SAFE: EFFICIENT DDOS ATTACK DEFENSE WITH ELASTIC TRAFFIC FLOW INSPECTION IN SDN-BASED DATA CENTERS

Tri Gia Nguyen; Hai Hoang Nguyen; Trung Phan

doi:10.15625/1813-9663/16629

SAFE: EFFICIENT DDOS ATTACK DEFENSE WITH ELASTIC TRAFFIC FLOW INSPECTION IN SDN-BASED DATA CENTERS

Tri Gia Nguyen, Hai Hoang Nguyen, Trung V. Phan

Author affiliations

Authors

Tri Gia Nguyen FPT University, Ha Noi, Viet Nam
Hai Hoang Nguyen Vietnam - Korea University of Information and Communication Technology, The University of Danang
Trung V. Phan Chair of Communication Networks, 09126 Chemnitz, Germany

DOI:

https://doi.org/10.15625/1813-9663/16629

Keywords:

Traffic flow inspection;, Distributed denial-of-service attacks;, Software-defined networking;, Data centers.

Abstract

In this paper, we propose an efficient distributed denial-of-Service (DDoS) Attack deFEnse solution, namely SAFE, which utilizes an elastic traffic flow inspection mechanism, for Software-Defined Networking (SDN) based data centers. In particular, we first examine a leaf-spine SDN-based data center network, which is highly vulnerable to volumetric DDoS attacks. Next, we develop a rank-based anomaly detection algorithm to recognize anomalies in the amount of incoming traffic. Then, for the traffic flow inspection, we introduce a component called DFI (Deep Flow Inspection) running an Open vSwitch (OvS) that can be dynamically initiated (as a virtual machine) on-demand to collect traffic flow statistics. By utilizing deep reinforcement learning-based traffic monitoring from our previous study, the DFIs can be protected from the flow-table overflow problem while providing more detailed traffic flow information. Afterward, a machine learning-based attack detector analyzes the gathered flow rule statistics to identify the attack, and appropriate policies are implemented if an attack is recognized. The experiment results show that the SAFE can effectively defend against volumetric DDoS attacks while assuring a reliable Quality-of-Service level for benign traffic flows in SDN-based data center networks. Specifically, for TCP SYN and UDP floods, the SAFE attack detection performance is improved by approximately 40% and 30%, respectively, compared to the existing SATA solution. Furthermore, the attack mitigation performance, the ratio of dropped malicious packets obtained by the SAFE is superior by approximately 48% (for TCP SYN flood) and 52% (for UDP flood) to the SATA.

Metrics

Metrics Loading ...

Downloads

Published

03-03-2023

How to Cite

[1]

T. G. Nguyen, H. Hoang Nguyen, and T. Phan, “SAFE: EFFICIENT DDOS ATTACK DEFENSE WITH ELASTIC TRAFFIC FLOW INSPECTION IN SDN-BASED DATA CENTERS”, JCC, vol. 39, no. 1, p. 17–32, Mar. 2023.

Download Citation

Issue

Vol. 39 No. 1 (2023)

Section

Articles

License

1. We hereby assign copyright of our article (the Work) in all forms of media, whether now known or hereafter developed, to the Journal of Computer Science and Cybernetics. We understand that the Journal of Computer Science and Cybernetics will act on my/our behalf to publish, reproduce, distribute and transmit the Work.
2. This assignment of copyright to the Journal of Computer Science and Cybernetics is done so on the understanding that permission from the Journal of Computer Science and Cybernetics is not required for me/us to reproduce, republish or distribute copies of the Work in whole or in part. We will ensure that all such copies carry a notice of copyright ownership and reference to the original journal publication.
3. We warrant that the Work is our results and has not been published before in its current or a substantially similar form and is not under consideration for another publication, does not contain any unlawful statements and does not infringe any existing copyright.
4. We also warrant that We have obtained the necessary permission from the copyright holder/s to reproduce in the article any materials including tables, diagrams or photographs not owned by me/us.