the control plane and the data plane and solves the difficulty of new services deployment. However, the threat of a single point of failure is also introduced at the same time. Attackers usually launch distributed denial of service (DDoS) attacks towards the controller through switches. However, it is difficult for the traditional DDoS detection methods to balance the relationship between accuracy and efficiency. Statistical analysis-based methods have low accuracy, while machine learning-based methods have low efficiency and high training cost. In this paper, a two-level DDoS attack detection method based on information entropy and deep learning is proposed. First, the information entropy detection mechanism detects suspicious components and ports in coarse granularity. Then, a fine-grained packet-based detection mechanism is executed by the convolutional neural network (CNN) model to distinguish normal traffic from suspicious traffic. Finally, the controller performs the defense strategy to intercept the attack. The experiment results indicate that the detection accuracy of the proposed method reaches 98.98%, which shows the potential of detecting DDoS attack traffic effectively in the SDN environment.

Dan Tang,Xiyin Wang,Yudong Yan,Dongshuo Zhang,Huan Zhao

DOI: https://doi.org/10.1016/j.comcom.2021.10.007

IF: 5.047

2022-01-01

Computer Communications

Abstract:Low-rate Denial of Service (LDoS) attacks cause severe destructiveness to network security. Consequently, the implementation of detection and defense against them is a concern among the research communities. But it is formidable to deploy extension modules to detect and mitigate attacks online in traditional networks, because devices are deficient of flexibility and scalability. To address the problem, we design and implement an online attack detection and mitigation system (ADMS) framework via the scalable and programmable Software Defined Networking (SDN). ADMS is installed on SDN controllers and conforms to the OpenFlow policy without extra devices. ADMS consists of two modules: the two-phase detection module and the mitigation module. The two-phase detection module combines the new port traffic feature and the Lightgbm classifier based on flow table statistics traffic to precisely detect LDoS attacks. The mitigation module utilizes the novel Sequence Matching based Dynamic Series Analysing (SMDSA) algorithm to locate the attacker, and efficiently mitigates attack traffic by packet filter. The SMDSA algorithm distinguishes the victim port from benign ports by calculating the anomaly score of each port. Our evaluation on a prototype implementation of ADMS shows that the framework is able to precisely identify and efficiently mitigate LDoS attacks in real-time.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yandong Liu,Mianxiong Dong,Kaoru Ota,Jianhua Li,Jun Wu

DOI: https://doi.org/10.1109/CAMAD.2018.8514971

2018-01-01

Abstract:Distributed Denial-of-Service (DDoS) flooding attack has remained as one of the most destructive attacks for more than two decades. Although great efforts have been made to design the defense mechanism, it is still difficult to mitigate these attacks in real time smartly and effectively for the reason that attack traffic may mix with benign traffic. Software-Defined Networks (SDN) decouples control and data plane in the network. Its centralized control paradigm and global view of the network bring some new chances to enhance the defense ability against network attacks. In this paper, we propose a deep reinforcement learning based framework, which can smartly learn the optimal mitigation policies under different attack scenarios and mitigate the DDoS flooding attack in real time. This framework is an effective system to defend against a wide range of DDoS flooding attacks such as TCP SYN, UDP, and ICMP flooding. It can intelligently learn the patterns of attack traffic and throttle the attack traffic, while the traffic of benign users is forwarded normally. We compare our proposed framework with a baseline along with a popular state-of-the-art router throttling method. The experimental results show that our approach can outperform both of them in five attacking scenarios with different attack dynamics significantly.

Boren He,Futai Zou,Yue Wu

DOI: https://doi.org/10.1109/ssic.2018.8556830

2018-01-01

Abstract:Distributed Denial of Service (DDoS) attack is one of the most severe threat in current internet. Software Defined Network (SDN) is novel network structure based on the idea of separation of control plane and data plane. SDN allows us to program and monitor networks, and decide how to forward a packet, so it provides a new solution to defend DDoS attack. This paper proposes a multi-SDN Based cooperation scheme to defend DDoS attack. We adopt machine learning to detect DDoS attack, and design a protocol to enable communication among controllers. This protocol can achieve two goals, one is to build and maintain an independent network among controllers of different SDN, and the other is to enable attack information exchange among controllers, so they can find attacker and mitigate DDoS attack. The experimental results show that the proposed protocol can achieve high detection accuracy, find attackers accurately and mitigate DDoS attack traffic effectively with a relatively low cost and latency.

