TY - GEN
T1 - Detection of DDoS on SDN Data Plane Through Mirror Traffic
AU - Wikantyasa, I. Made Adhiarta
AU - Ahmad, Tohari
N1 - Publisher Copyright:
© 2023 IEEE.
PY - 2023
Y1 - 2023
N2 - The rapid growth in network technology and data traffic has made traditional network architectures inadequate in meeting the needs of modern users, leading to the adoption of Software Defined Networking (SDN) as a solution. Despite its benefits, SDN's centralized control, complexity, lack of standardization, inadequate visibility, authentication, and authorization make it vulnerable to security threats such as Distributed Denial of Service (DDoS). In SDN networks, DDoS attacks can overwhelm networks with traffic, causing reduced performance or downtime in the data or controller planes. DDoS attacks within SDN networks can be categorized into three main types volumetric attacks, which inundate networks with substantial traffic, state exclusion attacks which take advantage of vulnerabilities in TCP packet processing and application layer attacks which specifically target services with malevolent activity. The objective of the proposed system is to provide an alternative solution on detecting UDP flood-based Distributed Denial of Service (DDoS) attacks in Software-Defined Networking (SDN) data planes. This will be achieved by incorporating mirror ports as inputs to a machine learning module. Additionally, the machine learning module will have the capability to identify attack patterns within mirrored traffic without causing disruptions to the main network traffic.
AB - The rapid growth in network technology and data traffic has made traditional network architectures inadequate in meeting the needs of modern users, leading to the adoption of Software Defined Networking (SDN) as a solution. Despite its benefits, SDN's centralized control, complexity, lack of standardization, inadequate visibility, authentication, and authorization make it vulnerable to security threats such as Distributed Denial of Service (DDoS). In SDN networks, DDoS attacks can overwhelm networks with traffic, causing reduced performance or downtime in the data or controller planes. DDoS attacks within SDN networks can be categorized into three main types volumetric attacks, which inundate networks with substantial traffic, state exclusion attacks which take advantage of vulnerabilities in TCP packet processing and application layer attacks which specifically target services with malevolent activity. The objective of the proposed system is to provide an alternative solution on detecting UDP flood-based Distributed Denial of Service (DDoS) attacks in Software-Defined Networking (SDN) data planes. This will be achieved by incorporating mirror ports as inputs to a machine learning module. Additionally, the machine learning module will have the capability to identify attack patterns within mirrored traffic without causing disruptions to the main network traffic.
KW - DDoS
KW - Mirrored Network
KW - Network Security
KW - Security
KW - Software Defined Networking
UR - http://www.scopus.com/inward/record.url?scp=85175434843&partnerID=8YFLogxK
U2 - 10.1109/ICoCICs58778.2023.10276890
DO - 10.1109/ICoCICs58778.2023.10276890
M3 - Conference contribution
AN - SCOPUS:85175434843
T3 - Proceedings - 2023 IEEE International Conference on Cryptography, Informatics, and Cybersecurity: Cryptography and Cybersecurity: Roles, Prospects, and Challenges, ICoCICs 2023
SP - 199
EP - 204
BT - Proceedings - 2023 IEEE International Conference on Cryptography, Informatics, and Cybersecurity
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 1st IEEE International Conference on Cryptography, Informatics, and Cybersecurity, ICoCICs 2023
Y2 - 22 August 2023 through 24 August 2023
ER -