A DDoS Attack Mitigation Scheme in ISP Networks Using Machine Learning Based on SDN

Keeping Internet users protected from cyberattacks and other threats is one of the most prominent security challenges for network operators nowadays. Among other critical threats, distributed denial-of-service (DDoS) becomes one of the most widespread attacks in the Internet, which is very challenging to mitigate appropriately as DDoS attacks cause the system to stop working by resource exhaustion. Software-defined networking (SDN) has recently emerged as a new networking technology offering unprecedented programmability that allows network operators to configure and manage their infrastructures dynamically. The flexible processing and centralized management of the SDN controller allow flexibly deploying complex security algorithms and mitigation methods. In this paper, we propose a novel DDoS attack mitigation in SDN-based Internet Service Provider (ISP) networks for TCP-SYN and ICMP flood attacks utilizing machine learning approach, i.e., K-Nearest-Neighbor (KNN) and XGBoost. By deploying a testbed, we implement the proposed algorithms, evaluate their accuracy, and address the trade-off between the accuracy and mitigation efficiency. Through extensive experiments, the results show that the algorithms can efficiently mitigate the attack by over 98.0% while benign traffic is not affected.

[1]  Fouzi Harrou,et al.  Detection of smurf flooding attacks using Kullback-Leibler-based scheme , 2018, 2018 4th International Conference on Computer and Technology Applications (ICCTA).

[2]  Tanmay De,et al.  Mathematical modelling of DDoS attack and detection using correlation , 2017 .

[3]  J. Friedman Greedy function approximation: A gradient boosting machine. , 2001 .

[4]  Mauro Conti,et al.  Lightweight solutions to counter DDoS attacks in software defined networking , 2019, Wirel. Networks.

[5]  Carlos Serrão,et al.  SDN-Based Intrusion Detection System for Early Detection and Mitigation of DDoS Attacks , 2019, Inf..

[6]  Yang Xiao,et al.  A survey of distributed denial-of-service attack, prevention, and mitigation techniques , 2017, Int. J. Distributed Sens. Networks.

[7]  Vitaly Klyuev,et al.  An Intelligent DDoS Attack Detection System Using Packet Analysis and Support Vector Machine , 2014 .

[8]  Mauro Conti,et al.  SAFETY: Early Detection and Mitigation of TCP SYN Flood Utilizing Entropy in SDN , 2018, IEEE Transactions on Network and Service Management.

[9]  Mitko Bogdanoski,et al.  Analysis of the SYN Flood DoS Attack , 2013 .

[10]  Saman Taghavi Zargar,et al.  A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks , 2013, IEEE Communications Surveys & Tutorials.

[11]  Peter E. Hart,et al.  Nearest neighbor pattern classification , 1967, IEEE Trans. Inf. Theory.

[12]  DaveMayank,et al.  Software-defined Networking-based DDoS Defense Mechanisms , 2019 .

[13]  Dhruba Kumar Bhattacharyya,et al.  Real-time DDoS attack detection using FPGA , 2017, Comput. Commun..

[14]  Sufian Hameed,et al.  SDN Based Collaborative Scheme for Mitigation of DDoS Attacks , 2018, Future Internet.

[15]  Mohamad Yusof Darus,et al.  Detection and Defense Algorithms of Different Types of DDoS Attacks , 2018 .

[16]  Michel Dagenais,et al.  An SVM-based framework for detecting DoS attacks in virtualized clouds under changing environment , 2018, Journal of Cloud Computing.

[17]  Dijiang Huang,et al.  A Defense System for Defeating DDoS Attacks in SDN based Networks , 2017, MobiWac.

[18]  Tianqi Chen,et al.  XGBoost: A Scalable Tree Boosting System , 2016, KDD.