TY - JOUR
T1 - A Study on Traffic Asymmetry for Detecting DDoS Attack in P4-based SDN
AU - Lin, Ting Yu
AU - Wang, Ching Yuan
AU - Tuan, Ya Pei
AU - Tsai, Meng Hsun
AU - Chen, Yean Ru
N1 - Funding Information:
∗ This work was supported in part by the MOST under Grant 109-2221-E-006-160-, 110-2221-E-006-016-and 110-2221-E-006-212-.
Publisher Copyright:
© 2022 Institute of Information Science. All rights reserved.
PY - 2022/11
Y1 - 2022/11
N2 - With the popularity of the Internet, modern people increasingly rely on the Internet to complete a large amount of work, making the security of the Internet more and more important. Among many threats to network security, Distributed Denial-of-Service (DDoS) attacks have always been a problem that researchers want to solve. With the introduction of software-defined networking (SDN), more and more detection methods have been proposed. In this paper, we design a sketch-based method of data collection in the P4-based data plane, which sends less data to controller than the Openflow-based data plane with limited data size. Furthermore, our method collects data of both attackers and victims by asymmetric characteristics of data flows, which contributes to the mitigation of DDoS attacks by inserting rate-limited rules on the data plane. In experiments, our data collection structure can reach the 0.9 or more F1 score, and the number of entries is appropriate, while attack intensities are between 0Mbps to 500Mbps. In the evaluation section, we also present the result of labeling data by the K-means algorithm on the control plane.
AB - With the popularity of the Internet, modern people increasingly rely on the Internet to complete a large amount of work, making the security of the Internet more and more important. Among many threats to network security, Distributed Denial-of-Service (DDoS) attacks have always been a problem that researchers want to solve. With the introduction of software-defined networking (SDN), more and more detection methods have been proposed. In this paper, we design a sketch-based method of data collection in the P4-based data plane, which sends less data to controller than the Openflow-based data plane with limited data size. Furthermore, our method collects data of both attackers and victims by asymmetric characteristics of data flows, which contributes to the mitigation of DDoS attacks by inserting rate-limited rules on the data plane. In experiments, our data collection structure can reach the 0.9 or more F1 score, and the number of entries is appropriate, while attack intensities are between 0Mbps to 500Mbps. In the evaluation section, we also present the result of labeling data by the K-means algorithm on the control plane.
UR - http://www.scopus.com/inward/record.url?scp=85144154573&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85144154573&partnerID=8YFLogxK
U2 - 10.6688/JISE.202211_38(6).0009
DO - 10.6688/JISE.202211_38(6).0009
M3 - Article
AN - SCOPUS:85144154573
SN - 1016-2364
VL - 38
SP - 1265
EP - 1283
JO - Journal of Information Science and Engineering
JF - Journal of Information Science and Engineering
IS - 6
ER -