Detecting and Mitigating DDoS Attacks in SDN Using Spatial-Temporal Graph Convolutional Network

Cao, Yongyi; Jiang, Hao; Deng, Yuchuan; Wu, Jing; Zhou, Pan; Luo, Wei

doi:10.1109/tdsc.2021.3108782

Cited by 49 publications

(26 citation statements)

References 49 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Said ElSayed et al [35] utilized the Information Gain (IG) and Random Forest (RF) in order to analyze the most comprehensive relevant features of DDoS attacks in SDN. Cao et al [36] proposed a detection method based on Spatial-Temporal Graph Convolutional Network (ST-GCN). It can sense the state of switches and input the network state into the spatiotemporal graph convolution network detection model by in-band sampling network telemetry (INT), and finally find the switch through which DDoS attack flow passes.…”

Section: Methods For Detecting Ddosmentioning

confidence: 99%

Cross-Plane DDoS Attack Defense Architecture Based on Flow Table Features in SDN

Yan

Zheng

2022

Security and Communication Networks

View full text Add to dashboard Cite

Software-Defined Networking (SDN) actualizes the separation of control and forwarding and innovates network functionalities with a logically centralized controller. Contemporary SDN infrastructure exposes the potential bottlenecks which are prone to engage in distributed denial of service attack (DDoS) thus posing an ever-increasing threat. This paper adopts the idea of “cross-plane collaboration” accomplishing DDoS attack defense and incorporates a two-phase project deploying the lightweight detection mechanism in data layer and the fine-grained filtering model in control layer. The coadjutant detection mechanism introduces a novel three-dimensional entropy consisting of five flow table features performing real-time feature detection; the defense strategy schedules an attack classification algorithm based on neural network by means of extracting four flow rule features designed to locate compromised interfaces occupied by malicious traffic. Extensive experiments are implemented to demonstrate the method we proposed brings excellent superiority. The detection rate of the classification filtering model is 99.4%, and it is real-time, with a detection time of 0.51s. In addition, the method of cross-layer defense reduces the CPU utilization of the controller.

show abstract

Section: Methods For Detecting Ddosmentioning

confidence: 99%

Cross-Plane DDoS Attack Defense Architecture Based on Flow Table Features in SDN

Yan

Zheng

2022

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…Meanwhile, the authors analyzed the impact of DDoS attacks on throughput, transmission delay, and other network performance, but the authors did not complete a traceability attack on DDoS. So the literature [17] used a graph neural network model to effectively extract the temporal and spatial features of the network state and find the path of a DDoS attack. The literature [18] proposed a detection framework called FAPDD.…”

Section: Related Workmentioning

confidence: 99%

Multi-Domain Malicious Behavior Knowledge Base Framework for Multi-Type DDoS Behavior Detection

Liu,

Li,

Yin

et al. 2023

Intelligent Automation &Amp; Soft Computing

View full text Add to dashboard Cite

Due to the many types of distributed denial-of-service attacks (DDoS) attacks and the large amount of data generated, it becomes a challenge to manage and apply the malicious behavior knowledge generated by DDoS attacks. We propose a malicious behavior knowledge base framework for DDoS attacks, which completes the construction and application of a multi-domain malicious behavior knowledge base. First, we collected malicious behavior traffic generated by five mainstream DDoS attacks. At the same time, we completed the knowledge collection mechanism through data pre-processing and dataset design. Then, we designed a malicious behavior category graph and malicious behavior structure graph for the characteristic information and spatial structure of DDoS attacks and completed the knowledge learning mechanism using a graph neural network model. To protect the data privacy of multiple multi-domain malicious behavior knowledge bases, we implement the knowledge-sharing mechanism based on federated learning. Finally, we store the constructed knowledge graphs, graph neural network model, and Federated model into the malicious behavior knowledge base to complete the knowledge management mechanism. The experimental results show that our proposed system architecture can effectively construct and apply the malicious behavior knowledge base, and the detection capability of multiple DDoS attacks occurring in the network reaches above 0.95, while there exists a certain anti-interference capability for data poisoning cases.

show abstract

“…Through implementing such approaches organizations get ability to bolster their defense against DDoS attacks so that IoT infrastructures do not fail from endangering threats that arise continuously. [5] The paper is coming with a groundbreaking solution to the plague of phishing and application layer DDoS attacks. The solution comprises of the exploitation of convolutional neural networks (CNNs), which have proved problem-solving and cybersecurity adjudication competence.…”

Section: Introductionmentioning

confidence: 99%

“…This approach helps to lower latency by reducing the bandwidth requirements, and at the same time improves the overall security of IoT networks shielding such environments from disruptions or communication failures. [5] The present DDoS attack mitigation strategies based on conventional techniques of detection are inadequate as they may not prove to be so efficient in detecting and mitigating more creative attacks. Nevertheless, a Spatio-Temporal Graph Convolutional Network (ST-GCN) strategy which comes embedded into the SDN architecture brings a new perspective to the DDoS detection.…”

Section: Introductionmentioning

confidence: 99%

Surveying Emerging Trends in DDoS Defense

Pandey

2024

IJSREM

View full text Add to dashboard Cite

This The DDoS attack threat is evolving, and because of this, organizations are discovering and using new modern technologies to lay the ground for more effective defensive strategies. This paper is devoted to the investigation of the most efficient methods fighting DDoS – downtime of the network, and ensuring cybersecurity on different domains. First of all, the integration of Convolutional Neural Networks (CNNs) into cybersecurity is a very promising move with respect to fighting exactly the phishing and application-layer DDoS attacks in greater details than the machine learning approaches like the LSTMs and SAEs. Another aspect of building the effective opposition against the dummy data attacks on the critical infrastructures, for example on the power systems, is creating the multi-dimensional mitigation models composed of various timely detection techniques and robust network architecture. In addition, the usage of Physically Unclonable Functions (PUFs) in network architectures provides a means of authentication as well as access control that can improve the resilience of a network against DDoS attacks. PUFs enables the blockade of unwanted packets of high volume traffic, allowing granular traffic filtration and isolation. By using hardware solutions such as Distributed-Denial-of-Service (DDoS) attack prevention, SDN-biased security frame with deep learning algorithms can improve network resilience with significant detection and response to slow-rate DDoS attacks. At last EWMA, KNN, and CUSUM as statistical methods integrated with FOG computing architectures ensure real time and effective solution for the detection and mitigation of DDoS attacks in the IoT networks, making them immune to the current as well as the continuously emerging cyber threats. Through the integration of these cutting edge methods, organizations will be able to hold their ground against cyberattacks catalyzed by DDoS menace and stay ahead of dynamic threats whenever they arise. Keywords— Cloud computing, Data threats, Data Protection, Cloud security.

show abstract

Detecting and Mitigating DDoS Attacks in SDN Using Spatial-Temporal Graph Convolutional Network

Cited by 49 publications

References 49 publications

Cross-Plane DDoS Attack Defense Architecture Based on Flow Table Features in SDN

Cross-Plane DDoS Attack Defense Architecture Based on Flow Table Features in SDN

Multi-Domain Malicious Behavior Knowledge Base Framework for Multi-Type DDoS Behavior Detection

Surveying Emerging Trends in DDoS Defense

Contact Info

Product

Resources

About