LR-STGCN: Detecting and mitigating low-rate DDoS attacks in SDN based on spatial–temporal graph neural network

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2025-04-02 DOI:10.1016/j.cose.2025.104460

Jin Wang, Liping Wang

{"title":"LR-STGCN: Detecting and mitigating low-rate DDoS attacks in SDN based on spatial–temporal graph neural network","authors":"Jin Wang, Liping Wang","doi":"10.1016/j.cose.2025.104460","DOIUrl":null,"url":null,"abstract":"<div><div>Software Defined Network (SDN) is an emerging network architecture. The decoupled data plane and control plane provide programmability for efficient network management. As a new network architecture, SDN also faces the threat of Low-rate Distributed Denial of Service (LDDoS) attacks. However, the centralized control, forwarding separation, scalability, and programmability of SDN provide new ideas for the detection and defense of LDDoS attacks. In this paper, we perform feature extraction of LDDoS attack flows in terms of time–frequency distribution of LDDoS attack flows and quality of service (QoS) of TCP flows, and identify the victim switch and victim ports by using the hybrid GCN-GRU deep learning model and the double sliding window method. Finally, the location of the attacking host is determined based on the victim port, and defense measures are issued to the victim switch at the attack source through the OpenFlow protocol. The evaluation results indicate that the detection method deployed on SDN controllers has a high detection rate and low false positive rate for LDDoS attacks, and can detect and alleviate LDDoS attacks online and in real-time.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"154 ","pages":"Article 104460"},"PeriodicalIF":4.8000,"publicationDate":"2025-04-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S016740482500149X","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Software Defined Network (SDN) is an emerging network architecture. The decoupled data plane and control plane provide programmability for efficient network management. As a new network architecture, SDN also faces the threat of Low-rate Distributed Denial of Service (LDDoS) attacks. However, the centralized control, forwarding separation, scalability, and programmability of SDN provide new ideas for the detection and defense of LDDoS attacks. In this paper, we perform feature extraction of LDDoS attack flows in terms of time–frequency distribution of LDDoS attack flows and quality of service (QoS) of TCP flows, and identify the victim switch and victim ports by using the hybrid GCN-GRU deep learning model and the double sliding window method. Finally, the location of the attacking host is determined based on the victim port, and defense measures are issued to the victim switch at the attack source through the OpenFlow protocol. The evaluation results indicate that the detection method deployed on SDN controllers has a high detection rate and low false positive rate for LDDoS attacks, and can detect and alleviate LDDoS attacks online and in real-time.

查看原文本刊更多论文

LR-STGCN：基于时空图神经网络的SDN低速率DDoS攻击检测与缓解

软件定义网络（SDN）是一种新兴的网络架构。数据平面和控制平面的解耦为高效的网络管理提供了可编程性。SDN作为一种新型的网络架构，也面临着低速率分布式拒绝服务攻击的威胁。然而，SDN的集中控制、转发分离、可扩展性和可编程性为检测和防御ddos攻击提供了新的思路。本文从LDDoS攻击流的时频分布和TCP流的服务质量（QoS）两方面对LDDoS攻击流进行特征提取，并采用GCN-GRU混合深度学习模型和双滑动窗口方法识别受害交换机和受害端口。最后根据受害端口确定攻击主机的位置，并通过OpenFlow协议向攻击源的受害交换机发出防御措施。评估结果表明，部署在SDN控制器上的检测方法对ddos攻击具有较高的检测率和较低的误报率，能够在线实时检测和缓解ddos攻击。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.