Visible to the public Biblio

Filters: Keyword is distributed denial of service attacks  [Clear All Filters]
2022-04-13
Govindaraj, Logeswari, Sundan, Bose, Thangasamy, Anitha.  2021.  An Intrusion Detection and Prevention System for DDoS Attacks using a 2-Player Bayesian Game Theoretic Approach. 2021 4th International Conference on Computing and Communications Technologies (ICCCT). :319—324.

Distributed Denial-of-Service (DDoS) attacks pose a huge risk to the network and threaten its stability. A game theoretic approach for intrusion detection and prevention is proposed to avoid DDoS attacks in the internet. Game theory provides a control mechanism that automates the intrusion detection and prevention process within a network. In the proposed system, system-subject interaction is modeled as a 2-player Bayesian signaling zero sum game. The game's Nash Equilibrium gives a strategy for the attacker and the system such that neither can increase their payoff by changing their strategy unilaterally. Moreover, the Intent Objective and Strategy (IOS) of the attacker and the system are modeled and quantified using the concept of incentives. In the proposed system, the prevention subsystem consists of three important components namely a game engine, database and a search engine for computing the Nash equilibrium, to store and search the database for providing the optimum defense strategy. The framework proposed is validated via simulations using ns3 network simulator and has acquired over 80% detection rate, 90% prevention rate and 6% false positive alarms.

2022-02-22
Kumar, S. Ratan, Kumari, V. Valli, Raju, K. V. S. V. N..  2021.  Multi-Core Parallel Processing Technique to Prepare the Time Series Data for the Early Detection of DDoS Flooding Attacks. 2021 8th International Conference on Computing for Sustainable Global Development (INDIACom). :540—545.
Distributed Denial of Service (DDoS) attacks pose a considerable threat to Cloud Computing, Internet of Things (IoT) and other services offered on the Internet. The victim server receives terabytes of data per second during the DDoS attack. It may take hours to examine them to detect a potential threat, leading to denial of service to legitimate users. Processing vast volumes of traffic to mitigate the attack is a challenging task for network administrators. High-performance techniques are more suited for processing DDoS attack traffic compared to Sequential Processing Techniques. This paper proposes a Multi-Core Parallel Processing Technique to prepare the time series data for the early detection of DDoS flooding attacks. Different time series analysis methods are suggested to detect the attack early on. Producing time series data using parallel processing saves time and further speeds up the detection of the attack. The proposed method is applied to the benchmark data set CICDDoS2019 for generating four different time series to detect TCP-based flooding attacks, namely TCP-SYN, TCP-SYN-ACK, TCP-ACK, and TCP-RST. The implementation results show that the proposed method can give a speedup of 2.3 times for processing attack traffic compared to sequential processing.
2021-02-16
Başkaya, D., Samet, R..  2020.  DDoS Attacks Detection by Using Machine Learning Methods on Online Systems. 2020 5th International Conference on Computer Science and Engineering (UBMK). :52—57.
DDoS attacks impose serious threats to many large or small organizations; therefore DDoS attacks have to be detected as soon as possible. In this study, a methodology to detect DDoS attacks is proposed and implemented on online systems. In the scope of the proposed methodology, Multi Layer Perceptron (MLP), Random Forest (RF), K-Nearest Neighbor (KNN), C-Support Vector Machine (SVC) machine learning methods are used with scaling and feature reduction preprocessing methods and then effects of preprocesses on detection accuracy rates of HTTP (Hypertext Transfer Protocol) flood, TCP SYN (Transport Control Protocol Synchronize) flood, UDP (User Datagram Protocol) flood and ICMP (Internet Control Message Protocol) flood DDoS attacks are analyzed. Obtained results showed that DDoS attacks can be detected with high accuracy of 99.2%.
Zhai, P., Song, Y., Zhu, X., Cao, L., Zhang, J., Yang, C..  2020.  Distributed Denial of Service Defense in Software Defined Network Using OpenFlow. 2020 IEEE/CIC International Conference on Communications in China (ICCC). :1274—1279.
Software Defined Network (SDN) is a new type of network architecture solution, and its innovation lies in decoupling traditional network system into a control plane, a data plane, and an application plane. It logically implements centralized control and management of the network, and SDN is considered to represent the development trend of the network in the future. However, SDN still faces many security challenges. Currently, the number of insecure devices is huge. Distributed Denial of Service (DDoS) attacks are one of the major network security threats.This paper focuses on the detection and mitigation of DDoS attacks in SDN. Firstly, we explore a solution to detect DDoS using Renyi entropy, and we use exponentially weighted moving average algorithm to set a dynamic threshold to adapt to changes of the network. Second, to mitigate this threat, we analyze the historical behavior of each source IP address and score it to determine the malicious source IP address, and use OpenFlow protocol to block attack source.The experimental results show that the scheme studied in this paper can effectively detect and mitigate DDoS attacks.
2020-11-02
Siddiqui, Abdul Jabbar, Boukerche, Azzedine.  2018.  On the Impact of DDoS Attacks on Software-Defined Internet-of-Vehicles Control Plane. 2018 14th International Wireless Communications Mobile Computing Conference (IWCMC). :1284—1289.

