EXCLF: A LDoS attack detection & mitigation model based on programmable data plane☆ ☆

被引:0
作者
Tang, Dan [1 ]
Cao, Hongbo [1 ]
Zhang, Jiliang [3 ]
Qin, Zheng [1 ]
Liang, Wei [4 ]
Ma, Xiaopu [2 ]
机构
[1] Hunan Univ HNU, Coll Comp Sci & Elect Engn CSEE, Changsha 410082, Peoples R China
[2] Nanyang Normal Univ, Sch Artificial Intelligence & Software Engn, Nanyang 473061, Henan, Peoples R China
[3] Hunan Univ HNU, Coll Semicond, Coll Integrated Circuits, Changsha 410082, Peoples R China
[4] Hunan Univ Sci & Technol HNUST, Sch Comp Sci & Engn, Xiangtan 411201, Peoples R China
关键词
LDoS attack; Attack detection; Programmable data plane; P4; Machine learning; Classification tree;
D O I
10.1016/j.comnet.2024.110666
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
The SDN architecture decouples control plane from data plane, making it more susceptible to various abnormal traffic and network attacks, with LDoS attack being one of them. LDoS attackers periodically send short- duration pulses with high rate to bottleneck links to preempt legitimate TCP traffic bandwidth, severely disrupting the transmission of TCP traffic. Current researches on LDoS attacks are mostly implemented in SDN environments, making them exhibit poor portability during deployment and unavoidable time delays. This paper proposes EXCLF, a LDoS attack detection and mitigation model fully deployed on programmable data plane. To identify LDoS attacks, the model gathers features of the traffic going through the switch and feeds them into a decision tree. Once LDoS attack happens, the model collects data at flow level to pinpoint the attacker and initiates corresponding mitigation measures. Extensive experiments were conducted to evaluate the proposed model, and the results indicate that EXCLF achieves a correct rate of 96.39%, with false positive and false negative rates both below 3%. Additionally, the model demonstrates low detection latency and can quickly respond to attacks. The model proves to be an attack detection and mitigation method with good portability and efficiency.
引用
收藏
页数:12
相关论文
共 44 条
[1]   Aggregate-Based Congestion Control for Pulse-Wave DDoS Defense [J].
Alcoz, Albert Gran ;
Strohmeier, Martin ;
Lenders, Vincent ;
Vanbever, Laurent .
SIGCOMM '22: PROCEEDINGS OF THE 2022 ACM SIGCOMM 2022 CONFERENCE, 2022, :693-706
[2]  
[Anonymous], 2019, P4-16 language specification
[3]  
[Anonymous], WIDE dataset
[4]   Programming Protocol-Independent Packet Processors [J].
Bosshart, Pat ;
Daly, Dan ;
Gibb, Glen ;
Izzard, Martin ;
McKeown, Nick ;
Rexford, Jennifer ;
Schlesinger, Cole ;
Talayco, Dan ;
Vahdat, Amin ;
Varghese, George ;
Walker, David .
ACM SIGCOMM COMPUTER COMMUNICATION REVIEW, 2014, 44 (03) :87-95
[5]  
da Silva MVB, 2018, IEEE GLOB COMM CONF
[6]  
Budiu Mihai, 2017, ACM SIGOPS Operating Systems Review, V51, P5, DOI 10.1145/3139645.3139648
[7]   BACKORDERS: Using Random Forests to Detect DDoS Attacks in Programmable Data Planes [J].
Coelho, Bruno ;
Schaeffer-Filho, Alberto .
PROCEEDINGS OF THE 5TH INTERNATIONAL WORKSHOP ON P4 IN EUROPE, EUROP4 2022, 2022, :1-7
[8]   Security in SDN: A comprehensive survey [J].
Correa Chica, Juan Camilo ;
Cuatindioy Imbachi, Jenny ;
Botero Vega, Juan Felipe .
JOURNAL OF NETWORK AND COMPUTER APPLICATIONS, 2020, 159
[9]   Low-Rate Denial-of-Service Attack Detection: Defense Strategy Based on Spectral Estimation for CV-QKD [J].
Dai, Enze ;
Huang, Duan ;
Zhang, Ling .
PHOTONICS, 2022, 9 (06)
[10]   Open Source Compiling for V1Model RMT Switch: Making Data Center Networking Innovation Accessible [J].
Das Robin, Debobroto ;
Khan, Javed I. .
2022 IEEE/ACM 15TH INTERNATIONAL CONFERENCE ON UTILITY AND CLOUD COMPUTING, UCC, 2022, :133-138