RADD: A Real-Time and Accurate Method for DDoS Detection Based on In-Network Computing

Distributed Denial-of-Service (DDoS) attacks pose formidable threats to the security and availability of critical Internet infrastructure. In-network computing technology brings new opportunities to address DDoS attacks due to its intrinsic data plane programmability and high performance. However, e...

Full description

Saved in:
Bibliographic Details
Main Authors: Wang, Wen, Zhu, Shuyong, Wu, Zhiyuan, Lu, Lu, Li, Zhiqiang, Yang, Hongwei, Zhang, Yujun
Format: Conference Proceeding
Language:English
Subjects:
Accuracy
DDoS detection
Denial-of-service attack
Fluctuations
in-network computing
programmable switch
Prototypes
Real-time systems
Switches
Telecommunication traffic
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Distributed Denial-of-Service (DDoS) attacks pose formidable threats to the security and availability of critical Internet infrastructure. In-network computing technology brings new opportunities to address DDoS attacks due to its intrinsic data plane programmability and high performance. However, existing DDoS attacks detection schemes based on in-network computing are difficult to strike a balance between true positive rate and false positive rate, especially in low-rate DDoS attacks scenarios. In response to this challenge, we propose RADD, an entropy-based method to detect DDoS attacks in real time based on in-network computing. RADD measures the distribution of network traffic from the perspective of individual IP address to discern subtle fluctuations within network traffic, hence providing early indications of potential DDoS attacks. We implement a prototype of RADD over programmable switches and results show that our proposed method significantly outperforms the state-of-the-art or has equivalent accuracy in low-rate and highrate DDoS attacks scenarios.
ISSN:1938-1883
DOI:10.1109/ICC51166.2024.10622656