To enhance the programmability and flexibility of network and service management, the Software-Defined Networking (SDN) paradigm is gaining growing attention by academia and industry. Motivated by its success in wired networks, researchers have recently started to embrace SDN towards developing next generation wireless networks such as Software-Defined Internet of Vehicles (SD-IoV). As the SD-IoV evolves, new security threats would emerge and demand attention. And since the core of the SD-IoV would be the control plane, it is highly vulnerable to Distributed Denial of Service (DDoS) Attacks. In this work, we investigate the impact of DDoS attacks on the controllers in a SD-IoV environment. Through experimental evaluations, we highlight the drastic effects DDoS attacks could have on a SD-IoV in terms of throughput and controller load. Our results could be a starting point to motivate further research in the area of SD-IoV security and would give deeper insights into the problems of DDoS attacks on SD-IoV.

2020-09-11
Mendes, Lucas D.P., Aloi, James, Pimenta, Tales C..  2019.  Analysis of IoT Botnet Architectures and Recent Defense Proposals. 2019 31st International Conference on Microelectronics (ICM). :186—189.
The rise in the number of devices joining the Internet of Things (IoT) has created a huge potential for distributed denial of service (DDoS) attacks, especially due to the lack of security in these computationally limited devices. Malicious actors have realized that and managed to turn large sets of IoT devices into botnets under their control. Given this scenario, this work studies botnet architectures identified so far and assesses how they are considered in the few recent defense proposals that consider botnet architectures.
2020-08-24
Islam, Chadni, Babar, Muhammad Ali, Nepal, Surya.  2019.  An Ontology-Driven Approach to Automating the Process of Integrating Security Software Systems. 2019 IEEE/ACM International Conference on Software and System Processes (ICSSP). :54–63.

A wide variety of security software systems need to be integrated into a Security Orchestration Platform (SecOrP) to streamline the processes of defending against and responding to cybersecurity attacks. Lack of interpretability and interoperability among security systems are considered the key challenges to fully leverage the potential of the collective capabilities of different security systems. The processes of integrating security systems are repetitive, time-consuming and error-prone; these processes are carried out manually by human experts or using ad-hoc methods. To help automate security systems integration processes, we propose an Ontology-driven approach for Security OrchestrAtion Platform (OnSOAP). The developed solution enables interpretability, and interoperability among security systems, which may exist in operational silos. We demonstrate OnSOAP's support for automated integration of security systems to execute the incident response process with three security systems (Splunk, Limacharlie, and Snort) for a Distributed Denial of Service (DDoS) attack. The evaluation results show that OnSOAP enables SecOrP to interpret the input and output of different security systems, produce error-free integration details, and make security systems interoperable with each other to automate and accelerate an incident response process.

