[1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13]

Journal of Information Science and Engineering, Vol. 38 No. 6, pp. 1265-1283

A Study on Traffic Asymmetry for Detecting DDoS Attack in P4-based SDN

1Department of Computer Science and Information Engineering
2Department of Electrical Engineering
National Cheng Kung University
Tainan, 700 Taiwan

3Department of Computer Science
National Yang Ming Chiao Tung University
Hsinchu, 300 Taiwan
E-mail: tingyu@imslab.org; chingyuan0227@gmail.com; kinoe_T@imslab.org;
tsaimh@csie.ncku.edu.tw; chenyr@mail.ncku.edu.tw

With the popularity of the Internet, modern people increasingly rely on the Internet to complete a large amount of work, making the security of the Internet more and more important. Among many threats to network security, Distributed Denial-of-Service (DDoS) attacks have always been a problem that researchers want to solve. With the introduction of software-defined networking (SDN), more and more detection methods have been proposed. In this paper, we design a sketch-based method of data collection in the P4-based data plane, which sends less data to controller than the Openflow-based data plane with limited data size. Furthermore, our method collects data of both attackers and victims by asymmetric characteristics of data flows, which contributes to the mitigation of DDoS attacks by inserting rate-limited rules on the data plane. In experiments, our data collection structure can reach the 0.9 or more F1 score, and the number of entries is appropriate, while attack intensities are between 0Mbps to 500Mbps. In the evaluation section, we also present the result of labeling data by the K-means algorithm on the control plane.

Keywords: software defined network, data collection, DDoS, P4, network management

  Retrieve PDF document (JISE_202206_09.pdf)