Abstract
Network services and applications are targeted by different types of attacks on a daily basis. One of the most common and devastating types is Distributed Denial of Service (DDoS) attacks. Considering the emergence of data plane programmability, in this paper, we propose Bungee-ML, an innovative, hybrid approach that combines the fast processing speed of the data plane and the high capacity and intelligence of the control plane to mitigate DDoS attacks. Bungee-ML continuously monitors traffic at the data plane to detect traffic anomalies and supplies machine learning models (running in the control plane) with inputs to perform in-depth traffic analysis. We refer to this as vertical cooperation. Additionally, our approach progressively pushes back malicious traffic farther away from the victim through horizontal mitigation coordination between forwarding devices. Our evaluation of a P4-built prototype demonstrates that Bungee-ML is highly accurate in identifying and mitigating sources of attack due to the vertical cooperation and has a low resource footprint. Furthermore, our pushback strategy saves network bandwidth by mitigating non-legitimate traffic closer to its sources.
Similar content being viewed by others
References
Dong, S., Abbas, K., Jain, R.: A survey on distributed denial of service (DDoS) attacks in SDN and cloud computing environments. IEEE Access 7, 80813–80828 (2019)
NETSCOUT Arbor’s ATLAS: 14th annual Worldwide Infrastructure Security Report (WISR). https://www.netscout.com/report/. Accessed 2019
Porter, J.: Telegram blames China for ‘powerful DDoS attack’ during Hong Kong protests. https://www.theverge.com/2019/6/13/18677282/telegram-ddos-attack-china-hong-kong-protest-pavel-durov-state-actor-sized-cyberattack. Accessed 2019
Kupreev, O., Badovskaya, E., Gutnikov, A.: DDoS attacks in Q2 2020. https://securelist.com/ddos-attacks-in-q2-2020/98077/. Accessed 2020
Amazon: Amazon page speed study. https://www.contentkingapp.com/academy/page-speed-resources/faq/amazon-page-speed-study/. Accessed 24 Sept 2021
Amazon: Amazon prime day outage. https://tamebay.com/2018/07/amazon-invited-ddos-attack-on-prime-day.html. Accessed 24 Sept 2021
Bhardwaj, A., Subrahmanyam, G., Avasthi, V., Sastry, H., Goundar, S.: DDoS attacks, new ddos taxonomy and mitigation solutions-a survey. In: 2016 International conference on Signal Processing, Communication, Power and Embedded System (SCOPES), pp. 793–798 (2016). IEEE
Ding, D., Savi, M., Siracusa, D.: Tracking normalized network traffic entropy to detect DDoS attacks in p4. IEEE Trans. Dependable Secure Comput. (2021). https://doi.org/10.1109/TDSC.2021.3116345
Kamboj, P., Trivedi, M.C., Yadav, V.K., Singh, V.K.: Detection techniques of DDoS attacks: A survey. In: 2017 4th IEEE Uttar Pradesh section international conference on electrical, computer and electronics (UPCON), pp. 675–679 (2017). https://doi.org/10.1109/UPCON.2017.8251130
Varalakshmi, I., Thenmozhi, M., Sasi, R.: Detection of distributed denial of service attack in an internet of things environment—A review. In: 2021 international conference on system, computation, automation and networking (ICSCAN), pp. 1–6 (2021). https://doi.org/10.1109/ICSCAN53069.2021.9526378
Kousar, H., Mulla, M.M., Shettar, P., Narayan, D.G.: Detection of DDoS attacks in software defined network using decision tree. In: 2021 10th IEEE international conference on Communication Systems and Network Technologies (CSNT), pp. 783–788 (2021). https://doi.org/10.1109/CSNT51715.2021.9509634
