Skip to main content
SpringerLink
Log in

P4httpGuard: detection and prevention of slow-rate DDoS attacks using machine learning techniques in P4 switch

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

Software Defined Networks (SDNs) offer a comprehensive network view by separating the control plane from the data plane. However, SDNs are vulnerable to Distributed Denial of Service (DDoS), a dangerous attack that depletes resources, preventing service delivery. Among the DDoS attacks, the HTTP slow-rate DDoS attack is particularly critical, targeting web servers with slow or incomplete requests. Significant efforts have been made in the last few years to improve DDoS attack detection in SDNs, leading to the proposal of several detection techniques. In an effort to address these current constraints, scientists have concentrated on leveraging the computational capabilities of data plane devices. Notably, in this context, Programming Protocol-independent Packet Processors (P4) have become an important technology closely linked to the data plane components of SDN. The use of new detection techniques through the use of P4-equipped data planes for DDoS detection methods has the potential to reduce the computational load on the controller. This research paper analyzes detection system components and introduces P4httpGuard,a detection mechanism that employs machine learning (ML) techniques in conjunction with P4 switches to identify slow-rate DDoS attacks within SDNs. The model uses P4 switches programmable capabilities to enhance detection while reducing controller computational overhead. The model has been evaluated for performance metrics like detection time, bandwidth consumption, and CPU usage. The results from the implementation of our mechanism demonstrate a notable 60-second improvement in detection time, an 81.89% reduction in bandwidth consumption, and a 25.96% decrease in controller CPU overhead, in compare to the Openflow method. These findings underscore the significant impact of integrating the P4 data plane and programmable targets in substantially enhancing the efficiency of slow-rate DDoS attack detection within SDN.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Algorithm 1
Algorithm 2
Algorithm 3
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

Data availability

Enquiries about data availability should be directed to the authors.

References

  1. Chica, J.C.C., Imbachi, J.C., Vega, J.F.B.: Security in sdn: a comprehensive survey. J. Netw. Comput. Appl. 159, 102–595 (2020)

    Google Scholar 

  2. Kaur, S., Kumar, K., Aggarwal, N.: A review on p4-programmable data planes: Architecture, research efforts, and future directions. Comput. Commun. 170, 109–129 (2021)

    Article  Google Scholar 

  3. Dong, S., Abbas, K., Jain, R.: A survey on distributed denial of service (ddos) attacks in sdn and cloud computing environments. IEEE Access 7, 813–828 (2019)

    Google Scholar 

  4. “Bmv2 github.” (2015). Available: https://github.com/p4lang/behavioral-model. Accessed 02 July 2023

  5. “Behavioral model v2.” (2023). Available: http://bmv2.org/index.html. Accessed 02 July 2023

  6. open networking foundation.: Onos controller. (2023). Available: https://opennetworking.org/ONOS. Accessed 02 July 2023

  7. Onos.: (2020). Available: https://wiki.onosproject.org. Accessed 02 July 2023

  8. Consortium, P.L.: P4 documentation. (2017). Available: https://p4.org/p4-spec/docs/P4-16-v1.0.0-spec.html. Accessed 02 July 2023

  9. Bhattacharyya, D.K., Kalita, J.K.: DDoS Attacks: Evolution, Detection, Prevention, Reaction, and Tolerance. CRC Press, Boca Raton (2016)

    Book  Google Scholar 

  10. for Cybersecurity, C.I.: Cic-dos2017 dataset. (2017). Available: https://www.unb.ca/cic/datasets/dos-dataset.html. Accessed 02 July 2023

  11. Alpaydin, E.: Introduction to Machine Learning. MIT Press, Cambridge (2020)

    Google Scholar 

  12. Scikit-Learn.: Decision trees. (2023). Available: https://scikit-learn.org/stable/modules/tree.html#tree. Accessed 02 July 2023

  13. Scikit-Learn.: Decision trees. (2023). Available: https://scikit-learn.org/stable/modules/tree.html#tree-algorithms-id3-c4-5-c5-0-and-cart. Accessed 02 July 2023

  14. Scikit-Learn.: Forests of randomized trees. (2023). Available: https://scikit-learn.org/stable/modules/ensemble.html#random-forests. Accessed 02 July 2023

  15. Badotra, S., Panda, S.N.: Snort based early ddos detection system using opendaylight and open networking operating system in software defined networking. Clust. Comput. 24, 501–513 (2021)

    Article  Google Scholar 

  16. Al-Duwairi, B., Al-Kahla, W., AlRefai, M.A., Abedalqader, Y., Rawash, A., Fahmawi, R.: Siem-based detection and mitigation of iot-botnet ddos attacks. Int. J. Electr. Comput. Eng. 10(2), 2182 (2020)

    Google Scholar 

  17. Mohammadi, R., Conti, M., Lal, C., Kulhari, S.C.: Syn-guard: An effective counter for syn flooding attack in software-defined networking. Int. J. Commun. Syst. 32(17), e4061 (2019)

    Article  Google Scholar 

  18. da SilveiraI lha, A., Lapolli, C., Marques, J.A., Gaspary, L.P.: Euclid: a fully in-network, p4-based approach for real-time ddos attack detection and mitigation. IEEE Trans. Netw. Serv. Manage. 18(3), 3121–3139 (2020)

    Google Scholar 

  19. Mahrach, S., Haqiq, A.: Ddos flooding attack mitigation in software defined networks. Int. J. Adv. Comput. Sci. Appl. 1, 11 (2020)