2020-06-29
Blazek, Petr, Gerlich, Tomas, Martinasek, Zdenek.  2019.  Scalable DDoS Mitigation System. 2019 42nd International Conference on Telecommunications and Signal Processing (TSP). :617–620.
Distributed Denial of Service attacks (DDoS) are used by attackers for their effectiveness. This type of attack is one of the most devastating attacks in the Internet. Every year, the intensity of DDoS attacks increases and attackers use sophisticated multi-target DDoS attacks. In this paper, a modular system that allows to increase the filtering capacity linearly and allows to protect against the combination of DDoS attacks is designed and implemented. The main motivation for development of the modular filtering system was to find a cheap solution for filtering DDoS attacks with possibility to increase filtering capacity. The proposed system is based on open-source detection and filtration tools.
Xuanyuan, Ming, Ramsurrun, Visham, Seeam, Amar.  2019.  Detection and Mitigation of DDoS Attacks Using Conditional Entropy in Software-defined Networking. 2019 11th International Conference on Advanced Computing (ICoAC). :66–71.
Software-defined networking (SDN) is a relatively new technology that promotes network revolution. The most distinct characteristic of SDN is the transformation of control logic from the basic packet forwarding equipment to a centralized management unit called controller. However, the centralized control of the network resources is like a double-edged sword, for it not only brings beneficial features but also introduces single point of failure if the controller is under distributed denial of service (DDoS) attacks. In this paper, we introduce a light-weight approach based on conditional entropy to improve the SDN security with an aim of defending DDoS at the early stage. The experimental results show that the proposed method has a high average detection rate of 99.372%.
Daneshgadeh, Salva, Ahmed, Tarem, Kemmerich, Thomas, Baykal, Nazife.  2019.  Detection of DDoS Attacks and Flash Events Using Shannon Entropy, KOAD and Mahalanobis Distance. 2019 22nd Conference on Innovation in Clouds, Internet and Networks and Workshops (ICIN). :222–229.
The growing number of internet based services and applications along with increasing adoption rate of connected wired and wireless devices presents opportunities as well as technical challenges and threads. Distributed Denial of Service (DDoS) attacks have huge devastating effects on internet enabled services. It can be implemented diversely with a variety of tools and codes. Therefore, it is almost impossible to define a single solution to prevent DDoS attacks. The available solutions try to protect internet services from DDoS attacks, but there is no accepted best-practice yet to this security breach. On the other hand, distinguishing DDoS attacks from analogous Flash Events (FEs) wherein huge number of legitimate users try to access a specific internet based services and applications is a tough challenge. Both DDoS attacks and FEs result in unavailability of service, but they should be treated with different countermeasures. Therefore, it is worthwhile to investigate novel methods which can detect well disguising DDoS attacks from similar FE traffic. This paper will contribute to this topic by proposing a hybrid DDoS and FE detection scheme; taking 3 isolated approaches including Kernel Online Anomaly Detection (KOAD), Shannon Entropy and Mahalanobis Distance. In this study, Shannon entropy is utilized with an online machine learning technique to detect abnormal traffic including DDoS attacks and FE traffic. Subsequently, the Mahalanobis distance metric is employed to differentiate DDoS and FE traffic. the purposed method is validated using simulated DDoS attacks, real normal and FE traffic. The results revealed that the Mahalanobis distance metric works well in combination with machine learning approach to detect and discriminate DDoS and FE traffic in terms of false alarms and detection rate.
Das, Saikat, Mahfouz, Ahmed M., Venugopal, Deepak, Shiva, Sajjan.  2019.  DDoS Intrusion Detection Through Machine Learning Ensemble. 2019 IEEE 19th International Conference on Software Quality, Reliability and Security Companion (QRS-C). :471–477.
Distributed Denial of Service (DDoS) attacks have been the prominent attacks over the last decade. A Network Intrusion Detection System (NIDS) should seamlessly configure to fight against these attackers' new approaches and patterns of DDoS attack. In this paper, we propose a NIDS which can detect existing as well as new types of DDoS attacks. The key feature of our NIDS is that it combines different classifiers using ensemble models, with the idea that each classifier can target specific aspects/types of intrusions, and in doing so provides a more robust defense mechanism against new intrusions. Further, we perform a detailed analysis of DDoS attacks, and based on this domain-knowledge verify the reduced feature set [27, 28] to significantly improve accuracy. We experiment with and analyze NSL-KDD dataset with reduced feature set and our proposed NIDS can detect 99.1% of DDoS attacks successfully. We compare our results with other existing approaches. Our NIDS approach has the learning capability to keep up with new and emerging DDoS attack patterns.
Wehbi, Khadijeh, Hong, Liang, Al-salah, Tulha, Bhutta, Adeel A.  2019.  A Survey on Machine Learning Based Detection on DDoS Attacks for IoT Systems. 2019 SoutheastCon. :1–6.
Internet of Things (IoT) is transforming the way we live today, improving the quality of living standard and growing the world economy by having smart devices around us making decisions and performing our daily tasks and chores. However, securing the IoT system from malicious attacks is a very challenging task. Some of the most common malicious attacks are Denial of service (DoS), and Distributed Denial of service (DDoS) attacks, which have been causing major security threats to all networks and specifically to limited resource IoT devices. As security will always be a primary factor for enabling most IoT applications, developing a comprehensive detection method that effectively defends against DDoS attacks and can provide 100% detection for DDoS attacks in IoT is a primary goal for the future of IoT. The development of such a method requires a deep understanding of the methods that have been used thus far in the detection of DDoS attacks in the IoT environment. In our survey, we try to emphasize some of the most recent Machine Learning (ML) approaches developed for the detection of DDoS attacks in IoT networks along with their advantage and disadvantages. Comparison between the performances of selected approaches is also provided.
