Abstract
Software Defined Networks (SDNs) offer a comprehensive network view by separating the control plane from the data plane. However, SDNs are vulnerable to Distributed Denial of Service (DDoS), a dangerous attack that depletes resources, preventing service delivery. Among the DDoS attacks, the HTTP slow-rate DDoS attack is particularly critical, targeting web servers with slow or incomplete requests. Significant efforts have been made in the last few years to improve DDoS attack detection in SDNs, leading to the proposal of several detection techniques. In an effort to address these current constraints, scientists have concentrated on leveraging the computational capabilities of data plane devices. Notably, in this context, Programming Protocol-independent Packet Processors (P4) have become an important technology closely linked to the data plane components of SDN. The use of new detection techniques through the use of P4-equipped data planes for DDoS detection methods has the potential to reduce the computational load on the controller. This research paper analyzes detection system components and introduces P4httpGuard,a detection mechanism that employs machine learning (ML) techniques in conjunction with P4 switches to identify slow-rate DDoS attacks within SDNs. The model uses P4 switches programmable capabilities to enhance detection while reducing controller computational overhead. The model has been evaluated for performance metrics like detection time, bandwidth consumption, and CPU usage. The results from the implementation of our mechanism demonstrate a notable 60-second improvement in detection time, an 81.89% reduction in bandwidth consumption, and a 25.96% decrease in controller CPU overhead, in compare to the Openflow method. These findings underscore the significant impact of integrating the P4 data plane and programmable targets in substantially enhancing the efficiency of slow-rate DDoS attack detection within SDN.
Similar content being viewed by others
Data availability
Enquiries about data availability should be directed to the authors.
References
Chica, J.C.C., Imbachi, J.C., Vega, J.F.B.: Security in sdn: a comprehensive survey. J. Netw. Comput. Appl. 159, 102–595 (2020)
Kaur, S., Kumar, K., Aggarwal, N.: A review on p4-programmable data planes: Architecture, research efforts, and future directions. Comput. Commun. 170, 109–129 (2021)
Dong, S., Abbas, K., Jain, R.: A survey on distributed denial of service (ddos) attacks in sdn and cloud computing environments. IEEE Access 7, 813–828 (2019)
“Bmv2 github.” (2015). Available: https://github.com/p4lang/behavioral-model. Accessed 02 July 2023
“Behavioral model v2.” (2023). Available: http://bmv2.org/index.html. Accessed 02 July 2023
open networking foundation.: Onos controller. (2023). Available: https://opennetworking.org/ONOS. Accessed 02 July 2023
Onos.: (2020). Available: https://wiki.onosproject.org. Accessed 02 July 2023
Consortium, P.L.: P4 documentation. (2017). Available: https://p4.org/p4-spec/docs/P4-16-v1.0.0-spec.html. Accessed 02 July 2023
Bhattacharyya, D.K., Kalita, J.K.: DDoS Attacks: Evolution, Detection, Prevention, Reaction, and Tolerance. CRC Press, Boca Raton (2016)
for Cybersecurity, C.I.: Cic-dos2017 dataset. (2017). Available: https://www.unb.ca/cic/datasets/dos-dataset.html. Accessed 02 July 2023
Alpaydin, E.: Introduction to Machine Learning. MIT Press, Cambridge (2020)
Scikit-Learn.: Decision trees. (2023). Available: https://scikit-learn.org/stable/modules/tree.html#tree. Accessed 02 July 2023
Scikit-Learn.: Decision trees. (2023). Available: https://scikit-learn.org/stable/modules/tree.html#tree-algorithms-id3-c4-5-c5-0-and-cart. Accessed 02 July 2023
Scikit-Learn.: Forests of randomized trees. (2023). Available: https://scikit-learn.org/stable/modules/ensemble.html#random-forests. Accessed 02 July 2023
Badotra, S., Panda, S.N.: Snort based early ddos detection system using opendaylight and open networking operating system in software defined networking. Clust. Comput. 24, 501–513 (2021)
Al-Duwairi, B., Al-Kahla, W., AlRefai, M.A., Abedalqader, Y., Rawash, A., Fahmawi, R.: Siem-based detection and mitigation of iot-botnet ddos attacks. Int. J. Electr. Comput. Eng. 10(2), 2182 (2020)
