Physical Assessment of an SDN-Based Security Framework for DDoS Attack Mitigation: Introducing the SDN-SlowRate-DDoS Dataset
Slow-read Distributed Denial of Service (DDoS) attacks are complex to detect and mitigate. Although existing tools allow one to identify these attacks, these tools mainly generate alerts. However, in real scenarios, a large number of attack detection alerts will put the security workforce in a bottl...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2023-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/10121771/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850246240387727360 |
|---|---|
| author | Noe M. Yungaicela-Naula Cesar Vargas-Rosales Jesus Arturo Perez-Diaz Eduardo Jacob Carlos Martinez-Cagnazzo |
| author_facet | Noe M. Yungaicela-Naula Cesar Vargas-Rosales Jesus Arturo Perez-Diaz Eduardo Jacob Carlos Martinez-Cagnazzo |
| author_sort | Noe M. Yungaicela-Naula |
| collection | DOAJ |
| description | Slow-read Distributed Denial of Service (DDoS) attacks are complex to detect and mitigate. Although existing tools allow one to identify these attacks, these tools mainly generate alerts. However, in real scenarios, a large number of attack detection alerts will put the security workforce in a bottleneck, as they will not be able to implement mitigation actions in a complete and timely manner. Furthermore, since most existing security solutions for DDoS attack mitigation are tested using datasets and simulated scenarios, their applicability to production networks could be unfeasible or ineffective due to possibly incomplete assumptions in their design. Therefore, automated security solutions against DDoS attacks are needed not only to be designed but also to be implemented and evaluated in real scenarios. This study presents a Software-Defined Networking (SDN)-based security framework, which automates the monitoring, detection, and mitigation of slow-rate DDoS attacks. The framework is implemented in a physical network that uses equipment from the European Experimental Facility Smart Networks for Industry (SN4I). The results demonstrate that the framework effectively mitigates malicious connections, with a mitigation efficiency between 91.66%– 100% for different conditions of the number of attackers and victims. In addition, the SDN-SlowRate-DDoS dataset is presented, which contains multiple experiments of slow-rate DDoS attacks performed on the real testbed. The resources provided in this security dataset are useful to the scientific and industry communities in designing and testing realistic solutions for intrusion detection systems. |
| format | Article |
| id | doaj-art-67cff276d3a944e6b6c7a0141fbe978f |
| institution | OA Journals |
| issn | 2169-3536 |
| language | English |
| publishDate | 2023-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-67cff276d3a944e6b6c7a0141fbe978f2025-08-20T01:59:14ZengIEEEIEEE Access2169-35362023-01-0111468204683110.1109/ACCESS.2023.327457710121771Physical Assessment of an SDN-Based Security Framework for DDoS Attack Mitigation: Introducing the SDN-SlowRate-DDoS DatasetNoe M. Yungaicela-Naula0https://orcid.org/0000-0002-3131-0672Cesar Vargas-Rosales1https://orcid.org/0000-0003-1770-471XJesus Arturo Perez-Diaz2https://orcid.org/0000-0002-7678-5487Eduardo Jacob3https://orcid.org/0000-0001-7093-0586Carlos Martinez-Cagnazzo4Tecnologico de Monterrey, School of Engineering and Sciences, Monterrey, MexicoTecnologico de Monterrey, School of Engineering and Sciences, Monterrey, MexicoTecnologico de Monterrey, School of Engineering and Sciences, Monterrey, MexicoFaculty of Engineering, University of the Basque Country UPV/EHU, Bilbao, SpainLACNIC, Technology Management, Montevideo, UruguaySlow-read Distributed Denial of Service (DDoS) attacks are complex to detect and mitigate. Although existing tools allow one to identify these attacks, these tools mainly generate alerts. However, in real scenarios, a large number of attack detection alerts will put the security workforce in a bottleneck, as they will not be able to implement mitigation actions in a complete and timely manner. Furthermore, since most existing security solutions for DDoS attack mitigation are tested using datasets and simulated scenarios, their applicability to production networks could be unfeasible or ineffective due to possibly incomplete assumptions in their design. Therefore, automated security solutions against DDoS attacks are needed not only to be designed but also to be implemented and evaluated in real scenarios. This study presents a Software-Defined Networking (SDN)-based security framework, which automates the monitoring, detection, and mitigation of slow-rate DDoS attacks. The framework is implemented in a physical network that uses equipment from the European Experimental Facility Smart Networks for Industry (SN4I). The results demonstrate that the framework effectively mitigates malicious connections, with a mitigation efficiency between 91.66%– 100% for different conditions of the number of attackers and victims. In addition, the SDN-SlowRate-DDoS dataset is presented, which contains multiple experiments of slow-rate DDoS attacks performed on the real testbed. The resources provided in this security dataset are useful to the scientific and industry communities in designing and testing realistic solutions for intrusion detection systems.https://ieeexplore.ieee.org/document/10121771/Datasetdeep learningslow-rate DDoSsoftware defined networking (SDN)intrusion detection system (IDS)intrusion prevention system (IPS) |
| spellingShingle | Noe M. Yungaicela-Naula Cesar Vargas-Rosales Jesus Arturo Perez-Diaz Eduardo Jacob Carlos Martinez-Cagnazzo Physical Assessment of an SDN-Based Security Framework for DDoS Attack Mitigation: Introducing the SDN-SlowRate-DDoS Dataset IEEE Access Dataset deep learning slow-rate DDoS software defined networking (SDN) intrusion detection system (IDS) intrusion prevention system (IPS) |
| title | Physical Assessment of an SDN-Based Security Framework for DDoS Attack Mitigation: Introducing the SDN-SlowRate-DDoS Dataset |
| title_full | Physical Assessment of an SDN-Based Security Framework for DDoS Attack Mitigation: Introducing the SDN-SlowRate-DDoS Dataset |
| title_fullStr | Physical Assessment of an SDN-Based Security Framework for DDoS Attack Mitigation: Introducing the SDN-SlowRate-DDoS Dataset |
| title_full_unstemmed | Physical Assessment of an SDN-Based Security Framework for DDoS Attack Mitigation: Introducing the SDN-SlowRate-DDoS Dataset |
| title_short | Physical Assessment of an SDN-Based Security Framework for DDoS Attack Mitigation: Introducing the SDN-SlowRate-DDoS Dataset |
| title_sort | physical assessment of an sdn based security framework for ddos attack mitigation introducing the sdn slowrate ddos dataset |
| topic | Dataset deep learning slow-rate DDoS software defined networking (SDN) intrusion detection system (IDS) intrusion prevention system (IPS) |
| url | https://ieeexplore.ieee.org/document/10121771/ |
| work_keys_str_mv | AT noemyungaicelanaula physicalassessmentofansdnbasedsecurityframeworkforddosattackmitigationintroducingthesdnslowrateddosdataset AT cesarvargasrosales physicalassessmentofansdnbasedsecurityframeworkforddosattackmitigationintroducingthesdnslowrateddosdataset AT jesusarturoperezdiaz physicalassessmentofansdnbasedsecurityframeworkforddosattackmitigationintroducingthesdnslowrateddosdataset AT eduardojacob physicalassessmentofansdnbasedsecurityframeworkforddosattackmitigationintroducingthesdnslowrateddosdataset AT carlosmartinezcagnazzo physicalassessmentofansdnbasedsecurityframeworkforddosattackmitigationintroducingthesdnslowrateddosdataset |