    Google Scholar 

  20. Febro, A., Xiao, H., Spring, J.: Distributed sip ddos defense with p4. In: IEEE Wireless Communications and Networking Conference (WCNC). IEEE 2019, pp. 1–8 (2019)

  21. Khooi, X.Z., Csikor, L., Divakaran, D.M., Kang, M.S.: Dida: Distributed in-network defense architecture against amplified reflection ddos attacks. In: 2020 6th IEEE Conference on Network Softwarization (NetSoft), IEEE, pp. 277–281 (2020)

  22. Friday, K., Kfoury, E., Bou-Harb, E., Crichigno, J.: Towards a unified in-network ddos detection and mitigation strategy. In: 2020 6th IEEE Conference on Network Softwarization (NetSoft), IEEE, pp. 218–226 (2020)

  23. González, L.A.Q., Castanheira, L., Marques, J.A., Schaeffer-Filho, A., Gaspary, L.P.: Bungee: an adaptive pushback mechanism for ddos detection and mitigation in p4 data planes. In: IFIP/IEEE International Symposium on Integrated Network Management (IM). IEEE 2021, pp. 393–401 (2021)

  24. Mohammadi, R., Lal, C., Conti, M.: Httpscout: a machine learning based countermeasure for http flood attacks in sdn. Int. J. Inform. Secur. 22(2), 367–379 (2023)

    Article  Google Scholar 

  25. Santos, R., Souza, D., Santo, W., Ribeiro, A., Moreno, E.: Machine learning algorithms to detect ddos attacks in sdn. Concurr. Comput. 32(16), e5402 (2020)

    Article  Google Scholar 

  26. Perez-Diaz, J.A., Valdovinos, I.A., Choo, K.K.R., Zhu, D.: A flexible sdn-based architecture for identifying and mitigating low-rate ddos attacks using machine learning. IEEE Access 8, 155–859 (2020)

    Article  Google Scholar 

  27. Cheng, H., Liu, J., Xu, T., Ren, B., Mao, J., Zhang, W.: Machine learning based low-rate ddos attack detection for sdn enabled iot networks. Int. J. Sens. Netw. 34(1), 56–69 (2020)

    Article  Google Scholar 

  28. Phan, T.V., Park, M.: Efficient distributed denial-of-service attack defense in sdn-based cloud. IEEE Access 7, 18–701 (2019)

    Article  Google Scholar 

  29. Sahoo, K.S., Tripathy, B.K., Naik, K., et al.: An evolutionary svm model for ddos attack detection in software defined networks. IEEE Access 8, 132–505 (2020)

    Article  Google Scholar 

  30. Musumeci, F., Fidanci, A.C., Paolucci, F., Cugini, F., Tornatore, M.: Machine-learning-enabled ddos attacks detection in p4 programmable networks. J. Netw. Syst. Manage. 30, 1–27 (2022)

    Article  Google Scholar 

  31. Onos wiki.: (2023). Available: https://wiki.onosproject.org/. Accessed 02 July 2023

  32. P4runtime documentation.: (2021), [Online]. Available: https://p4.org/p4-spec/p4runtime/main/P4Runtime-Spec.html. Accessed 02 July 2023

  33. Specification documents for the p4runtime control-plane api.: (2018), Available: https://github.com/p4lang/p4runtime. Accessed 02 July 2023

  34. “Mininet.” (2023). Available: http://mininet.org. Accessed 02 July 2023

  35. Bmv2-simple switch grpc.: (2021). Available: https://github.com/p4lang/behavioral-model/tree/main/targets/simple_switch_grpc. Accessed 02 July 2023

  36. V1model architecture.: (2021). Available: https://github.com/p4lang/p4c/blob/main/p4include/v1model.p4. Accessed: 02 July 2023

  37. P4c compiler. (2021). Available: https://github.com/p4lang/p4c. Accessed 02 July 2023

  38. Slowhttptest.: (2023). Available: https://github.com/shekyan/slowhttptest. Accessed 02 July 2023

  39. Scikit-Learn.: Sk-learn documentation. (2023). Available: https://scikit-learn.org/. Accessed 02 July 2023

  40. Imblearn documentation.: (2023) Available: https://imbalanced-learn.org/stable/references/generated/imblearn.over_sampling.SMOTE.html. Accessed 02 July 2023

  41. Habibi Lashkari, A., Drapper, G., Saiful Islam, M.: Cicflowmeter. (2016). Available: https://github.com/ahlashkari/CICFlowMeter. Accessed 02 July 2023

Download references

Funding

The authors have not disclosed any funding.

Author information

Authors and Affiliations

  1. Department of Computer Engineering, Faculty of Engineering, Bu-Ali Sina University, Hamedan, Iran

    Reza Fallahi Kapourchali, Reza Mohammadi & Mohammad Nassiri

Authors
  1. Reza Fallahi Kapourchali
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Reza Mohammadi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mohammad Nassiri
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Reza Mohammadi.

Ethics declarations

Competing interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kapourchali, R.F., Mohammadi, R. & Nassiri, M. P4httpGuard: detection and prevention of slow-rate DDoS attacks using machine learning techniques in P4 switch. Cluster Comput (2024). https://doi.org/10.1007/s10586-024-04407-5

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10586-024-04407-5

Keywords

Search

Navigation