DOCUS-DDoS detection in SDN using modified CUSUM with flash traffic discrimination and mitigation

被引:8
作者
Shalini, P. V. [1 ,2 ]
Radha, V. [2 ]
Sanjeevi, Sriram G. [1 ]
机构
[1] Natl Inst Technol Warangal, Dept Comp Sci & Engn, Warangal, Telangana, India
[2] Inst Dev & Res Banking Technol, Hyderabad, Telangana, India
关键词
DoS; DDoS; TCP; SDN; Flash traffic; CUSUM; OF-SERVICE ATTACKS;
D O I
10.1016/j.comnet.2022.109361
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
Software Defined Networking (SDN) is a network paradigm with a significant philosophy of separating the data plane from the control plane. This separation helps in achieving centralized control over the entire network and faster data transmission. However, SDN suffers from network security challenges; Distributed Denial of Service (DDoS) is one such significant challenge. Most of the existing SDN DDoS attack detection models have an issue with identifying the genuine benign flash traffic as a DDoS attack. In this paper, we develop DOCUS (DDoS detection in SDN by modified CUSUM) to overcome this major issue, i.e., to identify and separate flash traffic while detecting DDoS attacks, thus reducing false detection of benign traffic as an attack. The emulated experiment results show that the DOCUS model effectively detects DDoS attacks targeted toward a web server in a given network. We compare the DOCUS detection scheme with existing research schemes and show that the average DDoS attack detection time for DOCUS is 83.3% less than recent schemes proposed in the literature. We also compare our flash detection model with the existing literature scheme. We show that DOCUS efficiently identifies flash traffic as benign and attack traffic as DDoS attacks under various scenarios. DOCUS also mitigates the attack by identifying and blocking the attack traffic from all the attackers.
引用
收藏
页数:16
相关论文
共 38 条
[1]   Characterizing DDoS attacks and flash events: Review, research gaps and future directions [J].
Behal, Sunny ;
Kumar, Krishan ;
Sachdeva, Monika .
COMPUTER SCIENCE REVIEW, 2017, 25 :101-114
[2]   Detection of DDoS attacks and flash events using novel information theory metrics [J].
Behal, Sunny ;
Kumar, Krishan .
COMPUTER NETWORKS, 2017, 116 :96-110
[3]   Characterizing flash events and distributed denial-of-service attacks: an empirical investigation [J].
Bhandari, Abhinav ;
Sangal, Amrit Lal ;
Kumar, Krishan .
SECURITY AND COMMUNICATION NETWORKS, 2016, 9 (13) :2222-2239
[4]   A framework for generating realistic traffic for Distributed Denial-of-Service attacks and Flash Events [J].
Bhatia, Sajal ;
Schmidt, Desmond ;
Mohay, George ;
Tickle, Alan .
COMPUTERS & SECURITY, 2014, 40 :95-107
[5]  
Brodsky E., 2013, NONPARAMETRIC METHOD, V243, P95
[6]  
Comer D.E, 1998, PRINCIPLES PROTOCOLS, V1, P237
[7]   Lightweight solutions to counter DDoS attacks in software defined networking [J].
Conti, Mauro ;
Lal, Chhagan ;
Mohammadi, Reza ;
Rawat, Umashankar .
WIRELESS NETWORKS, 2019, 25 (05) :2751-2768
[8]  
Curl, 2019, MANUAL
[9]  
curl-loader, 2007, WELC CURL LOAD
[10]   The DDoS attacks detection through machine learning and statistical methods in SDN [J].
Dehkordi, Afsaneh Banitalebi ;
Soltanaghaei, MohammadReza ;
Boroujeni, Farsad Zamani .
JOURNAL OF SUPERCOMPUTING, 2021, 77 (03) :2383-2415