Sun, Wenwen, Li, Yi, Guan, Shaopeng.  2019.  An Improved Method of DDoS Attack Detection for Controller of SDN. 2019 IEEE 2nd International Conference on Computer and Communication Engineering Technology (CCET). :249–253.
For controllers of Software Defined Network (SDN), Distributed Denial of Service (DDoS) attacks are still the simplest and most effective way to attack. Aiming at this problem, a real-time DDoS detection attack method for SDN controller is proposed. The method first uses the entropy to detect whether the flow is abnormal. After the abnormal warning is issued, the flow entry of the OpenFlow switch is obtained, and the DDoS attack feature in the SDN environment is analyzed to extract important features related to the attack. The BiLSTM-RNN neural network algorithm is used to train the data set, and the BiLSTM model is generated to classify the real-time traffic to realize the DDoS attack detection. Experiments show that, compared with other methods, this method can efficiently implement DDoS attack traffic detection and reduce controller overhead in SDN environment.
2020-06-08
van den Berg, Eric, Robertson, Seth.  2019.  Game-Theoretic Planning to Counter DDoS in NEMESIS. MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM). :1–6.
NEMESIS provides powerful and cost-effective defenses against extreme Distributed Denial of Service (DDos) attacks through a number of network maneuvers. However, selection of which maneuvers to deploy when and with what parameters requires great care to achieve optimal outcomes in the face of overwhelming attack. Analytical wargaming allows game theoretic optimal Courses of Action (COA) to be created real-time during live operations, orders of magnitude faster than packet-level simulation and with equivalent outcomes to even expert human hand-crafted COAs.
2020-06-01
Luo, Xupeng, Yan, Qiao, Wang, Mingde, Huang, Wenyao.  2019.  Using MTD and SDN-based Honeypots to Defend DDoS Attacks in IoT. 2019 Computing, Communications and IoT Applications (ComComAp). :392–395.
With the rapid development of Internet of Things (IoT), distributed denial of service (DDoS) attacks become the important security threat of the IoT. Characteristics of IoT, such as large quantities and simple function, which have easily caused the IoT devices or servers to be attacked and be turned into botnets for launching DDoS attacks. In this paper, we use software-defined networking (SDN) to develop moving target defense (MTD) architecture that increases uncertainty because of ever changing attack surface. In addition, we deploy SDN-based honeypots to mimic IoT devices, luring attackers and malwares. Finally, experimental results show that combination of MTD and SDN-based honeypots can effectively hide network asset from scanner and defend against DDoS attacks in IoT.
2020-04-13
Lange, Thomas, Kettani, Houssain.  2019.  On Security Threats of Botnets to Cyber Systems. 2019 6th International Conference on Signal Processing and Integrated Networks (SPIN). :176–183.
As the dynamics of cyber warfare continue to change, it is very important to be aware of the issues currently confronting cyberspace. One threat which continues to grow in the danger it poses to cyber security are botnets. Botnets can launch massive Distributed Denial of Service (DDoS) attacks against internet connected hosts anonymously, undertake intricate spam campaigns, launch mass financial fraud campaigns, and even manipulate public opinion via social media bots. The network topology and technology undergirding each botnet varies greatly, as do the motivations commonly behind such networks. Furthermore, as botnets have continued to evolve, many newer ones demonstrate increased levels of anonymity and sophistication, making it more difficult to effectively counter them. Increases in the production of vulnerable Internet of Things (IoT) devices has made it easier for malicious actors to quickly assemble sizable botnets. Because of this, the steps necessary to stop botnets also vary, and in some cases, it may be extremely difficult to effectively defeat a fully functional and sophisticated botnet. While in some cases, the infrastructure supporting the botnet can be targeted and remotely disabled, other cases require the physical assistance of law enforcement to shut down the botnet. In the latter case, it is often a significant challenge to cheaply end a botnet. On the other hand, there are many steps and mitigations that can be taken by end-users to prevent their own devices from becoming part of a botnet. Many of these solutions involve implementing basic cybersecurity practices like installing firewalls and changing default passwords. More sophisticated botnets may require similarly sophisticated intrusion detection systems, to detect and remove malicious infections. Much research has gone into such systems and in recent years many researchers have begun to implement machine learning techniques to defeat botnets. This paper is intended present a review on botnet evolution, trends and mitigations, and offer related examples and research to provide the reader with quick access to a broad understanding of the issues at hand.
2020-03-23
Alaoui, Sadek Belamfedel, El Houssaine, Tissir, Noreddine, Chaibi.  2019.  Modelling, analysis and design of active queue management to mitigate the effect of denial of service attack in wired/wireless network. 2019 International Conference on Wireless Networks and Mobile Communications (WINCOM). :1–7.
Mitigating the effect of Distributed Denial of Service (DDoS) attacks in wired/wireless networks is a problem of extreme importance. The present paper investigates this problem and proposes a secure AQM to encounter the effects of DDoS attacks on queue's router. The employed method relies on modelling the TCP/AQM system subjected to different DoS attack rate where the resulting closed-loop system is expressed as new Markovian Jump Linear System (MJLS). Sufficient delay-dependent conditions which guarantee the syntheses of a stabilizing control for the closed-loop system with a guaranteed cost J* are derived. Finally, a numerical example is displayed.
Triantopoulou, Stamatia, Papanikas, Dimitrios, Kotzanikolaou, Panayiotis.  2019.  An Experimental Analysis of Current DDoS attacks Based on a Provider Edge Router Honeynet. 2019 10th International Conference on Information, Intelligence, Systems and Applications (IISA). :1–5.

