发布求助

文献互助智能选刊最新文献

CoDDoS：通过可编程交换机检测和减轻各种DDoS攻击

IF 4.3 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computer Communications Pub Date : 2025-05-19 DOI:10.1016/j.comcom.2025.108215

Jiqiang Xia , Le Tian , Yuxiang Hu , Ziyong Li , Penghao Sun , Jianhua Peng

{"title":"CoDDoS：通过可编程交换机检测和减轻各种DDoS攻击","authors":"Jiqiang Xia , Le Tian , Yuxiang Hu , Ziyong Li , Penghao Sun , Jianhua Peng","doi":"10.1016/j.comcom.2025.108215","DOIUrl":null,"url":null,"abstract":"<div><div>Over the past decades, DDoS attacks have dramatically evolved in attack scale and patterns. However, state-of-the-art DDoS defenses encounter challenges in maintaining high performance while handling large-scale network traffic. Most require rerouting traffic to a centralized collector (or analyzer), introducing additional processing latency and cost. Emerging programmable switches have become a promising means for conducting flexible DDoS defense directly on the data plane. However, due to the limited resources on each device and the lack of monitoring statistics from a network-wide perspective, these works have not provided sufficient capabilities to detect and mitigate diverse DDoS attacks. In this paper, we propose CoDDoS, a Collaborative DDoS defense system that combines device-local and network-wide monitoring information to defend against diverse DDoS attacks with programmable switches. For device-local estimation, we propose a resource-efficient sketch DBMin, to recognize suspicious DDoS attack flows from tremendous ongoing traffic. It is fully deployed on the data plane and achieves much lower memory consumption than existing approaches. We further initiate an In-band Network Telemetry mechanism to perform the network-wide measurement on suspicious flows detected by DBMin sketch. To defend against diverse DDoS attacks, CoDDoS enables a comprehensive investigation of the collected statistics and sets appropriate mitigation strategies for different DDoS attacks. The experiment results show that CoDDoS can achieve high detection accuracy for endpoint-based DDoS defense referring to F1 score/FNR/FPR metrics and effectively detect and mitigate link-based DDoS attacks.</div></div>","PeriodicalId":55224,"journal":{"name":"Computer Communications","volume":"240 ","pages":"Article 108215"},"PeriodicalIF":4.3000,"publicationDate":"2025-05-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"CoDDoS: Detecting and mitigating diverse DDoS attacks with programmable switches\",\"authors\":\"Jiqiang Xia , Le Tian , Yuxiang Hu , Ziyong Li , Penghao Sun , Jianhua Peng\",\"doi\":\"10.1016/j.comcom.2025.108215\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Over the past decades, DDoS attacks have dramatically evolved in attack scale and patterns. However, state-of-the-art DDoS defenses encounter challenges in maintaining high performance while handling large-scale network traffic. Most require rerouting traffic to a centralized collector (or analyzer), introducing additional processing latency and cost. Emerging programmable switches have become a promising means for conducting flexible DDoS defense directly on the data plane. However, due to the limited resources on each device and the lack of monitoring statistics from a network-wide perspective, these works have not provided sufficient capabilities to detect and mitigate diverse DDoS attacks. In this paper, we propose CoDDoS, a Collaborative DDoS defense system that combines device-local and network-wide monitoring information to defend against diverse DDoS attacks with programmable switches. For device-local estimation, we propose a resource-efficient sketch DBMin, to recognize suspicious DDoS attack flows from tremendous ongoing traffic. It is fully deployed on the data plane and achieves much lower memory consumption than existing approaches. We further initiate an In-band Network Telemetry mechanism to perform the network-wide measurement on suspicious flows detected by DBMin sketch. To defend against diverse DDoS attacks, CoDDoS enables a comprehensive investigation of the collected statistics and sets appropriate mitigation strategies for different DDoS attacks. The experiment results show that CoDDoS can achieve high detection accuracy for endpoint-based DDoS defense referring to F1 score/FNR/FPR metrics and effectively detect and mitigate link-based DDoS attacks.</div></div>\",\"PeriodicalId\":55224,\"journal\":{\"name\":\"Computer Communications\",\"volume\":\"240 \",\"pages\":\"Article 108215\"},\"PeriodicalIF\":4.3000,\"publicationDate\":\"2025-05-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computer Communications\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0140366425001720\",\"RegionNum\":3,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Communications","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0140366425001720","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

