Skip to main content
SpringerLink
Log in

Bungee-ML: A Cross-Plane Approach for a Collaborative Defense Against DDoS Attacks

  • Published:
Journal of Network and Systems Management Aims and scope Submit manuscript

Abstract

Network services and applications are targeted by different types of attacks on a daily basis. One of the most common and devastating types is Distributed Denial of Service (DDoS) attacks. Considering the emergence of data plane programmability, in this paper, we propose Bungee-ML, an innovative, hybrid approach that combines the fast processing speed of the data plane and the high capacity and intelligence of the control plane to mitigate DDoS attacks. Bungee-ML continuously monitors traffic at the data plane to detect traffic anomalies and supplies machine learning models (running in the control plane) with inputs to perform in-depth traffic analysis. We refer to this as vertical cooperation. Additionally, our approach progressively pushes back malicious traffic farther away from the victim through horizontal mitigation coordination between forwarding devices. Our evaluation of a P4-built prototype demonstrates that Bungee-ML is highly accurate in identifying and mitigating sources of attack due to the vertical cooperation and has a low resource footprint. Furthermore, our pushback strategy saves network bandwidth by mitigating non-legitimate traffic closer to its sources.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

References

  1. Dong, S., Abbas, K., Jain, R.: A survey on distributed denial of service (DDoS) attacks in SDN and cloud computing environments. IEEE Access 7, 80813–80828 (2019)

    Article  Google Scholar 

  2. NETSCOUT Arbor’s ATLAS: 14th annual Worldwide Infrastructure Security Report (WISR). https://www.netscout.com/report/. Accessed 2019

  3. Porter, J.: Telegram blames China for ‘powerful DDoS attack’ during Hong Kong protests. https://www.theverge.com/2019/6/13/18677282/telegram-ddos-attack-china-hong-kong-protest-pavel-durov-state-actor-sized-cyberattack. Accessed 2019

  4. Kupreev, O., Badovskaya, E., Gutnikov, A.: DDoS attacks in Q2 2020. https://securelist.com/ddos-attacks-in-q2-2020/98077/. Accessed 2020

  5. Amazon: Amazon page speed study. https://www.contentkingapp.com/academy/page-speed-resources/faq/amazon-page-speed-study/. Accessed 24 Sept 2021

  6. Amazon: Amazon prime day outage. https://tamebay.com/2018/07/amazon-invited-ddos-attack-on-prime-day.html. Accessed 24 Sept 2021

  7. Bhardwaj, A., Subrahmanyam, G., Avasthi, V., Sastry, H., Goundar, S.: DDoS attacks, new ddos taxonomy and mitigation solutions-a survey. In: 2016 International conference on Signal Processing, Communication, Power and Embedded System (SCOPES), pp. 793–798 (2016). IEEE

  8. Ding, D., Savi, M., Siracusa, D.: Tracking normalized network traffic entropy to detect DDoS attacks in p4. IEEE Trans. Dependable Secure Comput. (2021). https://doi.org/10.1109/TDSC.2021.3116345

    Article  Google Scholar 

  9. Kamboj, P., Trivedi, M.C., Yadav, V.K., Singh, V.K.: Detection techniques of DDoS attacks: A survey. In: 2017 4th IEEE Uttar Pradesh section international conference on electrical, computer and electronics (UPCON), pp. 675–679 (2017). https://doi.org/10.1109/UPCON.2017.8251130

  10. Varalakshmi, I., Thenmozhi, M., Sasi, R.: Detection of distributed denial of service attack in an internet of things environment—A review. In: 2021 international conference on system, computation, automation and networking (ICSCAN), pp. 1–6 (2021). https://doi.org/10.1109/ICSCAN53069.2021.9526378

  11. Kousar, H., Mulla, M.M., Shettar, P., Narayan, D.G.: Detection of DDoS attacks in software defined network using decision tree. In: 2021 10th IEEE international conference on Communication Systems and Network Technologies (CSNT), pp. 783–788 (2021). https://doi.org/10.1109/CSNT51715.2021.9509634

  12. Macías, S.G., Gaspary, L.P., Botero, J.F.: Oracle: An architecture for collaboration of data and control planes to detect DDoS attacks. In: 2021 IFIP/IEEE international symposium on integrated network management (IM), pp. 962–967 (2021)

