research-article

Cross-layer detection and defence mechanism against DDoS and DRDoS attacks in software-defined networks using P4 switches

Authors:

David Chunhu Li,

Li-Der ChouAuthors Info & Claims

Volume 118, Issue PA

https://doi.org/10.1016/j.compeleceng.2024.109307

Published: 01 August 2024 Publication History

Abstract

This paper presents a comprehensive system for detecting and defending against distributed denial-of-service (DDoS) and distributed reflective denial-of-service (DRDoS) flood attacks in software-defined networking (SDN) environments using Programming Protocol-Independent Packet Processors (P4). The proposed system introduces a hybrid intrusion statistical threshold algorithm (HISTA) that analyzes intrusion data statistics to identify potential malicious attacks. Upon detection, the system utilises P4 programmability to implement a custom defence mechanism on the P4 switch. A novel Uruk protocol header collaborates with HISTA for enhanced cross-layer attack detection and categorisation. The HISTA-Uruk mechanism selectively discards malicious packets while ensuring uninterrupted communication for legitimate packets, effectively preventing DDoS/DRDoS attacks. Extensive experiments validate the system’s ability to efficiently detect and thwart various DDoS, DRDoS, and internal attacks, demonstrating its effectiveness in identifying threats and restoring impacted network connections across diverse attack scenarios.

Graphical abstract

Display Omitted

Highlights

•

Proposed HISTA accurately detects network attacks using intrusion statistics.

•

Introducing Uruk protocol header, collaborating with HISTA in P4 SDNs.

•

Extensive experimentation validates HISTA Uruk mechanism efficacy.

References

[1]

Swami R., Dave M., Ranga V., Software-defined networking-based DDoS defense mechanisms, ACM Comput Surv 52 (2) (2019) 1–36.

[2]

Li D.C., Chen P.-H., Chou L.-D., GAP4NSH: a genetic service function chaining with network service header for P4-based software-defined networks, J Supercomput 79 (10) (2023) 11495–11529.

[3]

Chiu K.-C., Liu C.-C., Chou L.-D., et al., Reinforcement learning-based service-oriented dynamic multipath routing in sdn, Wirel Commun Mob Comput 2022 (2022).

[4]

Li D.C., Maulana M.R., Chou L.-D., NNSplit-SØREN: Supporting the model implementation of large neural networks in a programmable data plane, Comput Netw 222 (2023).

[5]

Balarezo J.F., Wang S., Chavez K.G., Al-Hourani A., Kandeepan S., A survey on DoS/DDoS attacks mathematical modelling for traditional, SDN and virtual networks, Eng Sci Technol Int J 31 (2022).

[6]

Dalmazo B.L., Marques J.A., Costa L.R., Bonfim M.S., Carvalho R.N., da Silva A.S., Fernandes S., Bordim J.L., Alchieri E., Schaeffer-Filho A., et al., A systematic review on distributed denial of service attack defense mechanisms in programmable networks, Int J Netw Manage 31 (6) (2021).

[7]

Hu Z., Liu S., Luo W., Wu L., Resilient distributed fuzzy load frequency regulation for power systems under cross-layer random denial-of-service attacks, IEEE Trans Cybern 52 (4) (2020) 2396–2406.

[8]

Musumeci F., Fidanci A.C., Paolucci F., Cugini F., Tornatore M., Machine-learning-enabled DDoS attacks detection in P4 programmable networks, J Netw Syst Manage 30 (2022) 1–27.

[9]

Fouladi R.F., Ermiş O., Anarim E., A DDoS attack detection and defense scheme using time-series analysis for SDN, J Inf Secur Appl 54 (2020).

[10]

Yu S., Zhang J., Liu J., Zhang X., Li Y., Xu T., A cooperative DDoS attack detection scheme based on entropy and ensemble learning in SDN, EURASIP J Wireless Commun Networking 2021 (1) (2021) 1–21.

[11]

Fouladi R.F., Ermiş O., Anarim E., A DDoS attack detection and countermeasure scheme based on DWT and auto-encoder neural network for SDN, Comput Netw 214 (2022).

Digital Library

[12]

Heggi S.R., Sukarno P., Mugitama S.A., LSTM-NB: DoS attack detection on SDN with P4 programmable dataplane, in: 2022 international conference on advanced creative networks and intelligent systems, ICACNIS, IEEE, 2022, pp. 1–6.

