RADD: A Real-Time and Accurate Method for DDoS Detection Based on In-Network Computing

Distributed Denial-of-Service (DDoS) attacks pose formidable threats to the security and availability of critical Internet infrastructure. In-network computing technology brings new opportunities to address DDoS attacks due to its intrinsic data plane programmability and high performance. However, e...

Full description

Saved in:
Bibliographic Details
Main Authors: Wang, Wen, Zhu, Shuyong, Wu, Zhiyuan, Lu, Lu, Li, Zhiqiang, Yang, Hongwei, Zhang, Yujun
Format: Conference Proceeding
Language:English
Subjects:
Accuracy
DDoS detection
Denial-of-service attack
Fluctuations
in-network computing
programmable switch
Prototypes
Real-time systems
Switches
Telecommunication traffic
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by
cites
container_end_page 3321
container_issue
container_start_page 3316
container_title
container_volume
creator Wang, Wen
Zhu, Shuyong
Wu, Zhiyuan
Lu, Lu
Li, Zhiqiang
Yang, Hongwei
Zhang, Yujun
description Distributed Denial-of-Service (DDoS) attacks pose formidable threats to the security and availability of critical Internet infrastructure. In-network computing technology brings new opportunities to address DDoS attacks due to its intrinsic data plane programmability and high performance. However, existing DDoS attacks detection schemes based on in-network computing are difficult to strike a balance between true positive rate and false positive rate, especially in low-rate DDoS attacks scenarios. In response to this challenge, we propose RADD, an entropy-based method to detect DDoS attacks in real time based on in-network computing. RADD measures the distribution of network traffic from the perspective of individual IP address to discern subtle fluctuations within network traffic, hence providing early indications of potential DDoS attacks. We implement a prototype of RADD over programmable switches and results show that our proposed method significantly outperforms the state-of-the-art or has equivalent accuracy in low-rate and highrate DDoS attacks scenarios.
doi_str_mv 10.1109/ICC51166.2024.10622656
format conference_proceeding
fullrecord <record><control><sourceid>ieee_CHZPO</sourceid><recordid>TN_cdi_ieee_primary_10622656</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>10622656</ieee_id><sourcerecordid>10622656</sourcerecordid><originalsourceid>FETCH-ieee_primary_106226563</originalsourceid><addsrcrecordid>eNqFjrtuwjAUQA1SpfL6g6q6P5Dg6xBjd0vjVjDAAKgrspILmJIYOUZV_74d2pnpHOksh7Fn5Cki19NlWeaIUqaCi1mKXAohc9ljEz1XOBcKNc9nus8GqDOVoFLZIxt23ZnzXOgMB-xjUxjzAgVsyF6SnWsIbFtDUVW3YCPBiuLJ13DwAYzxWzAUqYrOt_BqO6rhV5Ztsqb45cMnlL653qJrj2P2cLCXjiZ_HLGn97dduUgcEe2vwTU2fO__f7M7-Qcpz0GN</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>RADD: A Real-Time and Accurate Method for DDoS Detection Based on In-Network Computing</title><source>IEEE Xplore All Conference Series</source><creator>Wang, Wen ; Zhu, Shuyong ; Wu, Zhiyuan ; Lu, Lu ; Li, Zhiqiang ; Yang, Hongwei ; Zhang, Yujun</creator><creatorcontrib>Wang, Wen ; Zhu, Shuyong ; Wu, Zhiyuan ; Lu, Lu ; Li, Zhiqiang ; Yang, Hongwei ; Zhang, Yujun</creatorcontrib><description>Distributed Denial-of-Service (DDoS) attacks pose formidable threats to the security and availability of critical Internet infrastructure. In-network computing technology brings new opportunities to address DDoS attacks due to its intrinsic data plane programmability and high performance. However, existing DDoS attacks detection schemes based on in-network computing are difficult to strike a balance between true positive rate and false positive rate, especially in low-rate DDoS attacks scenarios. In response to this challenge, we propose RADD, an entropy-based method to detect DDoS attacks in real time based on in-network computing. RADD measures the distribution of network traffic from the perspective of individual IP address to discern subtle fluctuations within network traffic, hence providing early indications of potential DDoS attacks. We implement a prototype of RADD over programmable switches and results show that our proposed method significantly outperforms the state-of-the-art or has equivalent accuracy in low-rate and highrate DDoS attacks scenarios.