Loading [MathJax]/extensions/MathZoom.js
An End-to-end Online DDoS Mitigation Scheme for Network Forwarding Devices | IEEE Conference Publication | IEEE Xplore

An End-to-end Online DDoS Mitigation Scheme for Network Forwarding Devices


Abstract:

The past decade has witnessed continuous development of IoT, 5G, and AI technologies, which have driven explosive growth in network bandwidth. The scale and frequency of ...Show More

Abstract:

The past decade has witnessed continuous development of IoT, 5G, and AI technologies, which have driven explosive growth in network bandwidth. The scale and frequency of DDoS (Distributed Denial of Service) attacks are also increasing. In order to expand the scope of attacks, some hackers even targeted the network infrastructures. In this context, the security of network forwarding devices has become a concern. DDoS attacks on network forwarding devices cannot be mitigated by traffic diversion and scrubbing. However, mitigation on-premises faces many problems, including insufficient bandwidth of the channel between the forwarding plane and the control plane, limited computing resources, selection of blocking mode, and a short response window. This paper proposes an adaptive-granularity Attack tRaffic bEhavior Aggregation algorithm - namely AREA - to detect attacks precisely, and utilizes an ACL generation technique to reduce false alarms. During a DDoS attack, the attacker sources are automatically analyzed to implement mitigation. Experiments show the ability of the proposed method to automatically block DDoS attacks with high accuracy, high recall rate, and little false negative rate in an end-to-end manner. Therefore, network forwarding devices remain highly available even during attacks.
Date of Conference: 12-14 April 2024
Date Added to IEEE Xplore: 03 June 2024
ISBN Information:
Conference Location: Chengdu, China

References

References is not available for this document.