2 research outputs found
Mitigation of Flooding and Slow DDoS Attacks in a Software-Defined Network
Distributed denial of service (DDoS) attacks are a constant threat for
services in the Internet. This year, the record for the largest DDoS attack
ever observed was set at 1.7 Tbps. Meanwhile, detection and mitigation
mechanisms are still lacking behind. Many mitigation systems require the
assistance by the victim - or the victim's administrator themself has to become
active to mitigate attacks. We introduced a system that can detect attacks,
identify attackers, and mitigate the attacks purely within the network
infrastructure. With the improved flexibility of software-defined networks, new
possibilities to mitigate such attacks can be implemented. In addition to our
short paper on the mitigation of reflective DDoS attacks on LCN 2018, we also
like to demonstrate our work on mitigating flooding attacks presented at LCN
2017 and our mitigation of slow DDoS attacks. In our demo, we show how these
systems can be combined and how they work when faced with such different
attacks
Q-MIND: Defeating Stealthy DoS Attacks in SDN with a Machine-learning based Defense Framework
Software Defined Networking (SDN) enables flexible and scalable network
control and management. However, it also introduces new vulnerabilities that
can be exploited by attackers. In particular, low-rate and slow or stealthy
Denial-of-Service (DoS) attacks are recently attracting attention from
researchers because of their detection challenges. In this paper, we propose a
novel machine learning based defense framework named Q-MIND, to effectively
detect and mitigate stealthy DoS attacks in SDN-based networks. We first
analyze the adversary model of stealthy DoS attacks, the related
vulnerabilities in SDN-based networks and the key characteristics of stealthy
DoS attacks. Next, we describe and analyze an anomaly detection system that
uses a Reinforcement Learning-based approach based on Q-Learning in order to
maximize its detection performance. Finally, we outline the complete Q-MIND
defense framework that incorporates the optimal policy derived from the
Q-Learning agent to efficiently defeat stealthy DoS attacks in SDN-based
networks. An extensive comparison of the Q-MIND framework and currently
existing methods shows that significant improvements in attack detection and
mitigation performance are obtained by Q-MIND.Comment: This paper has been accepted for publication in IEEE GLOBECOM
conference 201