Poseidon: Mitigating Volumetric DDoS Attacks with Programmable Switches

Abstract: Distributed Denial-of-Service (DDoS) attacks have become a critical threat to the Internet. Due to the increasing number of vulnerable Internet of Things (IoT) devices, attackers can easily compromise a large set of nodes and launch highvolume DDoS attacks from the botnets. State-of-the-art DDoS defenses, however, have not caught up with the fast development of the attacks. Middlebox-based defenses can achieve high performance with specialized hardware; however, these defenses incur a high cost, and deploying … Show more

“…An ICMP flooding attack, also known as a ping attack, aims to target the victim's server with a huge number of echo requests. The targeted victim server has to send a response packet for each request received from the sender [123]. Each ICMP request requires the server use its resources to process the request and send the response to the sender.…”

Machine Learning Approaches for Combating Distributed Denial of Service Attacks in Modern Networking Environments

“…An ICMP flooding attack, also known as a ping attack, aims to target the victim's server with a huge number of echo requests. The targeted victim server has to send a response packet for each request received from the sender [123]. Each ICMP request requires the server use its resources to process the request and send the response to the sender.…”

Machine Learning Approaches for Combating Distributed Denial of Service Attacks in Modern Networking Environments

“…However, an anycast network is challenging to implement [18] and during large attacks, collateral damage, impairing other services in the network, is possible [14]. Lastly, tracking per-flow statistics and using thresholds can be used to distinguish legitimate from suspected attack traffic [27].…”

“…Zhang et al propose Poseidon [27], a DDoS defense framework that maps customizable mitigation strategies to programmable data planes in the network. The use-case is as part of a scrubbing center, cleaning the traffic from not only SYN flood traffic, but general DoS traffic of customer networks.…”

“…through techniques such as blackholing of address ranges or perflow tracking of traffic statistics [27]. The SYN-specific approach uses stateless client puzzles like SYN cookies or SYN authentication [2,3].…”

SYN Flood Defense in Programmable Data Planes

“…Recently, several systems have been proposed for tackling security concerns in modern high-speed networks [90,33,49,82]. By leveraging the capabilities offered by programmable switches, these systems can process packets at line speed directly on the switch hardware, bringing relevant benefits for network security, such as decreased reaction times to attacks, avoidance of network bottlenecks, and decreased costs associated to equivalent centralized server-based infrastructures.…”

FlowLens: Enabling Efficient Flow Classification for ML-based Network Security Applications