Abstract
The Deterministic Network (DetNet) is becoming a major feature for 5G and 6G networks to cope with the issue that conventional IT infrastructure cannot efficiently handle latency-sensitive data. The DetNet applies flow virtualization to satisfy time-critical flow requirements, but inevitably, DetNet flows and conventional flows interact/interfere with each other when sharing the same physical resources. This subsequently raises the hybrid DDoS security issue that high malicious traffic not only attacks the DetNet centralized controller itself but also attacks the links that DetNet flows pass through. Previous research focused on either the DDoS type of the centralized controller side or the link side. As DDoS attack techniques are evolving, Hybrid DDoS attacks can attack multiple targets (controllers or links) simultaneously, which are difficultly detected by previous DDoS detection methodologies. This study, therefore, proposes a Flow Differentiation Detector (FDD), a novel approach to detect Hybrid DDoS attacks. The FDD first applies a fuzzy-based mechanism, Target Link Selection, to determine the most valuable links for the DDoS link/server attacker and then statistically evaluates the traffic pattern flowing through these links. Furthermore, the contribution of this study is to deploy the FDD in the SDN controller OpenDayLight to implement a Hybrid DDoS attack detection system. The experimental results show that the FDD has superior detection accuracy (above 90%) than traditional methods under the situation of different ratios of Hybrid DDoS attacks and different types and scales of topology.
Highlights
As the 5th Generation (5G) of mobile communication promoted telecommunication technologies across different domains and achieved initial success, the 3rd-GenerationPartnership Project (3GPP) began investigating advanced features to pave the way forThe Deterministic Network (DetNet) transforms time-critical flows into Deterministic Flows (DetNet Flows) and enables guaranteed bandwidth, latency, and corresponding features, which are germane to transport time-sensitive data
The Flow Differentiation Detector (FDD) observes two common characteristics of the ServerExhausted Attack (SEA) and Link Flooding Attack (LFA): (1) they must traverse through the target links, and
Proposed Method Flow Differentiation Detector behaviors generated from the SEA and LFA, the hybrid attack detector is suggested to adopt
Summary
As the 5th Generation (5G) of mobile communication promoted telecommunication technologies across different domains and achieved initial success, the 3rd-GenerationPartnership Project (3GPP) began investigating advanced features to pave the way forThe DetNet transforms time-critical flows into Deterministic Flows (DetNet Flows) and enables guaranteed bandwidth, latency, and corresponding features, which are germane to transport time-sensitive data. This section describes the various types of DDoS attacks, including SEAs, LFAs, and hybrid attacks, and the corresponding detection methods. SEAs exploit server vulnerability and generate a large number of requests to quickly exhaust the targeted server’s resources. SYN flooding attacks that transmit TCP connections and ACK packets are not returned, causing the server to store all these requests and, eventually, run out of resources. [8] calculates the number of SYN packets collected by a server and analyzes the response rate of an ACK packet, thereby representing the level of internal server resource damage. Entropy represents the degree of concentration of information under a SEA, and a large number of centralized nodes request the target server. Reference [11] uses Network Function Virtualization (NFV) to design a dynamic resource allocation mechanism to detect attacks
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
