BDTM: Bidirectional Detection and Traceability Mitigation of LDoS Attacks in SDN

Although Software-Defined Networking (SDN) introduces architectural innovations, it retains fundamental network properties. As a result, Low-rate Denial of Service (LDoS) attacks, which exploit bottleneck links and TCP congestion control mechanisms, still pose a serious threat to SDN. Currently, to accurately detect LDoS attacks at lower average attack rates, many methods focus on extracting and analyzing single-dimensional features. However, these methods are often complex and offer only limited improvements in detection accuracy. Moreover, critical security vulnerabilities in mainstream mitigation strategies highlight their inability to ensure long-term stability. To this end, we propose BDTM, a cross-dimensional bidirectional detection and traceability mitigation scheme. Through attack parameter estimation with a precision of 0.1s, BDTM achieves precise detection of LDoS attacks that incorporate IP spoofing. In terms of mitigation, we have identified, verified, and resolved critical vulnerabilities in existing mainstream mitigation strategies for the first time. Upon detecting an attack, BDTM rapidly mitigates the ongoing anomaly while performing reverse-flow tracing to pinpoint the attacking host. Ultimately, BDTM enforces port-level isolation targeting the attacker rather than the attack flows, ensuring more effective and comprehensive mitigation. Experimental results demonstrate that BDTM achieves a high detection accuracy of 98.85%, with an average response time of just 5.67s when performing attack traceability.