Marinos Dimolianis scite author profile

Distributed Denial of Service (DDoS) mitigation typically relies on source IP-based filtering rules; these may present scaling issues due to the vast amount of involved sources. By contrast, we propose a source IP-agnostic DDoS traffic classification and filtering schema that identifies malicious packet signatures via supervised Machine Learning methods and subsequently generates signature-based filtering rules. To accelerate packet processing, our schema utilizes XDP middleboxes operating as programmable Deep Packet Inspectors. Signatures are extracted from network traffic as unique combinations of the most significant packet features; these are subsequently fed to supervised Machine Learning algorithms that classify them as malicious or benign. Malicious signatures undergo a reduction process tailored to the attack vector in order to generate a concise set of filtering rules, thus expediting mitigation performance. Our schema was implemented as a proof-of-concept and evaluated for DNS volumetric attacks in terms of signature classification accuracy and packet filtering throughput. Experiments were based on benign and malicious traffic datasets recorded in production network environments. Our approach was compared to source-based mechanisms in terms of (i) malicious traffic identification, (ii) filtering rules cardinality, and (iii) packet processing throughput required in modern high speed networks. The experimental results demonstrate that our signature-based approach outperforms IP-based alternatives, achieving high detection accuracy and significant generalization capabilities.

show abstract

Orchestrating DDoS mitigation via blockchain-based network provider collaborations

Pavlidis

Dimolianis

Giotis

et al. 2020

The Knowledge Engineering Review

View full text Add to dashboard Cite

Network providers either attempt to handle massive distributed denial-of-service attacks themselves or redirect traffic to third-party scrubbing centers. If providers adopt the first option, it is sensible to counter such attacks in their infancy via provider collaborations deploying distributed security mechanisms across multiple domains in an attack path. This motivated our work presented in this paper. Specifically, we investigate the establishment of trusted federations among adjacent and disjoint network domains, that is, autonomous systems (ASes) that collectively mitigate malicious traffic. Our approach is based on Distributed Ledger Technologies for signaling, coordination, and orchestration of a collaborative mitigation schema via appropriate blockchain-based smart contracts. Reputation scores are used to rank ASes based on their mitigation track record. The allocation of defense resources across multiple collaborators is modeled as a combinatorial optimization problem considering reputation scores and network flow weights. Malicious flows are mitigated using programmable network data paths within the eXpress Data Path (XDP) framework; this enables operators with enhanced packet processing throughput and advanced filtering flexibility. Our schema was implemented in a proof-of-concept prototype and tested under realistic network conditions.

show abstract

SYN Flood Attack Detection and Mitigation using Machine Learning Traffic Classification and Programmable Data Plane Filtering

Dimolianis

Pavlidis

Maglaris

2021

View full text Add to dashboard Cite

Virtual Queues for P4: A Poor Man’s Programmable Traffic Manager

Harkous

Papagianni

Schepper

et al. 2021

IEEE Trans. Netw. Serv. Manage.

View full text Add to dashboard Cite

The advent of programmable network switch ASICs and recent developments on other programmable data planes (NPUs, FPGAs) drive the renewed interest in network data plane programmability. The P4 language has emerged as a strong candidate to describe a protocol independent datapath pipeline. With its supported architectures, the P4 language provides an excellent way to define the packet processing and forwarding behavior, while leaving other networking components such as the traffic management engine, to non-programmable fixed function elements, based on the capabilities of most programmable devices. However, network flexibility is essential to meet the Quality of Service (QoS) requirements of traffic flows. Thus, enabling programmable control for fixed-function elements like traffic management is crucial.Towards that end we propose the use of virtual queues in the P4 pipeline, investigate the application of virtual queuebased traffic management, and portability of the approach using different P4 programmable targets. Specifically, we focus on virtual queue based Active Queue Management (AQM) for congestion policing and meeting the latency targets of distinct network slices. The solution is compared to P4 built-in functionality for bandwidth management using meters, proving also that the additional dimensions of control are achieved without compromising the processing complexity of the solution.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.