Abstract
Mitigating distributed denial-of-service attacks can be a complex task due to the wide range of attack types, attacker adaptation, and defender constraints. We propose a defense mechanism which is largely automated and can be implemented on current software defined networking (SDN)-enabled networks. Our mechanism combines normal traffic learning, external blacklist information, and elastic capacity invocation in order to provide effective load control, filtering and service elasticity during an attack. We implement the mechanism and analyze its performance on a physical SDN testbed using a comprehensive set of real-life normal traffic traces and synthetic attack traces. The results indicate that the mechanism is effective in maintaining roughly 50% to 80% service levels even when hit by an overwhelming attack.
Original language | English |
---|---|
Title of host publication | 2015 IEEE 4th International Conference on Cloud Networking, CloudNet 2015 |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
Pages | 248-254 |
Number of pages | 7 |
ISBN (Print) | 9781467395014 |
DOIs | |
Publication status | Published - 2015 Nov 20 |
Event | 4th IEEE International Conference on Cloud Networking, CloudNet 2015 - Falls, Canada Duration: 2015 Oct 5 → 2015 Oct 7 |
Other
Other | 4th IEEE International Conference on Cloud Networking, CloudNet 2015 |
---|---|
Country/Territory | Canada |
City | Falls |
Period | 15/10/5 → 15/10/7 |
ASJC Scopus subject areas
- Computer Networks and Communications