<p>With the rapid development of Software-Defined Networking (SDN) technology and its large-scale deployment in scenarios such as 5G core networks and cloud data centers, network flexibility and programmability have been significantly enhanced. However, this has also introduced new threats from covert attacks. Low-Rate Denial of Service (LDoS) attacks deplete SDN control plane resources through periodic microbursts, and their low traffic volume and high realism cause traditional detection methods based on thresholds or traffic statistics to suffer from high false-negative rates, delayed responses, and other limitations. To address this challenge, this paper proposes a hierarchical two-stage (HTS) detection model for LDoS attacks. In the first stage, a lightweight statistical feature-based approach combined with a dual-threshold decision method is employed for rapid traffic classification, enabling the swift identification of potential attacks. In the second stage, a hybrid model (CNN-AGRU), integrating a 1-D Convolutional Neural Network (1-D-CNN) with an attention-based Gated Recurrent Unit (Attention-based GRU), is used for in-depth analysis of suspicious traffic, enhancing both detection accuracy and robustness. Experimental results demonstrate that the proposed model achieves detection accuracy exceeding 99% across three typical LDoS attack scenarios: UDP, TCP, and ICMP. Compared to existing methods, the model shows significant advantages in terms of detection accuracy, false alarm rate, and missed detection rate. Ablation and comparative experiments further validate its effectiveness and superiority, proving that it provides an efficient and reliable solution for LDoS attack detection in SDN environments.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

HTS: A two-stage approach for LDoS attack detection in SDN

  • Junbi Xiao,
  • Yifan Xu,
  • Yuhao Zhou

摘要

With the rapid development of Software-Defined Networking (SDN) technology and its large-scale deployment in scenarios such as 5G core networks and cloud data centers, network flexibility and programmability have been significantly enhanced. However, this has also introduced new threats from covert attacks. Low-Rate Denial of Service (LDoS) attacks deplete SDN control plane resources through periodic microbursts, and their low traffic volume and high realism cause traditional detection methods based on thresholds or traffic statistics to suffer from high false-negative rates, delayed responses, and other limitations. To address this challenge, this paper proposes a hierarchical two-stage (HTS) detection model for LDoS attacks. In the first stage, a lightweight statistical feature-based approach combined with a dual-threshold decision method is employed for rapid traffic classification, enabling the swift identification of potential attacks. In the second stage, a hybrid model (CNN-AGRU), integrating a 1-D Convolutional Neural Network (1-D-CNN) with an attention-based Gated Recurrent Unit (Attention-based GRU), is used for in-depth analysis of suspicious traffic, enhancing both detection accuracy and robustness. Experimental results demonstrate that the proposed model achieves detection accuracy exceeding 99% across three typical LDoS attack scenarios: UDP, TCP, and ICMP. Compared to existing methods, the model shows significant advantages in terms of detection accuracy, false alarm rate, and missed detection rate. Ablation and comparative experiments further validate its effectiveness and superiority, proving that it provides an efficient and reliable solution for LDoS attack detection in SDN environments.