3D-PM: A ML-powered Probabilistic Detection of DDoS Attacks in P4 Switches
Mecerhed, Ferhat; Benabdallah, Amel; Zeraoulia, Khaled; Benzaid, Chafika (2023-10-02)
IEEE
02.10.2023
F. Mecerhed, A. Benabdallah, K. Zeraoulia and C. Benzaïd, "3D-PM: A ML-powered Probabilistic Detection of DDoS Attacks in P4 Switches," 2023 IEEE International Mediterranean Conference on Communications and Networking (MeditCom), Dubrovnik, Croatia, 2023, pp. 80-85, doi: 10.1109/MeditCom58224.2023.10266635
https://rightsstatements.org/vocab/InC/1.0/
© 2023 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
https://rightsstatements.org/vocab/InC/1.0/
© 2023 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
https://rightsstatements.org/vocab/InC/1.0/
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:oulu-202401181321
https://urn.fi/URN:NBN:fi:oulu-202401181321
Tiivistelmä
Abstract
The Software-Defined Networking (SDN) technology has revolutionized network management and automation, enabling more efficient and centralized controls. However, network security and availability are threatened by DDoS attacks in SDN environments. During these attacks, the network can become overwhelmed with traffic, making the controller overloaded and unresponsive. Consequently, SDN networks require effective DDoS detection and mitigation solutions. In this paper, we propose a novel approach that leverages the potential of programmable data planes and machine learning to empower intelligent DDoS detection at line-rate. Our proposal involves securing SDN networks using machine learning and programmable switches. We call this solution "Data-Plane DDoS Attack Detection Based on P4 Switches and Machine Learning" or 3D-PM. To detect flooding attacks, we considered multiple machine learning models that are trained and tested on unique datasets gathered from realistic traffic. These datasets are then balanced using a variable sampling method to ensure unbiased and robust model training. Our evaluation revealed that the Random Forest model performed exceptionally well with an accuracy of 98.95%, highlighting its effectiveness as a resource-efficient solution. 3D-PM aim to detect attacks directly at the data plane using the P4 language, relieving controller overload and allowing direct detection at the data plane.
The Software-Defined Networking (SDN) technology has revolutionized network management and automation, enabling more efficient and centralized controls. However, network security and availability are threatened by DDoS attacks in SDN environments. During these attacks, the network can become overwhelmed with traffic, making the controller overloaded and unresponsive. Consequently, SDN networks require effective DDoS detection and mitigation solutions. In this paper, we propose a novel approach that leverages the potential of programmable data planes and machine learning to empower intelligent DDoS detection at line-rate. Our proposal involves securing SDN networks using machine learning and programmable switches. We call this solution "Data-Plane DDoS Attack Detection Based on P4 Switches and Machine Learning" or 3D-PM. To detect flooding attacks, we considered multiple machine learning models that are trained and tested on unique datasets gathered from realistic traffic. These datasets are then balanced using a variable sampling method to ensure unbiased and robust model training. Our evaluation revealed that the Random Forest model performed exceptionally well with an accuracy of 98.95%, highlighting its effectiveness as a resource-efficient solution. 3D-PM aim to detect attacks directly at the data plane using the P4 language, relieving controller overload and allowing direct detection at the data plane.
Kokoelmat
- Avoin saatavuus [38865]