Macías, S.G., Gaspary, L.P., Botero, J.F.: Oracle: An architecture for collaboration of data and control planes to detect DDoS attacks. In: 2021 IFIP/IEEE international symposium on integrated network management (IM), pp. 962–967 (2021)
Santos da Silva, A., Wickboldt, J.A., Granville, L.Z., Schaeffer-Filho, A.: Atlantic: A framework for anomaly traffic detection, classification, and mitigation in SDN. In: NOMS 2016–2016 IEEE/IFIP network operations and management symposium, pp. 27–35 (2016)
Agrawal, N., Tapaswi, S.: Defense mechanisms against DDoS attacks in a cloud computing environment: State-of-the-art and research challenges. IEEE Commun. Surv. Tutor. (2019). https://doi.org/10.1109/COMST.2019.2934468
Sangodoyin, A.O., Akinsolu, M.O., Pillai, P., Grout, V.: Detection and classification of DDoS flooding attacks on software-defined networks: A case study for the application of machine learning. IEEE Access 9, 122495–122508 (2021). https://doi.org/10.1109/ACCESS.2021.3109490
Li, G., Zhang, M., Liu, C., Kong, X., Chen, A., Gu, G., Duan, H.: Nethcf: Enabling line-rate and adaptive spoofed IP traffic filtering. In: 2019 IEEE 27th International Conference on Network Protocols (ICNP), pp. 1–12 (2019)
Alsadi, A., Berardi, D., Callegati, F., Melis, A., Prandini, M.: A security monitoring architecture based on data plane programmability. In: 2021 joint European conference on networks and communications 6G summit (EuCNC/6G summit), pp. 389–394 (2021). https://doi.org/10.1109/EuCNC/6GSummit51104.2021.9482549
Dimolianis, M., Pavlidis, A., Maglaris, V.: Signature-based traffic classification and mitigation for DDoS attacks using programmable network data planes. IEEE Access (2021). https://doi.org/10.1109/ACCESS.2021.3104115
Febro, A., Xiao, H., Spring, J.: Distributed sip DDoS defense with p4. In: 2019 IEEE Wireless Communications and Networking Conference (WCNC), pp. 1–8 (2019)
Kaljic, E., Maric, A., Njemcevic, P.: Dos attack mitigation in SDN networks using a deeply programmable packet-switching node based on a hybrid FPGA/CPU data plane architecture. In: 2019 XXVII International Conference on Information, Communication and Automation Technologies (ICAT), pp. 1–6 (2019). https://doi.org/10.1109/ICAT47117.2019.8938862
Narayanan, N., Sankaran, G.C., Sivalingam, K.M.: Mitigation of security attacks in the SDN data plane using p4-enabled switches. In: 2019 IEEE international conference on Advanced Networks and Telecommunications Systems (ANTS), pp. 1–6 (2019). https://doi.org/10.1109/ANTS47819.2019.9118071
Bosshart, P., Daly, D., Gibb, G., Izzard, M., McKeown, N., Rexford, J., Schlesinger, C., Talayco, D., Vahdat, A., Varghese, G., Walker, D.: P4: Programming protocol-independent packet processors. SIGCOMM Comput. Commun. Rev. 44(3), 87–95 (2014). https://doi.org/10.1145/2656877.2656890
González, L.A.Q., Castanheira, L., Marques, J.A., Schaeffer-Filho, A., Gaspary, L.P.: Bungee: An adaptive pushback mechanism for DDoS detection and mitigation in p4 data planes. In: 2021 IFIP/IEEE international symposium on integrated network management (IM), pp. 393–401 (2021)
Paolucci, F., Civerchia, F., Sgambelluri, A., Giorgetti, A., Cugini, F., Castoldi, P.: P4 edge node enabling stateful traffic engineering and cyber security. IEEE/OSA J. Opt. Commun. Networking 11(1), 84–95 (2019)
Kfoury, E.F., Crichigno, J., Bou-Harb, E.: An exhaustive survey on p4 programmable data plane switches: Taxonomy, applications, challenges, and future trends. IEEE Access 9, 87094–87155 (2021). https://doi.org/10.1109/ACCESS.2021.3086704
Hauser, F., Häberle, M., Merling, D., Lindner, S., Gurevich, V., Zeiger, F., Frank, R., Menth, M.: A survey on data plane programming with p4: Fundamentals, advances, and applied research. ArXiv abs/2101.10632 (2021)
