SYNGuard: Dynamic threshold‐based SYN flood attack detection and mitigation in software‐defined networks
Abstract SYN flood attacks (half‐open attacks) have been proven a serious threat to software‐defined networking (SDN)‐enabled infrastructures. A variety of intrusion detection and prevention systems (IDPS) have been introduced for identifying and preventing such security threats, but they often resu...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Wiley
2021-03-01
|
| Series: | IET Networks |
| Subjects: | |
| Online Access: | https://doi.org/10.1049/ntw2.12009 |
| _version_ | 1811291173585682432 |
|---|---|
| author | Mohamed Rahouti Kaiqi Xiong Nasir Ghani Farooq Shaikh |
| author_facet | Mohamed Rahouti Kaiqi Xiong Nasir Ghani Farooq Shaikh |
| author_sort | Mohamed Rahouti |
| collection | DOAJ |
| description | Abstract SYN flood attacks (half‐open attacks) have been proven a serious threat to software‐defined networking (SDN)‐enabled infrastructures. A variety of intrusion detection and prevention systems (IDPS) have been introduced for identifying and preventing such security threats, but they often result in significant performance overhead and response time. Therefore, those existing approaches are inflexible for large‐scale networks and real‐time applications. For this reason, a novel and adaptive threshold‐based kernel‐level intrusion detection and prevention system by leveraging SDN capabilities are proposed. The proposed systems to detect and mitigate the aforementioned threats within an SDN over widely used traditional IDPS technologies, Snort and Zeek, are comparatively examined. The approach is evaluated using a mixture of fundamental adverse attacks and SDN‐specific threats on a real‐world testbed. The experimental results demonstrate the efficacy of the mechanism to detect and mitigate SYN flood attacks within an SDN environment. |
| first_indexed | 2024-04-13T04:24:33Z |
| format | Article |
| id | doaj.art-fe97fb9a8087460bbf10b7ee87856ef0 |
| institution | Directory Open Access Journal |
| issn | 2047-4954 2047-4962 |
| language | English |
| last_indexed | 2024-04-13T04:24:33Z |
| publishDate | 2021-03-01 |
| publisher | Wiley |
| record_format | Article |
| series | IET Networks |
| spelling | doaj.art-fe97fb9a8087460bbf10b7ee87856ef02022-12-22T03:02:35ZengWileyIET Networks2047-49542047-49622021-03-01102768710.1049/ntw2.12009SYNGuard: Dynamic threshold‐based SYN flood attack detection and mitigation in software‐defined networksMohamed Rahouti0Kaiqi Xiong1Nasir Ghani2Farooq Shaikh3Department of Computer and Information Science Fordham University The Bronx New York USAFlorida Center for Cybersecurity University of South Florida Tampa Florida USAFlorida Center for Cybersecurity University of South Florida Tampa Florida USADepartment of Electrical Engineering University of South Florida Tampa Florida USAAbstract SYN flood attacks (half‐open attacks) have been proven a serious threat to software‐defined networking (SDN)‐enabled infrastructures. A variety of intrusion detection and prevention systems (IDPS) have been introduced for identifying and preventing such security threats, but they often result in significant performance overhead and response time. Therefore, those existing approaches are inflexible for large‐scale networks and real‐time applications. For this reason, a novel and adaptive threshold‐based kernel‐level intrusion detection and prevention system by leveraging SDN capabilities are proposed. The proposed systems to detect and mitigate the aforementioned threats within an SDN over widely used traditional IDPS technologies, Snort and Zeek, are comparatively examined. The approach is evaluated using a mixture of fundamental adverse attacks and SDN‐specific threats on a real‐world testbed. The experimental results demonstrate the efficacy of the mechanism to detect and mitigate SYN flood attacks within an SDN environment.https://doi.org/10.1049/ntw2.12009Internetcomputer network securitysoftware defined networking |
| spellingShingle | Mohamed Rahouti Kaiqi Xiong Nasir Ghani Farooq Shaikh SYNGuard: Dynamic threshold‐based SYN flood attack detection and mitigation in software‐defined networks IET Networks Internet computer network security software defined networking |
| title | SYNGuard: Dynamic threshold‐based SYN flood attack detection and mitigation in software‐defined networks |
| title_full | SYNGuard: Dynamic threshold‐based SYN flood attack detection and mitigation in software‐defined networks |
| title_fullStr | SYNGuard: Dynamic threshold‐based SYN flood attack detection and mitigation in software‐defined networks |
| title_full_unstemmed | SYNGuard: Dynamic threshold‐based SYN flood attack detection and mitigation in software‐defined networks |
| title_short | SYNGuard: Dynamic threshold‐based SYN flood attack detection and mitigation in software‐defined networks |
| title_sort | synguard dynamic threshold based syn flood attack detection and mitigation in software defined networks |
| topic | Internet computer network security software defined networking |
| url | https://doi.org/10.1049/ntw2.12009 |
| work_keys_str_mv | AT mohamedrahouti synguarddynamicthresholdbasedsynfloodattackdetectionandmitigationinsoftwaredefinednetworks AT kaiqixiong synguarddynamicthresholdbasedsynfloodattackdetectionandmitigationinsoftwaredefinednetworks AT nasirghani synguarddynamicthresholdbasedsynfloodattackdetectionandmitigationinsoftwaredefinednetworks AT farooqshaikh synguarddynamicthresholdbasedsynfloodattackdetectionandmitigationinsoftwaredefinednetworks |