In-Network SYN Flooding DDoS Attack Detection Utilizing P4 Switches

DSpace Repository


Dokumentart: ConferencePaper
Date: 2022-04-07
Language: English
Faculty: 7 Mathematisch-Naturwissenschaftliche Fakultät
Department: Informatik
DDC Classifikation: 004 - Data processing and computer science
Show full item record


With the rapid development of Internet applications, the demand for reliable online services similarly increases. However, Distributed Denial-of-Service (DDoS) attacks disrupt the accessibility and the availability of online services. Therefore, DDoS detection and mitigation are crucial tasks to achieve high service availability. In this paper, we propose a novel in-network detection scheme for SYN flooding, the most prevalent type of DDoS attacks. By relocating the attack detection from a centralized controller to programmable P4 switches, the detection time is reduced, and the workload is distributed in the network. Extending passive classification methods, we propose an active detection mechanism, identifying SYN flooding DDoS attacks by selective packet dropping. By this, we expect more accurate detections compared to the state-of-the-art under congested network conditions.

This item appears in the following Collection(s)