Kartikeya Sharma Craig Jacobik 2025 Pacific NW Software Quality Conference

Graph Neural Network-Based DDoS Protection for Data Center Infrastructure

With rising cybersecurity threats, data center providers face growing pressure to protect their own management infrastructure from Distributed Denial-of-Service (DDoS) attacks. While customer-managed cages within colocation facilities generally fall outside the data center's direct security responsibilities, a successful DDoS assault on core provider systems can indirectly disrupt interconnect and network services by impacting the Availability component of the CIA Triad. To address this, we developed a Graph Neural Network (GNN) based detection system where we leverage Graph U-Nets to automatically classify and mitigate DDoS traffic in real time. Although developed using open-source network flows, the model effectively identifies network-layer DDoS attacks resembling malicious patterns threatening modern data centers.

Adopting this system to colocation environments requires minimal changes to existing operational workflows: the GNN based system can be integrated at access points in a data center's management or internet facing infrastructure. Our model achieved an F1 score of over 95% when evaluated on various open-source datasets, significantly reducing the likelihood of service disruptions and reputational damage. This GNN-based solution offers a scalable and proactive defense, helping data center operators maintain reliable service availability, strict SLA uptimes, and bolster customer trust.

Paper | Presentation

Kartikeya Sharma

Kartikeya completed his undergraduate studies at Goshen College with dual majors in computer science and accounting. He holds a Master's in Computer Science from the University of Oregon, where his research focused on applying Graph Neural Networks to detect spam in social media. Currently at Equinix, he works as a Senior Associate Information Security Engineer, specializing in machine learning applications for cybersecurity. Kartikeya is an active contributor to the security community, speaking at various conferences and serving on the review committees for several Bsides events, including Bsides SLC and Bsides Redrock.

Craig Jacobik

Craig Jacobik is an experienced Data Scientist and Manager with a demonstrated history of working information security problems in the online advertising, financial and healthcare industries. Craig possesses a unique blend of technical and analytical expertise with a strong background in computer science, mathematics, and cybersecurity. Craig has received numerous cybersecurity certifications including CISSP; SANS certificates including GSEC and GRID; Security+; and CEH. Craig is skilled in Python, R, Hadoop, Hive, Impala, Data Science and Optimization modeling techniques, and Quantitative Analytics. Craig is a strong entrepreneurial professional with a M.S. in Analytics from Georgia Tech and a B.S in Systems Engineering from the University of Virginia.