Mohammadi, R., Conti, M., Lal, C., Kulhari, S.C.: Syn-guard: An effective counter for syn flooding attack in software-defined networking. Int. J. Commun. Syst. 32(17), e4061 (2019)
da SilveiraI lha, A., Lapolli, C., Marques, J.A., Gaspary, L.P.: Euclid: a fully in-network, p4-based approach for real-time ddos attack detection and mitigation. IEEE Trans. Netw. Serv. Manage. 18(3), 3121–3139 (2020)
Mahrach, S., Haqiq, A.: Ddos flooding attack mitigation in software defined networks. Int. J. Adv. Comput. Sci. Appl. 1, 11 (2020)
Febro, A., Xiao, H., Spring, J.: Distributed sip ddos defense with p4. In: IEEE Wireless Communications and Networking Conference (WCNC). IEEE 2019, pp. 1–8 (2019)
Khooi, X.Z., Csikor, L., Divakaran, D.M., Kang, M.S.: Dida: Distributed in-network defense architecture against amplified reflection ddos attacks. In: 2020 6th IEEE Conference on Network Softwarization (NetSoft), IEEE, pp. 277–281 (2020)
Friday, K., Kfoury, E., Bou-Harb, E., Crichigno, J.: Towards a unified in-network ddos detection and mitigation strategy. In: 2020 6th IEEE Conference on Network Softwarization (NetSoft), IEEE, pp. 218–226 (2020)
González, L.A.Q., Castanheira, L., Marques, J.A., Schaeffer-Filho, A., Gaspary, L.P.: Bungee: an adaptive pushback mechanism for ddos detection and mitigation in p4 data planes. In: IFIP/IEEE International Symposium on Integrated Network Management (IM). IEEE 2021, pp. 393–401 (2021)
Mohammadi, R., Lal, C., Conti, M.: Httpscout: a machine learning based countermeasure for http flood attacks in sdn. Int. J. Inform. Secur. 22(2), 367–379 (2023)
Santos, R., Souza, D., Santo, W., Ribeiro, A., Moreno, E.: Machine learning algorithms to detect ddos attacks in sdn. Concurr. Comput. 32(16), e5402 (2020)
Perez-Diaz, J.A., Valdovinos, I.A., Choo, K.K.R., Zhu, D.: A flexible sdn-based architecture for identifying and mitigating low-rate ddos attacks using machine learning. IEEE Access 8, 155–859 (2020)
Cheng, H., Liu, J., Xu, T., Ren, B., Mao, J., Zhang, W.: Machine learning based low-rate ddos attack detection for sdn enabled iot networks. Int. J. Sens. Netw. 34(1), 56–69 (2020)
Phan, T.V., Park, M.: Efficient distributed denial-of-service attack defense in sdn-based cloud. IEEE Access 7, 18–701 (2019)
Sahoo, K.S., Tripathy, B.K., Naik, K., et al.: An evolutionary svm model for ddos attack detection in software defined networks. IEEE Access 8, 132–505 (2020)
Musumeci, F., Fidanci, A.C., Paolucci, F., Cugini, F., Tornatore, M.: Machine-learning-enabled ddos attacks detection in p4 programmable networks. J. Netw. Syst. Manage. 30, 1–27 (2022)
Onos wiki.: (2023). Available: https://wiki.onosproject.org/. Accessed 02 July 2023
P4runtime documentation.: (2021), [Online]. Available: https://p4.org/p4-spec/p4runtime/main/P4Runtime-Spec.html. Accessed 02 July 2023
Specification documents for the p4runtime control-plane api.: (2018), Available: https://github.com/p4lang/p4runtime. Accessed 02 July 2023
“Mininet.” (2023). Available: http://mininet.org. Accessed 02 July 2023
Bmv2-simple switch grpc.: (2021). Available: https://github.com/p4lang/behavioral-model/tree/main/targets/simple_switch_grpc. Accessed 02 July 2023
V1model architecture.: (2021). Available: https://github.com/p4lang/p4c/blob/main/p4include/v1model.p4. Accessed: 02 July 2023
P4c compiler. (2021). Available: https://github.com/p4lang/p4c. Accessed 02 July 2023
Slowhttptest.: (2023). Available: https://github.com/shekyan/slowhttptest. Accessed 02 July 2023
Scikit-Learn.: Sk-learn documentation. (2023). Available: https://scikit-learn.org/. Accessed 02 July 2023
Imblearn documentation.: (2023) Available: https://imbalanced-learn.org/stable/references/generated/imblearn.over_sampling.SMOTE.html. Accessed 02 July 2023
Habibi Lashkari, A., Drapper, G., Saiful Islam, M.: Cicflowmeter. (2016). Available: https://github.com/ahlashkari/CICFlowMeter. Accessed 02 July 2023
Funding
The authors have not disclosed any funding.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Competing interest
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Kapourchali, R.F., Mohammadi, R. & Nassiri, M. P4httpGuard: detection and prevention of slow-rate DDoS attacks using machine learning techniques in P4 switch. Cluster Comput (2024). https://doi.org/10.1007/s10586-024-04407-5
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10586-024-04407-5