This project implements a high-rate network traffic analyzer designed for early detection and mitigation of Distributed Denial of Service (DDoS) attacks. The system combines GPU-accelerated entropy-based detection with a lightweight neural network classifier to identify malicious traffic in near real time.
The analyzer processes flow records derived from the CIC-DDoS2019 dataset. Traffic is grouped into fixed time windows, where entropy over bucketed source IPs is computed in parallel on the GPU using OpenCL. Windows with abnormal entropy are flagged and further analyzed using a pre-trained neural network classifier.
The system applies a two-stage detection strategy:
- Entropy-based anomaly detection using median and MAD thresholding
- Per-flow classification using a neural network
Based on detection confidence, mitigation actions are simulated using:
- Remote Triggered Black Hole (RTBH)
- iptables-style ACL rules with drop and token-bucket rate limiting
- GPU-accelerated entropy computation using OpenCL
- Robust statistical thresholding (Median + MAD)
- Lightweight neural network classifier
- Simulated RTBH and ACL-based mitigation
- JSON Lines logging for reproducible evaluation
- Designed for high-throughput and low-latency analysis
- CIC-DDoS2019 (flow-based traffic records)
This project was developed as a semester project for Parallel and Distributed Computing (PDC) and qualifies as a Complex Computing Problem (CCP) due to its integration of parallel programming, machine learning, statistical analysis, and network security mechanisms.