Abstract
Keeping Internet users protected from cyberattacks and other threats is one of the most prominent security challenges for network operators nowadays. Among other critical threats, distributed denial-of-service (DDoS) becomes one of the most widespread attacks in the Internet, which is very challenging to mitigate appropriately as DDoS attacks cause the system to stop working by resource exhaustion. Software-defined networking (SDN) has recently emerged as a new networking technology offering unprecedented programmability that allows network operators to configure and manage their infrastructures dynamically. The flexible processing and centralized management of the SDN controller allow flexibly deploying complex security algorithms and mitigation methods. In this paper, we propose a novel DDoS attack mitigation in SDN-based Internet Service Provider (ISP) networks for TCP-SYN and ICMP flood attacks utilizing machine learning approach, i.e., K-Nearest-Neighbor (KNN) and XGBoost. By deploying a testbed, we implement the proposed algorithms, evaluate their accuracy, and address the trade-off between the accuracy and mitigation efficiency. Through extensive experiments, the results show that the algorithms can efficiently mitigate the attack by over 98.0% while benign traffic is not affected.
Highlights
Internet cybercrime has been becoming a severe issue that governments and organizations should cope with nowadays
Characterizing attack traffic and innocent traffic in Internet Service Provider (ISP) networks: by investigating real traffic traces, we find out important features that can be used to differentiate normal traffic and TCP-SYN, ICMP Flood attacks traffic in ISP network scenarios; Proposing novel machine learning mitigation algorithms: based on these features, a machine-learning algorithm integrated in the Software-defined networking (SDN) controller has been developed to detect and drop attack traffic while innocent traffic is almost not affected; An adaptive method to optimize the parameters of mitigation algorithms for accuracy improvement: A
There are a number of solutions for distributed denial-of-service (DDoS) detection that can be classified into two types: statistic-based and machine learning-based
Summary
Internet cybercrime has been becoming a severe issue that governments and organizations should cope with nowadays. The ICMP flood attack belongs to volume-based DDoS attacks, in which the attacker attempts to overwhelm the network bandwidth of a targeted device with ICMP echo-request packets, causing the target to become inaccessible to normal traffic. The contributions of this work are as the follows: Characterizing attack traffic and innocent traffic in Internet Service Provider (ISP) networks: by investigating real traffic traces, we find out important features that can be used to differentiate normal traffic and TCP-SYN, ICMP Flood attacks traffic in ISP network scenarios; Proposing novel machine learning mitigation algorithms: based on these features, a machine-learning algorithm integrated in the SDN controller has been developed to detect and drop attack traffic while innocent traffic is almost not affected; An adaptive method to optimize the parameters of mitigation algorithms for accuracy improvement: A testbed is deployed to evaluate the approach in real devices and real time.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