Dan Tang,Hongbo Cao,Jiliang Zhang,Zheng Qin,Wei Liang,Xiaopu Ma

DOI: https://doi.org/10.1016/j.comnet.2024.110666

IF: 5.493

2024-01-01

Computer Networks

Abstract:The SDN architecture decouples control plane from data plane, making it more susceptible to various abnormal traffic and network attacks, with LDoS attack being one of them. LDoS attackers periodically send short- duration pulses with high rate to bottleneck links to preempt legitimate TCP traffic bandwidth, severely disrupting the transmission of TCP traffic. Current researches on LDoS attacks are mostly implemented in SDN environments, making them exhibit poor portability during deployment and unavoidable time delays. This paper proposes EXCLF, a LDoS attack detection and mitigation model fully deployed on programmable data plane. To identify LDoS attacks, the model gathers features of the traffic going through the switch and feeds them into a decision tree. Once LDoS attack happens, the model collects data at flow level to pinpoint the attacker and initiates corresponding mitigation measures. Extensive experiments were conducted to evaluate the proposed model, and the results indicate that EXCLF achieves a correct rate of 96.39%, with false positive and false negative rates both below 3%. Additionally, the model demonstrates low detection latency and can quickly respond to attacks. The model proves to be an attack detection and mitigation method with good portability and efficiency.

Yongyi Cao,Jing Wu,Bo Zhu,Hao Jiang,Yuchuan Deng,Wei Luo

DOI: https://doi.org/10.1007/978-3-030-34139-8_23

2019-01-01

Abstract:Distributed Denial of Service (DDoS) has been one of the biggest threats in the field of network security and a big problem to many researchers and large enterprises for years. In SDN, traditional DDoS attack detection mechanisms are mostly based on intermediate plug-ins or SDN controllers, most of which have problems of large southbound communication overhead, detection delay or lacking network-wide monitoring information. In this paper, we propose a cross-plane cooperative DDoS defense system (CPCS) under the architecture of SDN, which filters abnormal traffic through coarse-grained detection on the data plane and fine-grained detection on the control plane. On the data plane, a preliminary screening is performed to reduce the detection range of the control plane, and the K-means clustering algorithm is used to perform fine-grained analysis of traffic on the control plane. In addition, an anti-false positive module is added ingeniously. The proposed method captures the key characteristics of DDoS attack traffic by polling the value of counters in OpenFlow switches which leverages the computational power of OpenFlow switches that currently not fully utilized. We conducted experiments on a campus network center including OpenFlow switches and RYU controllers. The results show that the framework and traffic monitoring algorithms proposed in this paper can greatly improve detection efficiency and accuracy, and reduce detection delay and southbound communication overhead.

Gang Liu,Wei Quan,Nan Cheng,Hongke Zhang,Shui Yu

DOI: https://doi.org/10.1016/j.jnca.2019.01.006

IF: 7.574

2019-01-01

Journal of Network and Computer Applications

Abstract:Stateful forwarding plane is fully considered as a novel forwarding paradigm, which is proven to be beneficial to delivery efficiency and resilient to certain types of attacks. However, this fresh attempt also introduces "varietal" Denial-of-Service attack due to complicated forwarding state operations, which may cause long-term memory exhaustion of forwarding nodes, especially for resource-limited IoT nodes. This new distributed exhaustion attack is extremely hidden and there is currently no effective defense against it. In this paper, we first establish a game model to analyze the attack benefit between attacker and defender. To further make the defender obtain more utility, it is significative to make the defender manage expired state-entries during stateful forwarding. To this end, we propose an enhanced distributed low-rate attack mitigating (eDLAM) mechanism. Particularly, eDLAM maintains a lightweight malicious request table (MRT), which is very small, to offload burden of practical forwarding state table. When a packet request is matched in MRT, it will be marked and dropped directly without any impact on forwarding state table. Based on this, eDLAM adopts an optimal threshold update method for MRT to achieve a maximum defender utility. We evaluate the eDLAM performance in terms of false negatives rate (FNR) and false positives rate (FPR). Extensive experimental results show that eDLAM can reduce FNR by 10.5% and FPR by 44% on average compared with state-of-the-art mechanisms.