A Software-Defined Networking (SDN) Approach to Mitigating DDoS Attacks

D’Cruze, Hubert; Wang, Ping; Sbeit, Raed Omar; Ray, Andrew

doi:10.1007/978-3-319-54978-1_19

Cited by 16 publications

(7 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Also, Jazi et al [63] proposed a technique for detecting HTTP-based DoS attacks at the application layers of web servers using sampling techniques, while Behal et al [64] reviews existing strategies and methods for characterising and isolating Distributed Denial of Service (DDoS) attacks, even in the midst of flash events. Lonea [65] proposed a quantitative method for detecting DDoS attacks in cloud environments by analysing intrusion detection system alerts, while D'Cruze [66] proposed an efficient and flexible Software-Defined Networking (SDN) solution to mitigate DDoS attacks on Internet Service Provider (ISP) networks. Furthermore, machine learning-based detection techniques have also been proposed for the detection of DDoS attacks that are widely known to feature botnets as the primary threat agent.…”

Section: Botnet Countermeasuresmentioning

confidence: 99%

A Botnets Circumspection: The Current Threat Landscape, and What We Know So Far

et al. 2019

View full text Add to dashboard Cite

Botnets have carved a niche in contemporary networking and cybersecurity due to the impact of their operations. The botnet threat continues to evolve and adapt to countermeasures as the security landscape continues to shift. As research efforts attempt to seek a deeper and robust understanding of the nature of the threat for more effective solutions, it becomes necessary to again traverse the threat landscape, and consolidate what is known so far about botnets, that future research directions could be more easily visualised. This research uses the general exploratory approach of the qualitative methodology to survey the current botnet threat landscape: Covering the typology of botnets and their owners, the structure and lifecycle of botnets, botnet attack modes and control architectures, existing countermeasure solutions and limitations, as well as the prospects of a botnet threat. The product is a consolidation of knowledge pertaining the nature of the botnet threat; which also informs future research directions into aspects of the threat landscape where work still needs to be done.

show abstract

Section: Botnet Countermeasuresmentioning

confidence: 99%

A Botnets Circumspection: The Current Threat Landscape, and What We Know So Far

et al. 2019

View full text Add to dashboard Cite

show abstract

“…A classic example of this type of attack is the Ping of Death [11]. With the rise of effective defense techniques against this type of attack, the attackers have redefined it into DDoS which is capable of blocking the resources of the target machine such as the connection link [12], applications [13,14] and/or hardware resources [15]. DDoS attacks aim at making the old one-to-one attack into a new and more elaborate many-to-one attack, recruiting as many infected computers as possible and creating a botnet (robot network) in order to send a huge amount of data traffic towards the target machine.…”

Section: Introductionmentioning

confidence: 99%

Detection of reduction-of-quality DDoS attacks using Fuzzy Logic and machine learning algorithms

et al. 2021

View full text Add to dashboard Cite

Distributed Denial of Service (DDoS) attacks are still among the most dangerous attacks on the Internet. With the advance of methods for detecting and mitigating these attacks, crackers have improved their skills in creating new DDoS attack types with the aim of mimicking normal traffic behaviour therefore becoming silently powerful. Among these advanced DDoS attack types, the so-called lowrate DoS attacks aim at keeping a low level of network traffic. In this paper, we study one of these techniques, called Reduction of Quality (RoQ) attack. To investigate the detection of this type of attack, we evaluate and compare the use of four machine learning algorithms: Multi-Layer Perceptron (MLP) neural network with backpropagation, K-Nearest Neighbors (K-NN), Support Vector Machine (SVM) and Multinomial Naive Bayes (MNB). We also propose an approach for detecting this kind of attack based on three methods: Fuzzy Logic (FL), MLP and Euclidean Distance (ED). We evaluate and compare the approach based on FL, MLP and ED to the above machine learning algorithms using both emulated and real traffic traces. We show that among the four Machine Learning algorithms, the best classification results are obtained with MLP, which, for emulated traffic, leads to a F1-score of 98.04% for attack traffic and 99.30% for legitimate traffic, while, for real traffic, it leads to a F1-score of 99.87% for attack traffic and 99.95% for legitimate traffic. Regarding the approach using FL, MLP and EC, for classification of emulated traffic, we obtained a F1-score of 98.80% for attack traffic and 99.60% for legitimate traffic, while, for real traffic, we obtained a F1-score of 100% for attack traffic and 100% for legitimate traffic. However, the better performance of the approach based on FL, MLP and ED is obtained at the cost of larger execution time, since MLP required 0.74 ms and 0.87ms for classification of the emulated and real traffic datasets, respectively, where as the approach using FL, MLP and ED required 11'46" and 46'48" to classify the emulated and real traffic datasets, respectively.

show abstract

“…Trojan horses, backdoors, or worms are usually used to recruit zombies [8], [9]. The second step involves the attacker use these zombies to activate flooding attacks by exhausting a server or network resources including bandwidth, memory, router's processing capacities, disk/database [6]. The DDoS attack disrupts the attacked system and the services that are provided by the system to legitimate users.…”

Section: Introductionmentioning

confidence: 99%

Comprehensive Review of Artificial Intelligence and Statistical Approaches in Distributed Denial of Service Attack and Defense Methods

et al. 2019

View full text Add to dashboard Cite

Until now, an effective defense method against Distributed Denial of Service (DDoS) attacks is yet to be offered by security systems. Incidents of serious damage due to DDoS attacks have been increasing, thereby leading to an urgent need for new attack identification, mitigation, and prevention mechanisms. To prevent DDoS attacks, the basic features of the attacks need to be dynamically analyzed because their patterns, ports, and protocols or operation mechanisms are rapidly changed and manipulated. Most of the proposed DDoS defense methods have different types of drawbacks and limitations. Some of these methods have signature-based defense mechanisms that fail to identify new attacks and others have anomaly-based defense mechanisms that are limited to specific types of DDoS attacks and yet to be applied in open environments. Subsequently, extensive research on applying artificial intelligence and statistical techniques in the defense methods has been conducted in order to identify, mitigate, and prevent these attacks. However, the most appropriate and effective defense features, mechanisms, techniques, and methods for handling such attacks remain to be an open question. This review paper focuses on the most common defense methods against DDoS attacks that adopt artificial intelligence and statistical approaches. Additionally, the review classifies and illustrates the attack types, the testing properties, the evaluation methods and the testing datasets that are utilized in the methodology of the proposed defense methods. Finally, this review provides a guideline and possible points of encampments for developing improved solution models of defense methods against DDoS attacks. INDEX TERMS DDoS attack, DDoS defense, artificial intelligence technique, statistical technique.

show abstract

A Software-Defined Networking (SDN) Approach to Mitigating DDoS Attacks

Cited by 16 publications

References 30 publications

A Botnets Circumspection: The Current Threat Landscape, and What We Know So Far

A Botnets Circumspection: The Current Threat Landscape, and What We Know So Far

Detection of reduction-of-quality DDoS attacks using Fuzzy Logic and machine learning algorithms

Comprehensive Review of Artificial Intelligence and Statistical Approaches in Distributed Denial of Service Attack and Defense Methods

Contact Info

Product

Resources

About