This paper presents an experimental analysis of current Distributed Denial of Service attacks. Our analysis is based on real data collected by a honeynet system that was installed on an ISP edge router, for a four-month period. In the examined scenario, we identify and analyze malicious activities based on packets captured and analyzed by a network protocol sniffer and signature-based attack analysis tools. Our analysis shows that IoT-based DDoS attacks are one of the latest and most proliferating attack trends in network security. Based on the analysis of the attacks, we describe some mitigation techniques that can be applied at the providers' network to mitigate the trending attack vectors.

2019-12-18
Shafi, Qaisar, Basit, Abdul.  2019.  DDoS Botnet Prevention Using Blockchain in Software Defined Internet of Things. 2019 16th International Bhurban Conference on Applied Sciences and Technology (IBCAST). :624-628.

Distributed Denial of Service (DDoS) attacks have two defense perspectives firstly, to defend your network, resources and other information assets from this disastrous attack. Secondly, to prevent your network to be the part of botnet (botforce) bondage to launch attacks on other networks and resources mainly be controlled from a control center. This work focuses on the development of a botnet prevention system for Internet of Things (IoT) that uses the benefits of both Software Defined Networking (SDN) and Distributed Blockchain (DBC). We simulate and analyze that using blockchain and SDN, how can detect and mitigate botnets and prevent our devices to play into the hands of attackers.

Kim, Kyoungmin, You, Youngin, Park, Mookyu, Lee, Kyungho.  2018.  DDoS Mitigation: Decentralized CDN Using Private Blockchain. 2018 Tenth International Conference on Ubiquitous and Future Networks (ICUFN). :693–696.
Distributed Denial of Service (DDoS) attacks are intense and are targeted to major infrastructure, governments and military organizations in each country. There are a lot of mitigations about DDoS, and the concept of Content Delivery Network (CDN) has been able to avoid attacks on websites. However, since the existing CDN system is fundamentally centralized, it may be difficult to prevent DDoS. This paper describes the distributed CDN Schema using Private Blockchain which solves the problem of participation of existing transparent and unreliable nodes. This will explain DDoS mitigation that can be used by military and government agencies.
Lawal, Babatunde Hafis, Nuray, A. T..  2018.  Real-time detection and mitigation of distributed denial of service (DDoS) attacks in software defined networking (SDN). 2018 26th Signal Processing and Communications Applications Conference (SIU). :1–4.
The emergence of Software Defined Network (SDN) and its promises in networking technology has gotten every stakeholder excited. However, it is believed that every technological development comes with its own challenges of which the most prominent in this case is security. This paper presents a real time detection of the distributed denial of service (DDoS) attacks on the SDN and a control method based on the sFlow mitigation technology. sFlow analyses samples of packets collected from the network traffic and generates handling rules to be sent to the controller in case of an attack detection. The implementation was done by emulating the network in Mininet which runs on a Virtual Machine (VM) and it was shown that the proposed method effectively detects and mitigates DDoS attacks.
Guleria, Charu, Verma, Harsh Kumar.  2018.  Improved Detection and Mitigation of DDoS Attack in Vehicular ad hoc Network. 2018 4th International Conference on Computing Communication and Automation (ICCCA). :1–4.
Vehicular ad hoc networks (VANETs) are eminent type of Mobile ad hoc Networks. The network created in VANETs is quite prone to security problem. In this work, a new mechanism is proposed to study the security of VANETs against DDoS attack. The proposed mechanism focuses on distributed denial of service attacks. The main idea of the paper is to detect the DDoS attack and mitigate it. The work consists of two stages, initially attack topology and network congestion is created. The second stage is to detect and mitigate the DDoS attack. The existing method is compared with the proposed method for mitigating DDoS attacks in VANETs. The existing solutions presented by the various researchers are also compared and analyzed. The solution for such kind of problem is provided which is used to detect and mitigate DDoS attack by using greedy approach. The network environment is created using NS-2. The results of simulation represent that the proposed approach is better in the terms of network packet loss, routing overhead and network throughput.
2019-11-26
Tapsell, James, Naeem Akram, Raja, Markantonakis, Konstantinos.  2018.  An Evaluation of the Security of the Bitcoin Peer-To-Peer Network. 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData). :1057-1062.

