The documents distributed by this server have been provided by the contributing authors as a means to ensure timely dissemination of scholarly and technical work on a non-commercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, not withstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.

In-Network SYN Flooding DDoS Attack Detection Utilizing P4 Switches

Key:GAZ+22
Author:Pegah Golchin, Leonard Anderweit, Julian Zobel, Ralf Kundel, Ralf Steinmetz
Date:April 2022
Kind:In proceedings - use for conference & workshop papers
Publisher: In: Proceedings of the 3rd KuVS Fachgespraech “Network Softwarization”
Abstract:Abstract—With the rapid development of Internet applications, the demand for reliable online services similarly increases. However, Distributed Denial-of-Service (DDoS) attacks disrupt the accessibility and the availability of online services. Therefore, DDoS detection and mitigation are crucial tasks to achieve high service availability. In this paper, we propose a novel in-network detection scheme for SYN flooding, the most prevalent type of DDoS attacks. By relocating the attack detection from a centralized controller to programmable P4 switches, the detection time is reduced, and the workload is distributed in the network. Extending passive classification methods, we propose an active detection mechanism, identifying SYN flooding DDoS attacks by selective packet dropping. By this, we expect more accurate detections compared to the state-of-the-art under congested network conditions. Index Terms—SYN flooding attack, DDoS attack, SDN, P4
Full paper (pdf)

[Export this entry to BibTeX]

[back]