Litcius/Paper detail

Software defined network-based HTTP flooding attack defender

Reza Mohammadi, Chhagan Lal, Mauro Conti, Lokesh Sharma

2022Computers & Electrical Engineering15 citationsDOIOpen Access PDF

Abstract

In recent years, the explosive growth of the Internet has led to an increment in the number of Distributed Denial of Service (DDoS) attacks. HTTP Flooding is a critical DDoS attack that targets HTTP servers to prohibit users from receiving HTTP services. Moreover, it saturates the link bandwidth and consumes network resources. Because the attack is launched at the application layer, it is difficult to defend against it using current countermeasures such as firewall or Intrusion Prevention System (IPS). In this paper, we propose SHFD, which leverages the Software-Defined Networking (SDN) paradigm to mitigate HTTP flooding attacks. We implement SHFD as a defender module on the SDN controller to detect and mitigate the attack in the first place. Experimental results gathered from Mininet confirm that SHFD brings a significant improvement of 13% in detection time and 29% in the number of blocked malicious flows compared to the state-of-the-art approaches.

Topics & Concepts

Denial-of-service attackFirewall (physics)Flooding (psychology)Computer scienceComputer networkSoftware-defined networkingComputer securityThe InternetServerIntrusion detection systemMalwareSoftwareOperating systemEntropy (arrow of time)Charged black holePsychotherapistExtremal black holePsychologyPhysicsQuantum mechanicsNetwork Security and Intrusion DetectionSoftware-Defined Networks and 5GAdvanced Malware Detection Techniques