Dan Tang;Siyuan Wang;Siqi Zhang;Zheng Qin;Wei Liang;Sheng Xiao
{"title":"利用 SDN 和新指标实时监控和缓解 SDoS 攻击","authors":"Dan Tang;Siyuan Wang;Siqi Zhang;Zheng Qin;Wei Liang;Sheng Xiao","doi":"10.1109/TCCN.2023.3306358","DOIUrl":null,"url":null,"abstract":"Slow-rate denial-of-service (SDoS) attacks are a type of denial-of-service (DoS) attacks with a low attack rate. They have a flash-crowd nature and can be well concealed in legitimate traffic, so it is difficult to identify them by anti-DoS mechanisms. Existing solutions have drawbacks such as difficult deployment, poor real-time performance, and poor scalability. We propose a scheme for real-time monitoring and mitigation of SDoS attacks on the basis of a software-defined network (SDN) and new traffic metrics. The new traffic metrics are the coefficient of fluctuation (CoF) and pulse period coefficient (PPC), which can help us identify SDoS attacks in the network and locate the attackers quickly and accurately. Based on the two metrics, the scheme uses a Gaussian mixture model (GMM) to predict and cluster network traffic and obtain attacker IPs. The mitigation module installs flow rules to discard attacking flows. With blacklisting and weighted IPs, the mitigation module reduces the probability of dropping legitimate flows in case of false positives. Experiments show that our scheme is inexpensive to deploy and can identify attacks and locate attackers quickly and accurately. The mitigation strategy can mitigate SDoS attacks within 4 to 6 seconds with high probability.","PeriodicalId":13069,"journal":{"name":"IEEE Transactions on Cognitive Communications and Networking","volume":"9 6","pages":"1721-1733"},"PeriodicalIF":7.4000,"publicationDate":"2023-08-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Real-Time Monitoring and Mitigation of SDoS Attacks Using the SDN and New Metrics\",\"authors\":\"Dan Tang;Siyuan Wang;Siqi Zhang;Zheng Qin;Wei Liang;Sheng Xiao\",\"doi\":\"10.1109/TCCN.2023.3306358\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Slow-rate denial-of-service (SDoS) attacks are a type of denial-of-service (DoS) attacks with a low attack rate. They have a flash-crowd nature and can be well concealed in legitimate traffic, so it is difficult to identify them by anti-DoS mechanisms. Existing solutions have drawbacks such as difficult deployment, poor real-time performance, and poor scalability. We propose a scheme for real-time monitoring and mitigation of SDoS attacks on the basis of a software-defined network (SDN) and new traffic metrics. The new traffic metrics are the coefficient of fluctuation (CoF) and pulse period coefficient (PPC), which can help us identify SDoS attacks in the network and locate the attackers quickly and accurately. Based on the two metrics, the scheme uses a Gaussian mixture model (GMM) to predict and cluster network traffic and obtain attacker IPs. The mitigation module installs flow rules to discard attacking flows. With blacklisting and weighted IPs, the mitigation module reduces the probability of dropping legitimate flows in case of false positives. Experiments show that our scheme is inexpensive to deploy and can identify attacks and locate attackers quickly and accurately. The mitigation strategy can mitigate SDoS attacks within 4 to 6 seconds with high probability.\",\"PeriodicalId\":13069,\"journal\":{\"name\":\"IEEE Transactions on Cognitive Communications and Networking\",\"volume\":\"9 6\",\"pages\":\"1721-1733\"},\"PeriodicalIF\":7.4000,\"publicationDate\":\"2023-08-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Transactions on Cognitive Communications and Networking\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10224550/\",\"RegionNum\":1,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"TELECOMMUNICATIONS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Cognitive Communications and Networking","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10224550/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"TELECOMMUNICATIONS","Score":null,"Total":0}
Real-Time Monitoring and Mitigation of SDoS Attacks Using the SDN and New Metrics
Slow-rate denial-of-service (SDoS) attacks are a type of denial-of-service (DoS) attacks with a low attack rate. They have a flash-crowd nature and can be well concealed in legitimate traffic, so it is difficult to identify them by anti-DoS mechanisms. Existing solutions have drawbacks such as difficult deployment, poor real-time performance, and poor scalability. We propose a scheme for real-time monitoring and mitigation of SDoS attacks on the basis of a software-defined network (SDN) and new traffic metrics. The new traffic metrics are the coefficient of fluctuation (CoF) and pulse period coefficient (PPC), which can help us identify SDoS attacks in the network and locate the attackers quickly and accurately. Based on the two metrics, the scheme uses a Gaussian mixture model (GMM) to predict and cluster network traffic and obtain attacker IPs. The mitigation module installs flow rules to discard attacking flows. With blacklisting and weighted IPs, the mitigation module reduces the probability of dropping legitimate flows in case of false positives. Experiments show that our scheme is inexpensive to deploy and can identify attacks and locate attackers quickly and accurately. The mitigation strategy can mitigate SDoS attacks within 4 to 6 seconds with high probability.
期刊介绍:
The IEEE Transactions on Cognitive Communications and Networking (TCCN) aims to publish high-quality manuscripts that push the boundaries of cognitive communications and networking research. Cognitive, in this context, refers to the application of perception, learning, reasoning, memory, and adaptive approaches in communication system design. The transactions welcome submissions that explore various aspects of cognitive communications and networks, focusing on innovative and holistic approaches to complex system design. Key topics covered include architecture, protocols, cross-layer design, and cognition cycle design for cognitive networks. Additionally, research on machine learning, artificial intelligence, end-to-end and distributed intelligence, software-defined networking, cognitive radios, spectrum sharing, and security and privacy issues in cognitive networks are of interest. The publication also encourages papers addressing novel services and applications enabled by these cognitive concepts.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
