SAFE: EFFICIENT DDOS ATTACK DEFENSE WITH ELASTIC TRAFFIC FLOW INSPECTION IN SDN-BASED DATA CENTERS

Abstract

In this paper, we propose an efficient distributed denial-of-Service (DDoS) Attack deFEnse solution, namely SAFE, which utilizes an elastic traffic flow inspection mechanism, for Software-Defined Networking (SDN) based data centers. In particular, we first examine a leaf-spine SDN-based data center network, which is highly vulnerable to volumetric DDoS attacks. Next, we develop a rank-based anomaly detection algorithm to recognize anomalies in the amount of incoming traffic. Then, for the traffic flow inspection, we introduce a component called DFI (Deep Flow Inspection) running an Open vSwitch (OvS) that can be dynamically initiated (as a virtual machine) on-demand to collect traffic flow statistics. By utilizing deep reinforcement learning-based traffic monitoring from our previous study, the DFIs can be protected from the flow-table overflow problem while providing more detailed traffic flow information. Afterward, a machine learning-based attack detector analyzes the gathered flow rule statistics to identify the attack, and appropriate policies are implemented if an attack is recognized. The experiment results show that the SAFE can effectively defend against volumetric DDoS attacks while assuring a reliable Quality-of-Service level for benign traffic flows in SDN-based data center networks. Specifically, for TCP SYN and UDP floods, the SAFE attack detection performance is improved by approximately 40% and 30%, respectively, compared to the existing SATA solution. Furthermore, the attack mitigation performance, the ratio of dropped malicious packets obtained by the SAFE is superior by approximately 48% (for TCP SYN flood) and 52% (for UDP flood) to the SATA.