Content delivery networks (CDNs) provide efficient content distribution over the Internet. CDNs improve the connectivity and efficiency of global communications, but their caching mechanisms may be breached by cyber-attackers. Among the security mechanisms, effective anomaly detection forms an important part of CDN security enhancement. In this work, we propose a multi-perspective unsupervised learning framework for anomaly detection in CDNs. In the proposed framework, a multi-perspective feature engineering approach, an optimized unsupervised anomaly detection model that utilizes an isolation forest and a Gaussian mixture model, and a multi-perspective validation method, are developed to detect abnormal behaviors in CDNs mainly from the client Internet Protocol (IP) and node perspectives, therefore to identify the denial of service (DoS) and cache pollution attack (CPA) patterns. Experimental results are presented based on the analytics of eight days of real-world CDN log data provided by a major CDN operator. Through experiments, the abnormal contents, compromised nodes, malicious IPs, as well as their corresponding attack types, are identified effectively by the proposed framework and validated by multiple cybersecurity experts. This shows the effectiveness of the proposed method when applied to real-world CDN data.

中文翻译：

---

使用优化的无监督异常检测的多视角内容交付网络安全框架

内容分发网络 (CDN) 在 Internet 上提供高效的内容分发。CDN 提高了全球通信的连接性和效率，但其缓存机制可能会被网络攻击者破坏。在安全机制中，有效的异常检测是CDN安全增强的重要组成部分。在这项工作中，我们提出了一个多视角无监督学习框架，用于 CDN 中的异常检测。在所提出的框架中，开发了多视角特征工程方法、利用隔离森林和高斯混合模型的优化无监督异常检测模型以及多视角验证方法，以检测主要来自客户端的 CDN 中的异常行为互联网协议 (IP) 和节点视角，因此，要识别拒绝服务 (DoS) 和缓存污染攻击 (CPA) 模式。实验结果基于对主要 CDN 运营商提供的 8 天真实世界 CDN 日志数据的分析。通过实验，所提出的框架有效识别了异常内容、受损节点、恶意IP及其对应的攻击类型，并得到了多位网络安全专家的验证。这显示了所提出的方法在应用于实际 CDN 数据时的有效性。被提议的框架有效识别并由多位网络安全专家验证。这显示了所提出的方法在应用于实际 CDN 数据时的有效性。被提议的框架有效识别并由多位网络安全专家验证。这显示了所提出的方法在应用于实际 CDN 数据时的有效性。