Detection and prevention of slow-rate DDoS attacks on HTTP protocol in P4-based software defined networks using machine learning techniques

Message:
Article Type:
Research/Original Article (بدون رتبه معتبر)
Abstract:

SDN architecture has become popular nowadays due to the abstract view that it provides. Due to the centralized network Controller in SDN, Most of the processing load is on the controller. This centralized controller has made this architecture a great target to DDoS attacks. Over the few past decades, many detection methods has been proposed; but with increased traffic and complexity of DDoS attacks, researchers aimed to utilize the data plane processing power. One of the most effective methods that has been proposed, is the P4 technology. With P4, we can utilize the processing power of the data plane devices in detection and prevention procedure of DDoS attacks on SDN; which will result the reduction of controller overhead and more flexibility data plane devices. In this research, we proposed a detection and prevention model that utilizes machine learning techniques along with implementation of P4 switches to detect slow-rate DDoS attacks on SDN. The ONOS controller has been used for implementation of this model. The goal of proposing this model, is to use programmable P4 switches in detection procedure, in order to minimize the controller overhead. The procedure of extracting feature values for machine learning models, will result processing overhead for the controller, but with implementing this procedure with P4 switches on data plane and local processing of packets in the switch, the controller overhead will be minimized. The proposed model has been analyzed in terms of detection time, bandwidth consumption and CPU utilization of the controller. In compare to the normal SDN, the results shows about 60 seconds improvement in detection time, about 50% less overhead on bandwidth consumption and CPU utilization in proposed method. The results show that implementation of P4 data plane, with programming the data plane devices, will have significant effects on detection of slow-rate DDoS attacks and processing load of the controller in SDN.

Language:
Persian
Published:
Distributed computing and Distributed systems, Volume:5 Issue: 2, 2023
Pages:
23 to 42
https://magiran.com/p2635518