Real-Time Detection and Mitigation of LDoS Attacks in the SDN Using the HGB-FP Algorithm

Abstract

The software-defined network (SDN) has created the conditions for the optimization and development of network structures. However, its architecture is still not sufficient to resist or identify all denial of service (DoS) attacks, such as low-rate DoS (LDoS) attacks. Due to their low transporting rate and flash-crowd-like nature, LDoS attacks are well hidden in the background traffic and difficult to identify by anti-DoS mechanisms in the SDN. By implementing LDoS attacks in the SDN, we confirm that they can severely degrade the quality of service. We further propose a framework based on the histogram-based gradient boosting and finding peaks (HGB-FP) algorithm to detect LDoS attacks and mitigate their influence in the SDN in real-time. The histogram-based gradient boosting (HGB) algorithm, an ensemble learning with high quality and low complexity, can identify LDoS attacks quickly and accurately. The finding peaks (FP) algorithm locates the attacker via peak properties of the flow and installs flow rules on the switches to drop the attack flows. Experiments prove that our framework has higher accuracy and F-measure in identifying LDoS attacks than other machine learning approaches and mitigates the impact of LDoS attacks on bottleneck links in the SDN within seconds on average.