A Robust TCP-SYN Flood Mitigation Scheme Using Machine Learning Based on SDN

Tuấn, Nguyễn Ngọc; Hung, Pham Huy; Nghia, Nguyen Danh; Tho, Nguyen Van; Thanh, Nguyen Huu

doi:10.1109/ictc46691.2019.8939829

Cited by 14 publications

(6 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Deepa et al 40 proposed an approach that combines different ML algorithms (KNN, SVM, and Self Organizing Maps ‐ SOM) to perform the attack traffic classification. In the same line, Tuan et al 41 proposed the use of different approaches, combining entropy with KNN to detect DDoS attacks. Similarly, the authors in Reference 42 proposed a solution that allows entropy to be combined with different ML algorithms, such as Multi‐Layer Perceptron (MLP), KNN, and SVM.…”

Section: Related Workmentioning

confidence: 99%

DataPlane‐ML: An integrated attack detection and mitigation solution for software defined networks

Carvalho

Costa

Bordim

et al. 2022

Concurrency and Computation

View full text Add to dashboard Cite

Summary Software defined network (SDN) is a paradigm that emphasizes the separation of the control plane from the data plane, offering advantages such as flexibility and programmability. However, from a security perspective, SDN also introduces new vulnerabilities due to the communication required between these planes. SYN Flood attacks are typical distributed denial‐of‐service (DDoS) attacks that especially challenge network administrators since they produce a large volume of semi‐open TCP connections to a target, compromising its availability. Most of the current solutions to detect and mitigate these attacks are designed to operate at the control plane, imposing an additional overhead on controller functions. Moreover, traffic‐blocking mechanisms, a widely used alternative to protect network resources, have the drawback of restricting legitimate traffic. This work proposes DataPlane‐ML, an integrated solution to detect and mitigate DDoS attacks on SDN, acting directly in the data plane. DataPlane‐ML uses machine learning techniques for attack detection and a mitigation solution based on the node's reputation to avoid blocking legitimate traffic during an attack. Experimental results show that DataPlane‐ML is prefix≈26%$$ \approx 26\% $$ faster than statistical‐based solutions for attack detection while presenting better accuracy. Moreover, the DataPlane‐ML mitigation solution can preserve more than 95%$$ 95\% $$ of legitimate traffic during an attack.

show abstract

Section: Related Workmentioning

confidence: 99%

DataPlane‐ML: An integrated attack detection and mitigation solution for software defined networks

Carvalho

Costa

Bordim

et al. 2022

Concurrency and Computation

View full text Add to dashboard Cite

show abstract

“…At present, the research on SYN flood attack detection can be divided into three categories: statistical methods [4,5], machine learning methods [6][7][8][9], and deep learning methods.…”

Section: Related Workmentioning

confidence: 99%

A SYN Flood Attack Detection Method Based on Hierarchical Multihead Self-Attention Mechanism

Guo

Gao

2022

Security and Communication Networks

View full text Add to dashboard Cite

Existing SYN flood attack detection methods have obvious problems such as poor feature selectivity, weak generalization ability, easy overfitting, and low accuracy during training. In the paper, we present a SYN flood attack detection method based on the Hierarchical Multihad Self-Attention (HMHSA) mechanism. First, we use one-hot encoding and normalization to preprocess traffic data. Then the preprocessed traffic data is transmitted to the Feature-based Multihead Self-Attention (FBMHA) layer for feature selection. Finally, we use data slices to determine the features of the preprocessed traffic data under time series by passing the preprocessed traffic data into the Slice-based Multihead Self-Attention (SBMHA) layer. We tested the proposed method on different datasets. The experimental results show that compared with other works, our method presents better in feature selection and higher detection accuracy (even up to 99.97%).

show abstract

“…Authors in Ref. [21] propose a SYN flood mitigation algorithm based on machine learning. e algorithm calculates the entropy of ports per each IP address and discerns anomaly traffic using K-Nearest Neighbors (KNN) method and CAIDA dataset.…”

Section: Proposals For Tcp Syn Flood Attackmentioning

confidence: 99%

SDNDefender: A Comprehensive DDoS Defense Mechanism Using Hybrid Approaches over Software Defined Networking

Tianfang

Rui

Qiu

2021

Security and Communication Networks

View full text Add to dashboard Cite

In traditional networks, DDoS attacks are often launched in the network layer or the transport layer. Researchers had explored this problem in depth and put forward plenty of solutions. However, these solutions are only suitable for scenarios such as a single link or victim side network and could not analyse traffic distribution from the angle of the global network. Also, the TCP/IP network architecture lacks abilities to quickly conduct resource deployment and traffic scheduling. When DDoS attacks occur, victims usually could not respond in time. With the superiorities of centralized control mode and global topological view, Software-Defined Networking (SDN) provides a new way to get over the above issues. In this paper, we adopt a combination of diverse technologies to design SDNDefender, a SDN-based DDoS detection and defense mechanism, which is composed of two core components aiming to counter the most popular DDoS attacks including IP spoofing attack and TCP SYN flood attack. We carry out quantitative simulation experiments for evaluating SDNDefender from many metrics. The experimental results show that in contrast to other DDoS defense algorithms, SDNDefender not only efficiently validates spoofed packets and withstands well-known attacks but also defends unknown attacks according to the target’s available resources. Besides, SDNDefender could significantly reduce TCP half-open connections and improve detection accuracy, alleviating attack influences that exhaust the server’s resources and network bandwidth.

show abstract

A Robust TCP-SYN Flood Mitigation Scheme Using Machine Learning Based on SDN

Cited by 14 publications

References 10 publications

DataPlane‐ML: An integrated attack detection and mitigation solution for software defined networks

DataPlane‐ML: An integrated attack detection and mitigation solution for software defined networks

A SYN Flood Attack Detection Method Based on Hierarchical Multihead Self-Attention Mechanism

SDNDefender: A Comprehensive DDoS Defense Mechanism Using Hybrid Approaches over Software Defined Networking

Contact Info

Product

Resources

About