Threshold-based distributed DDoS attack detection in ISP networks

Singh, Karanbir; Dhindsa, Kanwalvir Singh; Hushan, Bharat

doi:10.3906/elk-1712-3

Cited by 7 publications

(5 citation statements)

References 18 publications

(19 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The cloud-based detection is executed within the emulated remote cloud collecting traffic data from node R1. Two additional detection methods were implemented for evaluation purposes: Cosine Similarity [8] and Shannon's Entropy [6] [17]. Both detection strategies were adapted to use the metrics presented in Section II, and were selected considering their previous use in coarse-grained DDoS detection [6] [8].…”

Section: Performance Evaluationmentioning

confidence: 99%

“…Both detection strategies were adapted to use the metrics presented in Section II, and were selected considering their previous use in coarse-grained DDoS detection [6] [8]. Since a thresholding approach was adopted for all detection strategies, the methodology presented in [17] was used to optimize the threshold selection process and enhance the overall accuracy. To emulate an attack, we developed a Python script using the Scapy library 3 to generate spoofed source address and destination ports, targeting an arbitrary server within the remote cloud in Fig.…”

Section: Performance Evaluationmentioning

confidence: 99%

See 1 more Smart Citation

High-performance, platform-independent DDoS detection for IoT ecosystems

Santoyo-González

Cervelló-Pastor

Pezaros

2019

2019 IEEE 44th Conference on Local Computer Networks (LCN)

View full text Add to dashboard Cite

Most Distributed Denial of Service (DDoS) detection and mitigation strategies for Internet of Things (IoT) are based on a remote cloud server or purpose-built middlebox executing complex intrusion detection methods, that impose stringent scalability and performance requirements on the IoT due to the vast amounts of traffic and devices to be handled. In this paper, we present an edge-based detection scheme using BPFabric, a high-speed, programmable data-plane switch architecture, and lightweight network functions to execute upstream anomaly detection. The proposed detection scheme ensures fast detection of DDoS attacks originated from IoT devices, while guaranteeing minimum resource usage and processing overhead. Our solution was compared against two widespread coarse-grained detection techniques, showing detection delays under 5ms, an overall accuracy of 93 − 95% and a bandwidth overhead of less than 1%.

show abstract

Section: Performance Evaluationmentioning

confidence: 99%

Section: Performance Evaluationmentioning

confidence: 99%

High-performance, platform-independent DDoS detection for IoT ecosystems

Santoyo-González

Cervelló-Pastor

Pezaros

2019

2019 IEEE 44th Conference on Local Computer Networks (LCN)

View full text Add to dashboard Cite

show abstract

“…Later the target node can examine these packets to traceback the complete path used by the attacker [9]. Singh et al [10] suggested a thresholds and entropy based DDoS attack detection scheme that detects the presence of DDoS attack on the edge routers of stub networks. The detection mechanism was implemented in the form of agents that monitors the incoming traffic with the help of detection algorithms.…”

Section: Related Workmentioning

confidence: 99%

Flow-based Attack Detection and Defense Scheme against DDoS Attacks in Cluster based Ad Hoc Networks

Deepa¹,

Dhindsa²,

Bhushan³

2019

IJANA

View full text Add to dashboard Cite

DDoS attacks in MANETs needs to be handled as early as possible so as to avoid them to reach the victim node. DDoS attacks are difficult to detect due to their features like varying attack intensity, large amount of packets etc. so it becomes necessary to distinguish and filter attack traffic in source or intermediate clusters. Here the cluster heads will uses flow based monitoring schemes to identify the suspicious behaviours of incoming traffic in each clusters. Cluster head constructs flows from the incoming traffic and computes normalized entropy for specific time windows. The normalized entropy is compared against threshold entropy to identify the presence of suspicious flows. Later packet rate of suspicious flow is calculated and compared against packet rate entropy to identify the suspicious flows. Later the suspicious flow information is shared with neighbouring cluster heads to further confirm the presence of DDoS attack or not. If DDoS attack is confirmed the packets related to suspicious flows will be discarded. The efficiency and accuracy of proposed attack detection algorithm is evaluated using some performance metrics.