  13. Santos da Silva, A., Wickboldt, J.A., Granville, L.Z., Schaeffer-Filho, A.: Atlantic: A framework for anomaly traffic detection, classification, and mitigation in SDN. In: NOMS 2016–2016 IEEE/IFIP network operations and management symposium, pp. 27–35 (2016)

  14. Agrawal, N., Tapaswi, S.: Defense mechanisms against DDoS attacks in a cloud computing environment: State-of-the-art and research challenges. IEEE Commun. Surv. Tutor. (2019). https://doi.org/10.1109/COMST.2019.2934468

    Article  Google Scholar 

  15. Sangodoyin, A.O., Akinsolu, M.O., Pillai, P., Grout, V.: Detection and classification of DDoS flooding attacks on software-defined networks: A case study for the application of machine learning. IEEE Access 9, 122495–122508 (2021). https://doi.org/10.1109/ACCESS.2021.3109490

    Article  Google Scholar 

  16. Li, G., Zhang, M., Liu, C., Kong, X., Chen, A., Gu, G., Duan, H.: Nethcf: Enabling line-rate and adaptive spoofed IP traffic filtering. In: 2019 IEEE 27th International Conference on Network Protocols (ICNP), pp. 1–12 (2019)

  17. Alsadi, A., Berardi, D., Callegati, F., Melis, A., Prandini, M.: A security monitoring architecture based on data plane programmability. In: 2021 joint European conference on networks and communications 6G summit (EuCNC/6G summit), pp. 389–394 (2021). https://doi.org/10.1109/EuCNC/6GSummit51104.2021.9482549

  18. Dimolianis, M., Pavlidis, A., Maglaris, V.: Signature-based traffic classification and mitigation for DDoS attacks using programmable network data planes. IEEE Access (2021). https://doi.org/10.1109/ACCESS.2021.3104115

    Article  Google Scholar 

  19. Febro, A., Xiao, H., Spring, J.: Distributed sip DDoS defense with p4. In: 2019 IEEE Wireless Communications and Networking Conference (WCNC), pp. 1–8 (2019)

  20. Kaljic, E., Maric, A., Njemcevic, P.: Dos attack mitigation in SDN networks using a deeply programmable packet-switching node based on a hybrid FPGA/CPU data plane architecture. In: 2019 XXVII International Conference on Information, Communication and Automation Technologies (ICAT), pp. 1–6 (2019). https://doi.org/10.1109/ICAT47117.2019.8938862

  21. Narayanan, N., Sankaran, G.C., Sivalingam, K.M.: Mitigation of security attacks in the SDN data plane using p4-enabled switches. In: 2019 IEEE international conference on Advanced Networks and Telecommunications Systems (ANTS), pp. 1–6 (2019). https://doi.org/10.1109/ANTS47819.2019.9118071

  22. Bosshart, P., Daly, D., Gibb, G., Izzard, M., McKeown, N., Rexford, J., Schlesinger, C., Talayco, D., Vahdat, A., Varghese, G., Walker, D.: P4: Programming protocol-independent packet processors. SIGCOMM Comput. Commun. Rev. 44(3), 87–95 (2014). https://doi.org/10.1145/2656877.2656890

    Article  Google Scholar 

  23. González, L.A.Q., Castanheira, L., Marques, J.A., Schaeffer-Filho, A., Gaspary, L.P.: Bungee: An adaptive pushback mechanism for DDoS detection and mitigation in p4 data planes. In: 2021 IFIP/IEEE international symposium on integrated network management (IM), pp. 393–401 (2021)

  24. Paolucci, F., Civerchia, F., Sgambelluri, A., Giorgetti, A., Cugini, F., Castoldi, P.: P4 edge node enabling stateful traffic engineering and cyber security. IEEE/OSA J. Opt. Commun. Networking 11(1), 84–95 (2019)

    Article  Google Scholar 

  25. Kfoury, E.F., Crichigno, J., Bou-Harb, E.: An exhaustive survey on p4 programmable data plane switches: Taxonomy, applications, challenges, and future trends. IEEE Access 9, 87094–87155 (2021). https://doi.org/10.1109/ACCESS.2021.3086704

    Article  Google Scholar 

  26. Hauser, F., Häberle, M., Merling, D., Lindner, S., Gurevich, V., Zeiger, F., Frank, R., Menth, M.: A survey on data plane programming with p4: Fundamentals, advances, and applied research. ArXiv abs/2101.10632 (2021)