在过去的几十年里，DDoS攻击在攻击规模和模式上都发生了巨大的变化。然而，最先进的DDoS防御在处理大规模网络流量的同时保持高性能遇到了挑战。大多数都需要将流量重新路由到集中式收集器（或分析器），这会带来额外的处理延迟和成本。新兴的可编程交换机已经成为直接在数据平面进行灵活DDoS防御的一种很有前景的手段。然而，由于每个设备上的资源有限，并且缺乏从整个网络角度的监控统计数据，这些工作没有提供足够的能力来检测和缓解各种DDoS攻击。在本文中，我们提出了CoDDoS，这是一种协作式DDoS防御系统，它结合了设备本地和网络范围的监控信息，通过可编程交换机防御各种DDoS攻击。对于设备本地估计，我们提出了一个资源高效的草图DBMin，从巨大的正在进行的流量中识别可疑的DDoS攻击流。它完全部署在数据平面上，实现了比现有方法低得多的内存消耗。我们进一步启动带内网络遥测机制，对DBMin sketch检测到的可疑流量执行全网范围的测量。为了防御各种DDoS攻击，CoDDoS支持对收集的统计数据进行全面调查，并为不同的DDoS攻击设置适当的缓解策略。实验结果表明，基于F1分数/FNR/FPR指标的CoDDoS对基于端点的DDoS防御具有较高的检测精度，能够有效地检测和缓解基于链路的DDoS攻击。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

CoDDoS: Detecting and mitigating diverse DDoS attacks with programmable switches

Over the past decades, DDoS attacks have dramatically evolved in attack scale and patterns. However, state-of-the-art DDoS defenses encounter challenges in maintaining high performance while handling large-scale network traffic. Most require rerouting traffic to a centralized collector (or analyzer), introducing additional processing latency and cost. Emerging programmable switches have become a promising means for conducting flexible DDoS defense directly on the data plane. However, due to the limited resources on each device and the lack of monitoring statistics from a network-wide perspective, these works have not provided sufficient capabilities to detect and mitigate diverse DDoS attacks. In this paper, we propose CoDDoS, a Collaborative DDoS defense system that combines device-local and network-wide monitoring information to defend against diverse DDoS attacks with programmable switches. For device-local estimation, we propose a resource-efficient sketch DBMin, to recognize suspicious DDoS attack flows from tremendous ongoing traffic. It is fully deployed on the data plane and achieves much lower memory consumption than existing approaches. We further initiate an In-band Network Telemetry mechanism to perform the network-wide measurement on suspicious flows detected by DBMin sketch. To defend against diverse DDoS attacks, CoDDoS enables a comprehensive investigation of the collected statistics and sets appropriate mitigation strategies for different DDoS attacks. The experiment results show that CoDDoS can achieve high detection accuracy for endpoint-based DDoS defense referring to F1 score/FNR/FPR metrics and effectively detect and mitigate link-based DDoS attacks.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Computer Communications

Computer Communications 工程技术-电信学

CiteScore

14.10

自引率

5.00%

发文量

397

审稿时长

66 days

期刊介绍： Computer and Communications networks are key infrastructures of the information society with high socio-economic value as they contribute to the correct operations of many critical services (from healthcare to finance and transportation). Internet is the core of today''s computer-communication infrastructures. This has transformed the Internet, from a robust network for data transfer between computers, to a global, content-rich, communication and information system where contents are increasingly generated by the users, and distributed according to human social relations. Next-generation network technologies, architectures and protocols are therefore required to overcome the limitations of the legacy Internet and add new capabilities and services. The future Internet should be ubiquitous, secure, resilient, and closer to human communication paradigms. Computer Communications is a peer-reviewed international journal that publishes high-quality scientific articles (both theory and practice) and survey papers covering all aspects of future computer communication networks (on all layers, except the physical layer), with a special attention to the evolution of the Internet architecture, protocols, services, and applications.

联系我们：info@booksci.cn Book学术提供免费学术资源搜索服务，方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1

京公网安备 11010802042870号

Book学术文献互助

Book学术文献互助群
群号：604180095

Book学术官方微信