Litcius/Paper detail

A Low-Rate DoS Attack Mitigation Scheme Based on Port and Traffic State in SDN

Dan Tang, Rui Dai, Chenguang Zuo, Jingwen Chen, Keqin Li, Zheng Qin

2025IEEE Transactions on Computers39 citationsDOI

Abstract

Low-rate Denial of Service (DoS) attacks can significantly compromise network availability and are difficult to detect and mitigate due to their stealthy exploitation of flaws in congestion control mechanisms. Software-Defined Networking (SDN) is a revolutionary architecture that decouples network control from packet forwarding, emerging as a promising solution for defending against low-rate DoS attacks. In this paper, we propose Trident, a low-rate DoS attack mitigation scheme based on port and traffic state in SDN. Specifically, we design a multi-step strategy to monitor switch states. First, Trident identifies switches suspected of suffering from low-rate DoS attacks through port state detection. Then, it monitors the traffic state of switches with abnormal port states. Once a switch is identified as suffering from an attack, Trident analyzes the flow information to pinpoint the malicious flow. Finally, Trident issues rules to the switch's flow table to block the malicious flow, effectively mitigating the attack. We prototype Trident on the Mininet platform and conduct experiments using a real-world topology to evaluate its performance. The experiments show that Trident can accurately and robustly detect low-rate DoS attacks, respond quickly to mitigate them, and maintain low overhead.

Topics & Concepts

Computer scienceScheme (mathematics)Computer networkPort (circuit theory)State (computer science)AlgorithmElectronic engineeringEngineeringMathematicsMathematical analysisSoftware-Defined Networks and 5GNetwork Security and Intrusion DetectionSmart Grid Security and Resilience