  27. Musumeci, F., Ionata, V., Paolucci, F., Cugini, F., Tornatore, M.: Machine-learning-assisted ddos attack detection with p4 language. In: ICC 2020 - 2020 IEEE International Conference on Communications (ICC), pp. 1–6 (2020). https://doi.org/10.1109/ICC40277.2020.9149043

  28. Arshi, M., Nasreen, M., Madhavi, K.: A survey of DDoS attacks using machine learning techniques. E3S Web Conf 184, 01052 (2020). https://doi.org/10.1051/e3sconf/202018401052

    Article  Google Scholar 

  29. Wehbi, K., Hong, L., Al-salah, T., Bhutta, A.A.: A survey on machine learning based detection on ddos attacks for IoT systems. In: 2019 SoutheastCon, pp. 1–6 (2019). https://doi.org/10.1109/SoutheastCon42311.2019.9020468

  30. Raghunath, K., Krishnan, P.: Towards a secure SDN architecture. In: 2018 9th International Conference on Computing, Communication and Networking Technologies (ICCCNT), pp. 1–7 (2018). https://doi.org/10.1109/ICCCNT.2018.8494043

  31. Bawany, N.Z., Shamsi, J.A., Salah, K.: DDoS attack detection and mitigation using SDN: Methods, practices, and solutions. Arab. J. Sci. Eng. 42(2), 425–441 (2017). https://doi.org/10.1007/s13369-017-2414-5

    Article  Google Scholar 

  32. Zhang, M., Li, G., Wang, S., Liu, C., Chen, A., Hu, H., Gu, G., Li, Q., Xu, M., Wu, J.: Poseidon: Mitigating volumetric DDoS attacks with programmable switches. In: NDSS (2020)

  33. Friday, K., Kfoury, E., Bou-Harb, E., Crichigno, J.: Towards a unified in-network DDoS detection and mitigation strategy. In: 2020 6th IEEE Conference on Network Softwarization (NetSoft), pp. 218–226 (2020). https://doi.org/10.1109/NetSoft48620.2020.9165336

  34. Uddin Nadim, T., Foysal : Towards autonomic entropy based approach for DDoS attack detection and mitigation using software defined networking. In: 2021 international conference on automation, control and mechatronics for industry 4.0 (ACMI), pp. 1–5 (2021). https://doi.org/10.1109/ACMI53878.2021.9528288

  35. Yaegashi, R., Hisano, D., Nakayama, Y.: Light-weight DDoS mitigation at network edge with limited resources. In: 2021 IEEE 18th annual consumer communications networking conference (CCNC), pp. 1–6 (2021). https://doi.org/10.1109/CCNC49032.2021.9369635

  36. Ilha, A.D.S., Lapolli, A.C., Marques, J.A., Gaspary, L.P.: Euclid: A fully in-network, p4-based approach for real-time DDoS attack detection and mitigation. IEEE Trans. Netw. Serv. Manag. (2020). https://doi.org/10.1109/TNSM.2020.3048265

    Article  Google Scholar 

  37. Bülbül, N.S., Fischer, M.: SDN/NFV-based DDoS mitigation via pushback. In: ICC 2020–2020 IEEE International Conference on Communications (ICC), pp. 1–6 (2020). https://doi.org/10.1109/ICC40277.2020.9148717

  38. Zhang, M., Shi, L., Sisodia, D., Li, J., Reiher, P.: On multi-point, in-network filtering of distributed denial-of-service traffic. In: 2019 IFIP/IEEE symposium on integrated network and service management (IM), pp. 180–188 (2019)

  39. Mi, Y., Wang, A.: Ml-pushback: Machine learning based pushback defense against DDoS. In: Proceedings of the 15th international conference on emerging networking experiments and technologies. CoNEXT ’19 Companion, pp. 80–81. Association for Computing Machinery, New York, NY, USA (2019). https://doi.org/10.1145/3360468.3368188

  40. Hameed, S., Ahmed Khan, H.: SDN based collaborative scheme for mitigation of DDoS attacks. Future Internet (2018). https://doi.org/10.3390/fi10030023

    Article  Google Scholar 

  41. Marnerides, A., James, C., Schaeffer-Filho, A., Sait, S., Mauthe, A., Murthy, H.: Multi-level network resilience: Traffic analysis, anomaly detection and simulation. ICTACT J. Commun. Technol., Spl. Iss. Next Gen Wireless Netw. App. 2, 345–356 (2011).

