A Study on Traffic Asymmetry for Detecting DDoS Attack in P4-based SDN

Ting Yu Lin, Ching Yuan Wang, Ya Pei Tuan, Meng Hsun Tsai, Yean Ru Chen

研究成果: Article同行評審

2 引文 斯高帕斯(Scopus)

摘要

With the popularity of the Internet, modern people increasingly rely on the Internet to complete a large amount of work, making the security of the Internet more and more important. Among many threats to network security, Distributed Denial-of-Service (DDoS) attacks have always been a problem that researchers want to solve. With the introduction of software-defined networking (SDN), more and more detection methods have been proposed. In this paper, we design a sketch-based method of data collection in the P4-based data plane, which sends less data to controller than the Openflow-based data plane with limited data size. Furthermore, our method collects data of both attackers and victims by asymmetric characteristics of data flows, which contributes to the mitigation of DDoS attacks by inserting rate-limited rules on the data plane. In experiments, our data collection structure can reach the 0.9 or more F1 score, and the number of entries is appropriate, while attack intensities are between 0Mbps to 500Mbps. In the evaluation section, we also present the result of labeling data by the K-means algorithm on the control plane.

原文English
頁(從 - 到)1265-1283
頁數19
期刊Journal of Information Science and Engineering
38
發行號6
DOIs
出版狀態Published - 2022 11月

All Science Journal Classification (ASJC) codes

  • 軟體
  • 人機介面
  • 硬體和架構
  • 圖書館與資訊科學
  • 計算機理論與數學

指紋

深入研究「A Study on Traffic Asymmetry for Detecting DDoS Attack in P4-based SDN」主題。共同形成了獨特的指紋。

引用此