[13]

Akbari Kohnehshahri M., Mohammadi R., Abdoli H., Nassiri M., An efficient method for online detection of drdos attacks on UDP-based services in SDN using machine learning algorithms, Mob Inf Syst 2022 (2022).

[14]

Lin T.-Y., Wu J.-P., Hung P.-H., Shao C.-H., Wang Y.-T., Cai Y.-Z., Tsai M.-H., Mitigating SYN flooding attack and ARP spoofing in SDN data plane, in: 2020 21st Asia-Pacific network operations and management symposium, APNOMS, IEEE, 2020, pp. 114–119.

[15]

Febro A., Xiao H., Spring J., Distributed SIP DDoS defense with P4, in: 2019 IEEE wireless communications and networking conference, WCNC, IEEE, 2019, pp. 1–8.

[16]

da Silveira Ilha A., Lapolli Â.C., Marques J.A., Gaspary L.P., Euclid: A fully in-network, P4-based approach for real-time DDoS attack detection and mitigation, IEEE Trans Netw Serv Manag 18 (3) (2020) 3121–3139.

[17]

Tang D., Wang S., Liu B., Jin W., Zhang J., GASF-IPP: Detection and mitigation of LDoS attack in SDN, IEEE Trans Serv Comput (2023).

[18]

Gupta V., Saharan S., Raje S., SymSDN: A drdos attack prevention approach, in: 2023 IEEE wireless communications and networking conference, WCNC, IEEE, 2023, pp. 1–6.

[19]

Saharan S., Gupta V., Prevention of DrDoS amplification attacks by penalizing the attackers in SDN environment, in: International conference on advanced information networking and applications, Springer, 2022, pp. 684–696.

[20]

Yang H., Zhan K., Kadoch M., Liang Y., Cheriet M., BLCS: Brain-like distributed control security in cyber physical systems, IEEE Netw 34 (3) (2020) 8–15.

[21]

IEEE H., IEEE protocol ethertype list, 2022, URL https://standards-oui.ieee.org/ethertype/eth.txt.

[22]

Mininet: An instant virtual network on your laptop (or other PC), 2021, URL http://mininet.org.

[23]

Dalou J., Al-Duwairi B., Al-Jarrah M., Adaptive entropy-based detection and mitigation of DDoS attacks in software defined networks, Int J Comput 19 (3) (2020) 399–410.

Index Terms

Cross-layer detection and defence mechanism against DDoS and DRDoS attacks in software-defined networks using P4 switches
1. Networks
  1. Network properties
    1. Network security
      1. Denial-of-service attacks
  2. Network services
    1. Network monitoring
2. Security and privacy

Index terms have been assigned to the content through auto-classification.

Recommendations

DDoS attacks and defense mechanisms: classification and state-of-the-art

Denial of Service (DoS) attacks constitute one of the major threats and among the hardest security problems in today's Internet. Of particular concern are Distributed Denial of Service (DDoS) attacks, whose impact can be proportionally severe. With ...
Detecting and Measuring In-The-Wild DRDoS Attacks at IXPs
Detection of Intrusions and Malware, and Vulnerability Assessment
Abstract
Distributed reflective denial of service (DRDoS) attacks are a popular choice among adversaries. In fact, one of the largest DDoS attacks ever recorded, reaching a peak of 1.3 Tbps against GitHub, was a memcached-based DRDoS attack. More recently, ...
A new and comprehensive taxonomy of DDoS attacks and defense mechanism
ISP'07: Proceedings of the 6th WSEAS international conference on Information security and privacy

Distributed denial of services (DDoS) is the most important security problem for IT managers. These attacks are very simple organized for intruders and hence so disruptive. Moreover, its serious damage has been increased, the detection and defense of ...

Comments

Information & Contributors

Information

Published In

cover image Computers and Electrical Engineering

Computers and Electrical Engineering Volume 118, Issue PA

Aug 2024

1425 pages

Issue’s Table of Contents

Elsevier Ltd.

Publisher

Pergamon Press, Inc.

United States

Publication History

Published: 01 August 2024

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

0
Total Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 08 Feb 2025

Other Metrics

View Author Metrics

Citations

View Options

View options

Figures

Tables

Media

View Issue’s Table of Contents