Underpinning the operation of Bitcoin is a peer-to-peer (P2P) network [1] that facilitates the execution of transactions by end users, as well as the transaction confirmation process known as bitcoin mining. The security of this P2P network is vital for the currency to function and subversion of the underlying network can lead to attacks on bitcoin users including theft of bitcoins, manipulation of the mining process and denial of service (DoS). As part of this paper the network protocol and bitcoin core software are analysed, with three bitcoin message exchanges (the connection handshake, GETHEADERS/HEADERS and MEMPOOL/INV) found to be potentially vulnerable to spoofing and use in distributed denial of service (DDoS) attacks. Possible solutions to the identified weaknesses and vulnerabilities are evaluated, such as the introduction of random nonces into network messages exchanges.

2019-05-01
Pillutla, H., Arjunan, A..  2018.  A Brief Review of Fuzzy Logic and Its Usage Towards Counter-Security Issues. 2018 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET). :1-6.

Nowadays, most of the world's population has become much dependent on computers for banking, healthcare, shopping, and telecommunication. Security has now become a basic norm for computers and its resources since it has become inherently insecure. Security issues like Denial of Service attacks, TCP SYN Flooding attacks, Packet Dropping attacks and Distributed Denial of Service attacks are some of the methods by which unauthorized users make the resource unavailable to authorized users. There are several security mechanisms like Intrusion Detection System, Anomaly detection and Trust model by which we can be able to identify and counter the abuse of computer resources by unauthorized users. This paper presents a survey of several security mechanisms which have been implemented using Fuzzy logic. Fuzzy logic is one of the rapidly developing technologies, which is used in a sophisticated control system. Fuzzy logic deals with the degree of truth rather than the Boolean logic, which carries the values of either true or false. So instead of providing only two values, we will be able to define intermediate values.

2019-02-13
Rashidi, B., Fung, C., Rahman, M..  2018.  A scalable and flexible DDoS mitigation system using network function virtualization. NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium. :1–6.
Distributed Denial of Service (DDoS) attacks remain one of the top threats to enterprise networks and ISPs nowadays. It can cause tremendous damage by bringing down online websites or services. Existing DDoS defense solutions either brings high cost such as upgrading existing firewall or IPS, or bring excessive traffic delay by using third-party cloud-based DDoS filtering services. In this work, we propose a DDoS defense framework that utilizes Network Function Virtualization (NFV) architecture to provide low cost and highly flexible solutions for enterprises. In particular, the system uses virtual network agents to perform attack traffic filtering before they are forwarded to the target server. Agents are created on demand to verify the authenticity of the source of packets, and drop spoofed packets in order protect the target server. Furthermore, we design a scalable and flexible dispatcher to forward packets to corresponding agents for processing. A bucket-based forwarding mechanism is used to improve the scalability of the dispatcher through batching forwarding. The dispatcher can also adapt to agent addition and removal. Our simulation results demonstrate that the dispatcher can effectively serve a large volume of traffic with low dropping rate. The system can successfully mitigate SYN flood attack by introducing minimal performance degradation to legitimate traffic.