A GNN-Based Rate Limiting Framework for DDoS Attack Mitigation in Multi-Controller SDN

Abstract

This paper proposes a proactive protection against DDoS attacks in SDN that is based on dynamically monitoring rates of hosts and penalizing misbehaving ones through a weight-based rate limiting mechanism. Basically, this approach relies on the power of Graph Neural Networks (GNN) to leverage online deep learning. First, an encoder-decoder function converts a time-series vector of a host features to an embedding representation. Then, GraphSAGE uses hosts' embedding vectors to learn latent features of switches which are used to forecast next time-step values. Predicted values are inputted to a multi-loss DNN model to compute two discounts that are applied to weights associated to source edges using mutli-hop SDG-based backpropagation. Realistic experiments show that the proposed solution succeeds in minimizing the impact of DDoS attacks on both the controllers and the switches regarding the PacketIn arrival rate at the controller and the rate of accepted requests.