TY - GEN
T1 - On an Integrated Security Framework for Defense Against Various DDoS Attacks in SDN
AU - Wu, Hao
AU - Hou, Aiqin
AU - Nie, Weike
AU - Wu, Chase
N1 - Publisher Copyright:
© 2023 IEEE.
PY - 2023
Y1 - 2023
N2 - As a new network paradigm, software-defined networking (SDN) technology has been increasingly adopted. Unfortunately, SDN-enabled networks are more prone to threats from DDoS attacks than traditional networks due to the nature of centralized management. We propose an integrated defense framework to detect and mitigate various types of DDoS attacks in SDN-enabled networks. The proposed framework deploys two technical modules in the control plane of SDN for defending against high-rate and low-rate DDoS attacks, respectively. The former module consists of three components, which watch out for suspicious traffic, detect attacks using ensemble learning, and intercept malicious packets, respectively. The latter module is designed specifically to defend against the Slow Ternary Content Addressable Memory (TCAM) exhaustion attack (Slow-TCAM) using a new Alleviative Threat for TCAM (ATFT) algorithm. The proposed framework is implemented and tested in simulated networks using Mininet and further evaluated on the CICDDoS2019 dataset. Experimental results illustrate the superior performance of the proposed framework in defending against different types of DDoS attacks in comparison with other state-of-the-art algorithms.
AB - As a new network paradigm, software-defined networking (SDN) technology has been increasingly adopted. Unfortunately, SDN-enabled networks are more prone to threats from DDoS attacks than traditional networks due to the nature of centralized management. We propose an integrated defense framework to detect and mitigate various types of DDoS attacks in SDN-enabled networks. The proposed framework deploys two technical modules in the control plane of SDN for defending against high-rate and low-rate DDoS attacks, respectively. The former module consists of three components, which watch out for suspicious traffic, detect attacks using ensemble learning, and intercept malicious packets, respectively. The latter module is designed specifically to defend against the Slow Ternary Content Addressable Memory (TCAM) exhaustion attack (Slow-TCAM) using a new Alleviative Threat for TCAM (ATFT) algorithm. The proposed framework is implemented and tested in simulated networks using Mininet and further evaluated on the CICDDoS2019 dataset. Experimental results illustrate the superior performance of the proposed framework in defending against different types of DDoS attacks in comparison with other state-of-the-art algorithms.
KW - Slow-TCAM attack
KW - Software-Defined Networking
KW - attack defense
KW - high-rate DDoS attack
KW - low-rate DDoS attack
UR - http://www.scopus.com/inward/record.url?scp=85151997187&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85151997187&partnerID=8YFLogxK
U2 - 10.1109/ICNC57223.2023.10074226
DO - 10.1109/ICNC57223.2023.10074226
M3 - Conference contribution
AN - SCOPUS:85151997187
T3 - 2023 International Conference on Computing, Networking and Communications, ICNC 2023
SP - 311
EP - 317
BT - 2023 International Conference on Computing, Networking and Communications, ICNC 2023
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2023 International Conference on Computing, Networking and Communications, ICNC 2023
Y2 - 20 February 2023 through 22 February 2023
ER -