Detection and Mitigation of Low and Slow DDoS attack in an SDN environment

2022 International Conference on Distributed Computing, VLSI, Electrical Circuits and Robotics ( DISCOVER) Pub Date : 2022-10-14 DOI:10.1109/DISCOVER55800.2022.9974724

A. N. H. D. Sai, B. H. Tilak, N. S. Sanjith, Padi Suhas, R. Sanjeetha

{"title":"Detection and Mitigation of Low and Slow DDoS attack in an SDN environment","authors":"A. N. H. D. Sai, B. H. Tilak, N. S. Sanjith, Padi Suhas, R. Sanjeetha","doi":"10.1109/DISCOVER55800.2022.9974724","DOIUrl":null,"url":null,"abstract":"Distributed Denial of Service (DDoS) attacks aim to make a server unresponsive by flooding the target server with a large volume of packets (Volume based DDoS attacks), by keeping connections open for a long time and exhausting the resources (Low and Slow DDoS attacks) or by targeting protocols (Protocol based attacks). Volume based DDoS attacks that flood the target server with a large number of packets are easier to detect because of the abnormality in packet flow. Low and Slow DDoS attacks, however, make the server unavailable by keeping connections open for a long time, but send traffic similar to genuine traffic, making detection of such attacks difficult. This paper proposes a solution to detect and mitigate one such Low and slow DDoS attack, Slowloris in an SDN (Software Defined Networking) environment. The proposed solution involves communication between the detection and mitigation module and the controller of the Software Defined Network to get data to detect and mitigate low and slow DDoS attack.","PeriodicalId":264177,"journal":{"name":"2022 International Conference on Distributed Computing, VLSI, Electrical Circuits and Robotics ( DISCOVER)","volume":"184 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 International Conference on Distributed Computing, VLSI, Electrical Circuits and Robotics ( DISCOVER)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DISCOVER55800.2022.9974724","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

Distributed Denial of Service (DDoS) attacks aim to make a server unresponsive by flooding the target server with a large volume of packets (Volume based DDoS attacks), by keeping connections open for a long time and exhausting the resources (Low and Slow DDoS attacks) or by targeting protocols (Protocol based attacks). Volume based DDoS attacks that flood the target server with a large number of packets are easier to detect because of the abnormality in packet flow. Low and Slow DDoS attacks, however, make the server unavailable by keeping connections open for a long time, but send traffic similar to genuine traffic, making detection of such attacks difficult. This paper proposes a solution to detect and mitigate one such Low and slow DDoS attack, Slowloris in an SDN (Software Defined Networking) environment. The proposed solution involves communication between the detection and mitigation module and the controller of the Software Defined Network to get data to detect and mitigate low and slow DDoS attack.

查看原文本刊更多论文

SDN环境下低速和慢速DDoS攻击的检测与缓解

分布式拒绝服务(DDoS)攻击的目的是通过向目标服务器发送大量的数据包(基于容量的DDoS攻击)，通过长时间保持连接并耗尽资源(Low和Slow DDoS攻击)或针对协议(基于协议的攻击)使服务器无法响应。基于卷的DDoS攻击是指以大量报文淹没目标服务器的DDoS攻击，由于报文流异常，容易被检测到。低速和慢速DDoS攻击通过长时间保持连接打开使服务器不可用，但发送的流量与真正的流量相似，因此很难检测到此类攻击。本文提出了一种在SDN(软件定义网络)环境中检测和减轻这种低速度和慢速度DDoS攻击的解决方案。提出的解决方案涉及检测和缓解模块与软件定义网络控制器之间的通信，以获取数据以检测和缓解低速和慢速DDoS攻击。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2022 International Conference on Distributed Computing, VLSI, Electrical Circuits and Robotics ( DISCOVER)

自引率

0.00%

发文量