Musumeci, F., Ionata, V., Paolucci, F., Cugini, F., Tornatore, M.: Machine-learning-assisted ddos attack detection with p4 language. In: ICC 2020 - 2020 IEEE International Conference on Communications (ICC), pp. 1–6 (2020). https://doi.org/10.1109/ICC40277.2020.9149043
Arshi, M., Nasreen, M., Madhavi, K.: A survey of DDoS attacks using machine learning techniques. E3S Web Conf 184, 01052 (2020). https://doi.org/10.1051/e3sconf/202018401052
Wehbi, K., Hong, L., Al-salah, T., Bhutta, A.A.: A survey on machine learning based detection on ddos attacks for IoT systems. In: 2019 SoutheastCon, pp. 1–6 (2019). https://doi.org/10.1109/SoutheastCon42311.2019.9020468
Raghunath, K., Krishnan, P.: Towards a secure SDN architecture. In: 2018 9th International Conference on Computing, Communication and Networking Technologies (ICCCNT), pp. 1–7 (2018). https://doi.org/10.1109/ICCCNT.2018.8494043
Bawany, N.Z., Shamsi, J.A., Salah, K.: DDoS attack detection and mitigation using SDN: Methods, practices, and solutions. Arab. J. Sci. Eng. 42(2), 425–441 (2017). https://doi.org/10.1007/s13369-017-2414-5
Zhang, M., Li, G., Wang, S., Liu, C., Chen, A., Hu, H., Gu, G., Li, Q., Xu, M., Wu, J.: Poseidon: Mitigating volumetric DDoS attacks with programmable switches. In: NDSS (2020)
Friday, K., Kfoury, E., Bou-Harb, E., Crichigno, J.: Towards a unified in-network DDoS detection and mitigation strategy. In: 2020 6th IEEE Conference on Network Softwarization (NetSoft), pp. 218–226 (2020). https://doi.org/10.1109/NetSoft48620.2020.9165336
Uddin Nadim, T., Foysal : Towards autonomic entropy based approach for DDoS attack detection and mitigation using software defined networking. In: 2021 international conference on automation, control and mechatronics for industry 4.0 (ACMI), pp. 1–5 (2021). https://doi.org/10.1109/ACMI53878.2021.9528288
Yaegashi, R., Hisano, D., Nakayama, Y.: Light-weight DDoS mitigation at network edge with limited resources. In: 2021 IEEE 18th annual consumer communications networking conference (CCNC), pp. 1–6 (2021). https://doi.org/10.1109/CCNC49032.2021.9369635
Ilha, A.D.S., Lapolli, A.C., Marques, J.A., Gaspary, L.P.: Euclid: A fully in-network, p4-based approach for real-time DDoS attack detection and mitigation. IEEE Trans. Netw. Serv. Manag. (2020). https://doi.org/10.1109/TNSM.2020.3048265
Bülbül, N.S., Fischer, M.: SDN/NFV-based DDoS mitigation via pushback. In: ICC 2020–2020 IEEE International Conference on Communications (ICC), pp. 1–6 (2020). https://doi.org/10.1109/ICC40277.2020.9148717
Zhang, M., Shi, L., Sisodia, D., Li, J., Reiher, P.: On multi-point, in-network filtering of distributed denial-of-service traffic. In: 2019 IFIP/IEEE symposium on integrated network and service management (IM), pp. 180–188 (2019)
Mi, Y., Wang, A.: Ml-pushback: Machine learning based pushback defense against DDoS. In: Proceedings of the 15th international conference on emerging networking experiments and technologies. CoNEXT ’19 Companion, pp. 80–81. Association for Computing Machinery, New York, NY, USA (2019). https://doi.org/10.1145/3360468.3368188
Hameed, S., Ahmed Khan, H.: SDN based collaborative scheme for mitigation of DDoS attacks. Future Internet (2018). https://doi.org/10.3390/fi10030023
Marnerides, A., James, C., Schaeffer-Filho, A., Sait, S., Mauthe, A., Murthy, H.: Multi-level network resilience: Traffic analysis, anomaly detection and simulation. ICTACT J. Commun. Technol., Spl. Iss. Next Gen Wireless Netw. App. 2, 345–356 (2011).
