| Popis: |
SYN flooding and UDP flooding are common malicious attacks in networks. The attacks not only consume a large amount of network bandwidth and system resources of the target server but also cause network paralysis. To defend the network against the SYN flooding and UDP flooding, many new defense systems in software-defined networking (SDN) are proposed. However, most of the defense systems are only applicable to the attacks over a specific protocol such as TCP or UDP. In this paper, we therefore propose a widely applicable defense system in P4-based SDN. Through experiments, we show that the proposed defense system can effectively mitigate SYN flooding and UDP flooding. For the SYN flooding, the proposed system can release server's resources six times earlier than the related work after detecting the attack. For the UDP flooding, the proposed defense system can reduce the amount of malicious traffic by approximately two thirds compared to the related work. |
