Physical Assessment of an SDN-Based Security Framework for DDoS Attack Mitigation: Introducing the SDN-SlowRate-DDoS Dataset

Abstract

Read online

Slow-read Distributed Denial of Service (DDoS) attacks are complex to detect and mitigate. Although existing tools allow one to identify these attacks, these tools mainly generate alerts. However, in real scenarios, a large number of attack detection alerts will put the security workforce in a bottleneck, as they will not be able to implement mitigation actions in a complete and timely manner. Furthermore, since most existing security solutions for DDoS attack mitigation are tested using datasets and simulated scenarios, their applicability to production networks could be unfeasible or ineffective due to possibly incomplete assumptions in their design. Therefore, automated security solutions against DDoS attacks are needed not only to be designed but also to be implemented and evaluated in real scenarios. This study presents a Software-Defined Networking (SDN)-based security framework, which automates the monitoring, detection, and mitigation of slow-rate DDoS attacks. The framework is implemented in a physical network that uses equipment from the European Experimental Facility Smart Networks for Industry (SN4I). The results demonstrate that the framework effectively mitigates malicious connections, with a mitigation efficiency between 91.66%– 100% for different conditions of the number of attackers and victims. In addition, the SDN-SlowRate-DDoS dataset is presented, which contains multiple experiments of slow-rate DDoS attacks performed on the real testbed. The resources provided in this security dataset are useful to the scientific and industry communities in designing and testing realistic solutions for intrusion detection systems.

Keywords

• Dataset
• deep learning
• slow-rate DDoS
• software defined networking (SDN)
• intrusion detection system (IDS)
• intrusion prevention system (IPS)