Lapolli, A.C., Adilson Marques, J., Gaspary, L.P.: Offloading real-time DDoS attack detection to programmable data planes. In: 2019 IFIP/IEEE symposium on integrated network and service management (IM), pp. 19–27 (2019)
Sivaraman, V., Narayana, S., Rottenstreich, O., Muthukrishnan, S., Rexford, J.: Heavy-hitter detection entirely in the data plane. In: Proceedings of the symposium on SDN research. SOSR’17, pp. 164–176. Association for Computing Machinery, New York, NY, USA (2017). https://doi.org/10.1145/3050220.3063772
Hong, G.-C., Lee, C.-N., Lee, M.-F.: Dynamic threshold for ddos mitigation in SDN environment. In: 2019 Asia-Pacific Signal and Information Processing Association Annual Summit and Conference (APSIPA ASC), pp. 1–7 (2019). https://doi.org/10.1109/APSIPAASC47483.2019.9023229
Kalkan, K., Gür, G., Alagöz, F.: Filtering-based defense mechanisms against DDoS attacks: A survey. IEEE Syst. J. 11(4), 2761–2773 (2017). https://doi.org/10.1109/JSYST.2016.2602848
The P4 language consortium: P4_16 language specification. https://p4.org/p4-spec/docs/P4-16-v1.2.1.pdf. Accessed 2020
Sharafaldin, I., Lashkari, A.H., Hakak, S., Ghorbani, A.A.: Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy. In: 2019 International Carnahan Conference on Security Technology (ICCST), pp. 1–8 (2019). https://doi.org/10.1109/CCST.2019.8888419
Funding
This study was financed in part by Coordenação de Aperfeiçoamento de Pessoal de Nível Superior−Brasil (CAPES)—Finance Code 001, Fundação de Amparo à Pesquisa do Estado do Rio Grande do Sul (FAPERGS), Conselho Nacional de Desenvolvimento Científico e Tecnológico (CNPq), FAPESP—Brazil (15/24494-8), and Project “Red Temática Ciencia y Tecnología para el Desarrollo (CYTED)” by the Ibero-American Science and Technology Program for Development (under the Grant CYTED 519RT0580).
Author information
Authors and Affiliations
Contributions
Conceptualization: LAQG, LC, JAM, ASF, LPG; Formal Analysis: LAQG; Funding acquisition: ASF, LPG; Investigation: LAQG, LC; Methodology: LAQG, LC, JAM, ASF, LPG; Project administration: ASF, LPG; Software: LAQG, LC, JAM; Supervision: ASF, LPG; Visualization: LAQG, LC, JAM, ASF, LPG; Writing - original draft: LAQG, LC, JAM, ASF, LPG; Writing - review & editing: LAQG, LC, JAM, ASF, LPG;
Corresponding author
Ethics declarations
Conflict of interest
No competing interests present.
Ethical Approval
Not applicable to this article.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Quintero González, L.A., Castanheira, L., Marques, J.A. et al. Bungee-ML: A Cross-Plane Approach for a Collaborative Defense Against DDoS Attacks. J Netw Syst Manage 31, 77 (2023). https://doi.org/10.1007/s10922-023-09769-6
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10922-023-09769-6