show abstract

“…The cloud-based detection is executed within the emulated remote cloud collecting traffic data from node R1. Two additional detection methods were implemented for evaluation purposes: Cosine Similarity [109] and Shannon's Entropy [107,118]. Both detection strategies were adapted to use the metrics presented in Section 6.1.1, and were selected considering their previous use in coarse-grained DDoS detection [107,109].…”

Section: Evaluation and Resultsmentioning

confidence: 99%

“…presented in [118] was used to optimize the threshold selection process and enhance the overall accuracy. To emulate an attack, we developed a Python script using the Scapy library 2 to generate spoofed source address and destination ports, targeting an arbitrary server within the remote cloud in Fig.…”

Section: Costmentioning

confidence: 99%

Edge computing infrastructure for 5G networks: a placement optimization solution

Santoyo González

View full text Add to dashboard Cite

This thesis focuses on how to optimize the placement of the Edge Computing infrastructure for upcoming 5G networks. To this aim, the core contributions of this research are twofold: 1) a novel heuristic called Hybrid Simulated Annealing to tackle the NP-hard nature of the problem and, 2) a framework called EdgeON providing a practical tool for real-life deployment optimization. In more detail, Edge Computing has grown into a key solution to 5G latency, reliability and scalability requirements. By bringing computing, storage and networking resources to the edge of the network, delay-sensitive applications, location-aware systems and upcoming real-time services leverage the benefits of a reduced physical and logical path between the end-user and the data or service host. Nevertheless, the edge node placement problem raises critical concerns regarding deployment and operational expenditures (i.e., mainly due to the number of nodes to be deployed), current backhaul network capabilities and non-technical placement limitations. Common approaches to the placement of edge nodes are based on: Mobile Edge Computing (MEC), where the processing capabilities are deployed at the Radio Access Network nodes and Facility Location Problem variations, where a simplistic cost function is used to determine where to optimally place the infrastructure. However, these methods typically lack the flexibility to be used for edge node placement under the strict technical requirements identified for 5G networks. They fail to place resources at the network edge for 5G ultra-dense networking environments in a network-aware manner. This doctoral thesis focuses on rigorously defining the Edge Node Placement Problem (ENPP) for 5G use cases and proposes a novel framework called EdgeON aiming at reducing the overall expenses when deploying and operating an Edge Computing network, taking into account the usage and characteristics of the in-place backhaul network and the strict requirements of a 5G-EC ecosystem. The developed framework implements several placement and optimization strategies thoroughly assessing its suitability to solve the network-aware ENPP. The core of the framework is an in-house developed heuristic called Hybrid Simulated Annealing (HSA), seeking to address the high complexity of the ENPP while avoiding the non-convergent behavior of other traditional heuristics (i.e., when applied to similar problems). The findings of this work validate our approach to solve the network-aware ENPP, the effectiveness of the heuristic proposed and the overall applicability of EdgeON. Thorough performance evaluations were conducted on the core placement solutions implemented revealing the superiority of HSA when compared to widely used heuristics and common edge placement approaches (i.e., a MEC-based strategy). Furthermore, the practicality of EdgeON was tested through two main case studies placing services and virtual network functions over the previously optimally placed edge nodes. Overall, our proposal is an easy-to-use, effective and fully extensible tool that can be used by operators seeking to optimize the placement of computing, storage and networking infrastructure at the users’ vicinity. Therefore, our main contributions not only set strong foundations towards a cost-effective deployment and operation of an Edge Computing network, but directly impact the feasibility of upcoming 5G services/use cases and the extensive existing research regarding the placement of services and even network service chains at the edge.

show abstract

Threshold-based distributed DDoS attack detection in ISP networks

Cited by 7 publications

References 18 publications

High-performance, platform-independent DDoS detection for IoT ecosystems

High-performance, platform-independent DDoS detection for IoT ecosystems

Flow-based Attack Detection and Defense Scheme against DDoS Attacks in Cluster based Ad Hoc Networks

Edge computing infrastructure for 5G networks: a placement optimization solution

Contact Info

Product

Resources

About