S. Batool, Farrukh Zeeshan Khan, Syed Qaiser Ali Shah, Muneer Ahmed, Roobaea Alroobaea, Abdullah M. Baqasah, Ihsan Ali, M. A. Raza
{"title":"SDN环境下TCP SYN Flood DDoS攻击检测与缓解的轻量级统计方法","authors":"S. Batool, Farrukh Zeeshan Khan, Syed Qaiser Ali Shah, Muneer Ahmed, Roobaea Alroobaea, Abdullah M. Baqasah, Ihsan Ali, M. A. Raza","doi":"10.1155/2022/2593672","DOIUrl":null,"url":null,"abstract":"Distributed Denial of Service (DDoS) attack is known to be one of the most lethal attacks in traditional network architecture. In this attack, the attacker uses botnets to overwhelm network resources. Botnets can be randomly compromised computers or IoT devices that are used to generate excessive traffic towards the victim, and as a result, legitimate users cannot access the services. In this research, software-defined networking (SDN) has been suggested as a solution to fight DDoS attacks. SDN uses the idea of centralized control and segregation of the data plane from the control plane. SDN is more flexible, and policy implementation on the centralized controller is easy. SDN is now being widely used in modern network paradigms because it has enhanced security. In this work, an entropy-based statistical approach has been suggested to detect and mitigate TCP SYN flood DDoS attacks. The proposed algorithm uses a three-phased detection scheme to minimize the false-positive rate. Entropy, standard deviation, and weighted moving average have been used for intrusion detection. Multiple experiments were performed, and the results show that the suggested approach is more reliable and lightweight and has a minimal false-positive rate.","PeriodicalId":167643,"journal":{"name":"Secur. Commun. Networks","volume":"16 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-01-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Lightweight Statistical Approach towards TCP SYN Flood DDoS Attack Detection and Mitigation in SDN Environment\",\"authors\":\"S. Batool, Farrukh Zeeshan Khan, Syed Qaiser Ali Shah, Muneer Ahmed, Roobaea Alroobaea, Abdullah M. Baqasah, Ihsan Ali, M. A. Raza\",\"doi\":\"10.1155/2022/2593672\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Distributed Denial of Service (DDoS) attack is known to be one of the most lethal attacks in traditional network architecture. In this attack, the attacker uses botnets to overwhelm network resources. Botnets can be randomly compromised computers or IoT devices that are used to generate excessive traffic towards the victim, and as a result, legitimate users cannot access the services. In this research, software-defined networking (SDN) has been suggested as a solution to fight DDoS attacks. SDN uses the idea of centralized control and segregation of the data plane from the control plane. SDN is more flexible, and policy implementation on the centralized controller is easy. SDN is now being widely used in modern network paradigms because it has enhanced security. In this work, an entropy-based statistical approach has been suggested to detect and mitigate TCP SYN flood DDoS attacks. The proposed algorithm uses a three-phased detection scheme to minimize the false-positive rate. Entropy, standard deviation, and weighted moving average have been used for intrusion detection. Multiple experiments were performed, and the results show that the suggested approach is more reliable and lightweight and has a minimal false-positive rate.\",\"PeriodicalId\":167643,\"journal\":{\"name\":\"Secur. Commun. Networks\",\"volume\":\"16 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-01-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Secur. Commun. Networks\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1155/2022/2593672\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Secur. Commun. Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1155/2022/2593672","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 5
摘要
分布式拒绝服务(DDoS)攻击是传统网络体系结构中最致命的攻击之一。在这种攻击中,攻击者利用僵尸网络来压倒网络资源。僵尸网络可以是随机入侵的计算机或物联网设备,用于向受害者产生过多的流量,从而导致合法用户无法访问服务。在这项研究中,软件定义网络(SDN)被建议作为对抗DDoS攻击的解决方案。SDN采用集中控制和数据平面与控制平面分离的思想。SDN更灵活,在集中控制器上实现策略更容易。SDN由于提高了网络的安全性,在现代网络中得到了广泛的应用。在这项工作中,提出了一种基于熵的统计方法来检测和减轻TCP SYN flood DDoS攻击。该算法采用三阶段检测方案,最大限度地降低了误报率。熵、标准差和加权移动平均被用于入侵检测。实验结果表明,该方法具有较好的可靠性和轻量化,具有较低的误报率。
Lightweight Statistical Approach towards TCP SYN Flood DDoS Attack Detection and Mitigation in SDN Environment
Distributed Denial of Service (DDoS) attack is known to be one of the most lethal attacks in traditional network architecture. In this attack, the attacker uses botnets to overwhelm network resources. Botnets can be randomly compromised computers or IoT devices that are used to generate excessive traffic towards the victim, and as a result, legitimate users cannot access the services. In this research, software-defined networking (SDN) has been suggested as a solution to fight DDoS attacks. SDN uses the idea of centralized control and segregation of the data plane from the control plane. SDN is more flexible, and policy implementation on the centralized controller is easy. SDN is now being widely used in modern network paradigms because it has enhanced security. In this work, an entropy-based statistical approach has been suggested to detect and mitigate TCP SYN flood DDoS attacks. The proposed algorithm uses a three-phased detection scheme to minimize the false-positive rate. Entropy, standard deviation, and weighted moving average have been used for intrusion detection. Multiple experiments were performed, and the results show that the suggested approach is more reliable and lightweight and has a minimal false-positive rate.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
