An Easy Defense Mechanism Against Botnet-based DDoS Flooding Attack Originated in SDN Environment Using sFlow

Lu, Yiqin; Wang, Meng

doi:10.1145/2935663.2935674

Cited by 14 publications

(8 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…According to equation ( 2) and ( 3), the DCD is used to measure the number of flows that concurrently access to the same target, and the intensity is used to measure the total rate of all flows in a Dflow set. These two features were proposed in our early work of an easy defense method [39]. In terms of probability, assuming the probability of a node to access a certain target at a certain time is p and this probability for all nodes obeys independent and identical distribution.…”

Section: Macro Detection Based On Dcdmentioning

confidence: 99%

Source-Based Defense Against DDoS Attacks in SDN Based on sFlow and SOM

Wang

Qin

2022

IEEE Access

Self Cite

View full text Add to dashboard Cite

In the traditional distributed control network, due to the difficulty in detection and the ambiguous defense responsibility, it is not efficient and effective to detect DDoS attacks in the network where they are launched, which is so-called source-based defense mechanism. However, with the development of cloud computing, Internet of Things (IoT), and mobile Internet, the number of terminals and the communication bandwidth in a single autonomous domain has increased significantly, providing much more favorable conditions for organizing large-scale botnets to launch a threatening DDoS attack. Therefore, there is a urgent need for source-based defense against DDoS attacks. The emerging Software-Defined Networking (SDN) provides some new ideas and advantages to solve this problem, such as centralized control and network programmability. In this paper, we proposed a defense method based on sFlow and an improved Self-Organizing Map (SOM) model in the SDN environment. This method combines a sFlowbased macro-detection, which could cover the entire network to perceive DDoS attacks, with a SOMbased micro-detection, which is used to recognize the attack traffic, and also provides a response strategy based on the global view given by the controller. The experimental results under open data and simulated attack scenarios have proved the effectiveness of the proposed method, and it has better overall detection performance than k-means and k-medoids.

show abstract

Section: Macro Detection Based On Dcdmentioning

confidence: 99%

Source-Based Defense Against DDoS Attacks in SDN Based on sFlow and SOM

Wang

Qin

2022

IEEE Access

Self Cite

View full text Add to dashboard Cite

show abstract

“…Most DDOS attacks are conducted from within botnets. A botnet is a collection of numerous PC devices that have been unintentionally brought together, typically due to an infection or other harmful code [4].…”

Section: Ddos Attackmentioning

confidence: 99%

“…Protect the production devices by drawing an attacker's attention away from the real network. 4. Gather details about the attacker's equipment, strategies, and tactics.…”

Section: Honeypotsmentioning

confidence: 99%

A hybrid honeypot framework for DDOS attacks detection and mitigation

Melhem¹,

Dayoub²

2022

Preprint

View full text Add to dashboard Cite

Dependency on the internet is escalating day by day, which makes it prone to myriad security threats, for instance phishing, SQL injection, malware and attacks. These threaten one or more of the CIA triad elements, which are Confidentiality, Integrity and Availability. Hence, ensuring continuous security has become an inseparable challenge. These threats could be detected by the classical mechanisms of security such as IDS (Intrusion Detection System), firewalls and antivirus, but after it happens, which means they act as healing tools but do not prevent the threats, also they do not provide detection for new threats, this is where the Honeypot comes in. Honeypot is a trap used to lure possible attackers and interact with them to detour, expose or prohibit per se attacks and to learn new attacker’s techniques. This paper presents a hybrid framework consisting of two types of honeypots to relieve the flaws of each type and offer the benefits of both types. Testing this framework with real DDOS (Distributed Denial of Service) attack traffic against a webserver has shown that it is not only practical, but also very efficient by keeping the web server’s availability for legitimate users.

show abstract

“…Lu and Wang [19] proposed an approach on the sourcebased guard system against DDoS flooding attack botnet based through joining the force of SDN (Software-Defined Networking) and SFLOW (Sample Flow) technology. Firstly, they defined a metric to quantify the fundamental components of this kind of attack, which implies distribution and coordinated effort.…”

Section: Related Workmentioning

confidence: 99%

An Effective Mechanism to Mitigate Real-Time DDoS Attack

et al. 2020

View full text Add to dashboard Cite

Computer networks are subject to an unprecedented number and variety of attack, the majority of which are distributed denial of service (DDoS). The nature and mechanisms employed in these DDoS attacks continually change, creating a significant challenge for detection and management. To address this evolving nature of attacks, approaches are required that can effectively detect and mitigate emerging attacks. In this paper, we provide a mechanism that not only detects the presence of a DDoS attacks but also identifies the route of attack and commences a process of mitigation at the initial stage of identification. The proposed research involves an optimized SVM classification algorithm integrated with SNORT IPS to provide prevention mechanisms for the entire network when subject to DDoS attack. The proposed IPS method allows traffic identified as legitimate to pass through the network, whereas suspect traffic is flagged and has to go through an identification system. We present the algorithm with experimental results that show better performance than simple Snort IPS, Probabilistic Neural Network (PNN), Back Propagation (BP), Chi-square, and PSO-SVM in terms of accuracy, exposure and specificity. These results show that the average accuracy rate of our method is 97 percent.

show abstract

An Easy Defense Mechanism Against Botnet-based DDoS Flooding Attack Originated in SDN Environment Using sFlow

Cited by 14 publications

References 17 publications

Source-Based Defense Against DDoS Attacks in SDN Based on sFlow and SOM

Source-Based Defense Against DDoS Attacks in SDN Based on sFlow and SOM

A hybrid honeypot framework for DDOS attacks detection and mitigation

An Effective Mechanism to Mitigate Real-Time DDoS Attack

Contact Info

Product

Resources

About