SYNGuard: Dynamic threshold‐based SYN flood attack detection and mitigation in software‐defined networks

Artigo Acesso aberto Revisado por pares

SYNGuard: Dynamic threshold‐based SYN flood attack detection and mitigation in software‐defined networks

2021; Volume: 10; Issue: 2 Linguagem: Inglês

10.1049/ntw2.12009

ISSN

2047-4962

Autores

Mohamed Rahouti, Kaiqi Xiong, Nasir Ghani, Mohd. Farooq Shaikh,

Tópico(s)

Advanced Malware Detection Techniques

Resumo

SYN flood attacks (half-open attacks) have been proven a serious threat to software-defined networking (SDN)-enabled infrastructures. A variety of intrusion detection and prevention systems (IDPS) have been introduced for identifying and preventing such security threats, but they often result in significant performance overhead and response time. Therefore, those existing approaches are inflexible for large-scale networks and real-time applications. For this reason, a novel and adaptive threshold-based kernel-level intrusion detection and prevention system by leveraging SDN capabilities are proposed. The proposed systems to detect and mitigate the aforementioned threats within an SDN over widely used traditional IDPS technologies, Snort and Zeek, are comparatively examined. The approach is evaluated using a mixture of fundamental adverse attacks and SDN-specific threats on a real-world testbed. The experimental results demonstrate the efficacy of the mechanism to detect and mitigate SYN flood attacks within an SDN environment.

Ver no editor

Altmetric

PlumX

Entrar

Lembrar minha senha

Receber meu e-mail de confirmação

SYNGuard: Dynamic threshold‐based SYN flood attack detection and mitigation in software‐defined networks