</description><identifier>EISSN: 1938-1883</identifier><identifier>EISBN: 9781728190549</identifier><identifier>EISBN: 1728190541</identifier><identifier>DOI: 10.1109/ICC51166.2024.10622656</identifier><language>eng</language><publisher>IEEE</publisher><subject>Accuracy ; DDoS detection ; Denial-of-service attack ; Fluctuations ; in-network computing ; programmable switch ; Prototypes ; Real-time systems ; Switches ; Telecommunication traffic</subject><ispartof>ICC 2024 - IEEE International Conference on Communications, 2024, p.3316-3321</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/10622656$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,777,781,786,787,27906,54536,54913</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/10622656$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Wang, Wen</creatorcontrib><creatorcontrib>Zhu, Shuyong</creatorcontrib><creatorcontrib>Wu, Zhiyuan</creatorcontrib><creatorcontrib>Lu, Lu</creatorcontrib><creatorcontrib>Li, Zhiqiang</creatorcontrib><creatorcontrib>Yang, Hongwei</creatorcontrib><creatorcontrib>Zhang, Yujun</creatorcontrib><title>RADD: A Real-Time and Accurate Method for DDoS Detection Based on In-Network Computing</title><title>ICC 2024 - IEEE International Conference on Communications</title><addtitle>ICC</addtitle><description>Distributed Denial-of-Service (DDoS) attacks pose formidable threats to the security and availability of critical Internet infrastructure. In-network computing technology brings new opportunities to address DDoS attacks due to its intrinsic data plane programmability and high performance. However, existing DDoS attacks detection schemes based on in-network computing are difficult to strike a balance between true positive rate and false positive rate, especially in low-rate DDoS attacks scenarios. In response to this challenge, we propose RADD, an entropy-based method to detect DDoS attacks in real time based on in-network computing. RADD measures the distribution of network traffic from the perspective of individual IP address to discern subtle fluctuations within network traffic, hence providing early indications of potential DDoS attacks. We implement a prototype of RADD over programmable switches and results show that our proposed method significantly outperforms the state-of-the-art or has equivalent accuracy in low-rate and highrate DDoS attacks scenarios.</description><subject>Accuracy</subject><subject>DDoS detection</subject><subject>Denial-of-service attack</subject><subject>Fluctuations</subject><subject>in-network computing</subject><subject>programmable switch</subject><subject>Prototypes</subject><subject>Real-time systems</subject><subject>Switches</subject><subject>Telecommunication traffic</subject><issn>1938-1883</issn><isbn>9781728190549</isbn><isbn>1728190541</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2024</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><recordid>eNqFjrtuwjAUQA1SpfL6g6q6P5Dg6xBjd0vjVjDAAKgrspILmJIYOUZV_74d2pnpHOksh7Fn5Cki19NlWeaIUqaCi1mKXAohc9ljEz1XOBcKNc9nus8GqDOVoFLZIxt23ZnzXOgMB-xjUxjzAgVsyF6SnWsIbFtDUVW3YCPBiuLJ13DwAYzxWzAUqYrOt_BqO6rhV5Ztsqb45cMnlL653qJrj2P2cLCXjiZ_HLGn97dduUgcEe2vwTU2fO__f7M7-Qcpz0GN</recordid><startdate>20240609</startdate><enddate>20240609</enddate><creator>Wang, Wen</creator><creator>Zhu, Shuyong</creator><creator>Wu, Zhiyuan</creator><creator>Lu, Lu</creator><creator>Li, Zhiqiang</creator><creator>Yang, Hongwei</creator><creator>Zhang, Yujun</creator><general>IEEE</general><scope>6IE</scope><scope>6IH</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIO</scope></search><sort><creationdate>20240609</creationdate><title>RADD: A Real-Time and Accurate Method for DDoS Detection Based on In-Network Computing</title><author>Wang, Wen ; Zhu, Shuyong ; Wu, Zhiyuan ; Lu, Lu ; Li, Zhiqiang ; Yang, Hongwei ; Zhang, Yujun</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-ieee_primary_106226563</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2024</creationdate><topic>Accuracy</topic><topic>DDoS detection</topic><topic>Denial-of-service attack</topic><topic>Fluctuations</topic><topic>in-network computing</topic><topic>programmable switch</topic><topic>Prototypes</topic><topic>Real-time systems</topic><topic>Switches</topic><topic>Telecommunication traffic</topic><toplevel>online_resources</toplevel><creatorcontrib>Wang, Wen</creatorcontrib><creatorcontrib>Zhu, Shuyong</creatorcontrib><creatorcontrib>Wu, Zhiyuan</creatorcontrib><creatorcontrib>Lu, Lu</creatorcontrib><creatorcontrib>Li, Zhiqiang</creatorcontrib><creatorcontrib>Yang, Hongwei</creatorcontrib><creatorcontrib>Zhang, Yujun</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan (POP) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Xplore</collection><collection>IEEE Proceedings Order Plans (POP) 1998-present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Wang, Wen</au><au>Zhu, Shuyong</au><au>Wu, Zhiyuan</au><au>Lu, Lu</au><au>Li, Zhiqiang</au><au>Yang, Hongwei</au><au>Zhang, Yujun</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>RADD: A Real-Time and Accurate Method for DDoS Detection Based on In-Network Computing</atitle><btitle>ICC 2024 - IEEE International Conference on Communications</btitle><stitle>ICC</stitle><date>2024-06-09</date><risdate>2024</risdate><spage>3316</spage><epage>3321</epage><pages>3316-3321</pages><eissn>1938-1883</eissn><eisbn>9781728190549</eisbn><eisbn>1728190541</eisbn><abstract>Distributed Denial-of-Service (DDoS) attacks pose formidable threats to the security and availability of critical Internet infrastructure. In-network computing technology brings new opportunities to address DDoS attacks due to its intrinsic data plane programmability and high performance. However, existing DDoS attacks detection schemes based on in-network computing are difficult to strike a balance between true positive rate and false positive rate, especially in low-rate DDoS attacks scenarios. In response to this challenge, we propose RADD, an entropy-based method to detect DDoS attacks in real time based on in-network computing. RADD measures the distribution of network traffic from the perspective of individual IP address to discern subtle fluctuations within network traffic, hence providing early indications of potential DDoS attacks. We implement a prototype of RADD over programmable switches and results show that our proposed method significantly outperforms the state-of-the-art or has equivalent accuracy in low-rate and highrate DDoS attacks scenarios.</abstract><pub>IEEE</pub><doi>10.1109/ICC51166.2024.10622656</doi></addata></record>
fulltext fulltext_linktorsrc
identifier EISSN: 1938-1883
ispartof ICC 2024 - IEEE International Conference on Communications, 2024, p.3316-3321
issn 1938-1883
language eng
recordid cdi_ieee_primary_10622656
source IEEE Xplore All Conference Series
subjects Accuracy
DDoS detection
Denial-of-service attack
Fluctuations
in-network computing
programmable switch
Prototypes
Real-time systems
Switches
Telecommunication traffic
title RADD: A Real-Time and Accurate Method for DDoS Detection Based on In-Network Computing
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-20T01%3A08%3A41IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_CHZPO&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=RADD:%20A%20Real-Time%20and%20Accurate%20Method%20for%20DDoS%20Detection%20Based%20on%20In-Network%20Computing&rft.btitle=ICC%202024%20-%20IEEE%20International%20Conference%20on%20Communications&rft.au=Wang,%20Wen&rft.date=2024-06-09&rft.spage=3316&rft.epage=3321&rft.pages=3316-3321&rft.eissn=1938-1883&rft_id=info:doi/10.1109/ICC51166.2024.10622656&rft.eisbn=9781728190549&rft.eisbn_list=1728190541&rft_dat=%3Cieee_CHZPO%3E10622656%3C/ieee_CHZPO%3E%3Cgrp_id%3Ecdi_FETCH-ieee_primary_106226563%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=10622656&rfr_iscdi=true