Abstract
While there have been extensive studies of denial of service (DoS) attacks and DDoS attack mitigation, such attacks remain challenging to mitigate. For example, Low-Rate DDoS (LR-DDoS) attacks are known to be difficult to detect, particularly in a software-defined network (SDN). Hence, in this paper we present a flexible modular architecture that allows the identification and mitigation of LR-DDoS attacks in SDN settings. Specifically, we train the intrusion detection system (IDS) in our architecture using six machine learning (ML) models (i.e., J48, Random Tree, REP Tree, Random Forest, Multi-Layer Perceptron (MLP), and Support Vector Machines (SVM)) and evaluate their performance using the Canadian Institute of Cybersecurity (CIC) DoS dataset. The findings from the evaluation demonstrate that our approach achieves a detection rate of 95%, despite the difficulty in detecting LR-DoS attacks. We also remark that in our deployment, we use the open network operating system (ONOS) controller running on Mininet virtual machine in order for our simulated environment to be as close to real-world production networks as possible. In our testing topology, the intrusion prevention detection system mitigates all attacks previously detected by the IDS system. This demonstrates the utility of our architecture in identifying and mitigating LR-DDoS attacks.
Highlights
Low-rate denial of service (LR-distributed DoS (DDoS)) attacks is one of the more challenging denial of service (DoS) attack types to detect, and these attacks are designed to exhaust computing resources on servers
We present a flexible security software-defined network (SDN)-based architecture aimed at Low-Rate DDoS (LR-DDoS) attack detection and mitigation through the use of multiple machine learning and deep learning techniques
We evaluate the performance of six machine and deep learning techniques for LR-DDoS attacks (i.e., J48, Random Trees, REP Tree, Random Forest, Multi-Layer Perceptron (MLP), and Support Vector Machines (SVM)) in LR-DDoS attack detection and mitigation
Summary
Low-rate denial of service (LR-DDoS) attacks is one of the more challenging denial of service (DoS) attack types to detect, and these attacks are designed to exhaust computing resources on servers. Unlike high-rate distributed DoS (DDoS) attacks, an LR-DDoS attack does not flood the network with high traffic loads. Instead, it carefully triggers specific protocol mechanisms such as TCP’s timeout retransmission [1], [2], congestion control [3] mechanisms, and. DDoS attack detection approaches can be broadly categorized into signature-based and anomaly-based approaches [5], [6]. The former uses the identified patterns or strings from protocol header fields as signatures to match incoming traffic and determine if the flow is malicious (or not).
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.