    Google Scholar 

  42. Lapolli, A.C., Adilson Marques, J., Gaspary, L.P.: Offloading real-time DDoS attack detection to programmable data planes. In: 2019 IFIP/IEEE symposium on integrated network and service management (IM), pp. 19–27 (2019)

  43. Sivaraman, V., Narayana, S., Rottenstreich, O., Muthukrishnan, S., Rexford, J.: Heavy-hitter detection entirely in the data plane. In: Proceedings of the symposium on SDN research. SOSR’17, pp. 164–176. Association for Computing Machinery, New York, NY, USA (2017). https://doi.org/10.1145/3050220.3063772

  44. Hong, G.-C., Lee, C.-N., Lee, M.-F.: Dynamic threshold for ddos mitigation in SDN environment. In: 2019 Asia-Pacific Signal and Information Processing Association Annual Summit and Conference (APSIPA ASC), pp. 1–7 (2019). https://doi.org/10.1109/APSIPAASC47483.2019.9023229

  45. Kalkan, K., Gür, G., Alagöz, F.: Filtering-based defense mechanisms against DDoS attacks: A survey. IEEE Syst. J. 11(4), 2761–2773 (2017). https://doi.org/10.1109/JSYST.2016.2602848

    Article  Google Scholar 

  46. The P4 language consortium: P4_16 language specification. https://p4.org/p4-spec/docs/P4-16-v1.2.1.pdf. Accessed 2020

  47. Sharafaldin, I., Lashkari, A.H., Hakak, S., Ghorbani, A.A.: Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy. In: 2019 International Carnahan Conference on Security Technology (ICCST), pp. 1–8 (2019). https://doi.org/10.1109/CCST.2019.8888419

Download references

Funding

This study was financed in part by Coordenação de Aperfeiçoamento de Pessoal de Nível Superior−Brasil (CAPES)—Finance Code 001, Fundação de Amparo à Pesquisa do Estado do Rio Grande do Sul (FAPERGS), Conselho Nacional de Desenvolvimento Científico e Tecnológico (CNPq), FAPESP—Brazil (15/24494-8), and Project “Red Temática Ciencia y Tecnología para el Desarrollo (CYTED)” by the Ibero-American Science and Technology Program for Development (under the Grant CYTED 519RT0580).

Author information

Authors and Affiliations

  1. Institute of Informatics, Federal University of Rio Grande do Sul, Av. Bento Gonçalves, 9500, Porto Alegre, 91501-970, Rio Grande do Sul, Brazil

    Libardo Andrey Quintero González, Alberto E. Schaeffer-Filho & Luciano Paschoal Gaspary

  2. Carnegie Mellon University, 5000 Forbes Avenue, Pittsburgh, PA, 15213, USA

    Lucas Castanheira

  3. Data Science Institute, University of Chicago, 5730 South Ellis Avenue, Suite 150, Chicago, IL, 60637, USA

    Jonatas A. Marques

Authors
  1. Libardo Andrey Quintero González
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lucas Castanheira
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jonatas A. Marques
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Alberto E. Schaeffer-Filho
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Luciano Paschoal Gaspary
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

Conceptualization: LAQG, LC, JAM, ASF, LPG; Formal Analysis: LAQG; Funding acquisition: ASF, LPG; Investigation: LAQG, LC; Methodology: LAQG, LC, JAM, ASF, LPG; Project administration: ASF, LPG; Software: LAQG, LC, JAM; Supervision: ASF, LPG; Visualization: LAQG, LC, JAM, ASF, LPG; Writing - original draft: LAQG, LC, JAM, ASF, LPG; Writing - review & editing: LAQG, LC, JAM, ASF, LPG;

Corresponding author

Correspondence to Jonatas A. Marques.

Ethics declarations

Conflict of interest

No competing interests present.

Ethical Approval

Not applicable to this article.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Quintero González, L.A., Castanheira, L., Marques, J.A. et al. Bungee-ML: A Cross-Plane Approach for a Collaborative Defense Against DDoS Attacks. J Netw Syst Manage 31, 77 (2023). https://doi.org/10.1007/s10922-023-09769-6

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10922-023-09769-6

Keywords

Search

Navigation