SYNGuard: Dynamic threshold‐based SYN flood attack detection and mitigation in software‐defined networks

SYNGuard: Dynamic threshold‐based SYN flood attack detection and mitigation in software‐defined networks

Abstract SYN flood attacks (half‐open attacks) have been proven a serious threat to software‐defined networking (SDN)‐enabled infrastructures. A variety of intrusion detection and prevention systems (IDPS) have been introduced for identifying and preventing such security threats, but they often resu...

Full description

Bibliographic Details
Main Authors: Mohamed Rahouti, Kaiqi Xiong, Nasir Ghani, Farooq Shaikh
Format: Article
Language:English
Published: Wiley 2021-03-01
Series:IET Networks
Online Access:https://doi.org/10.1049/ntw2.12009
id doaj-fe97fb9a8087460bbf10b7ee87856ef0
record_format Article
spelling doaj-fe97fb9a8087460bbf10b7ee87856ef02021-08-02T08:25:57ZengWileyIET Networks2047-49542047-49622021-03-01102768710.1049/ntw2.12009SYNGuard: Dynamic threshold‐based SYN flood attack detection and mitigation in software‐defined networksMohamed Rahouti0Kaiqi Xiong1Nasir Ghani2Farooq Shaikh3Department of Computer and Information Science Fordham University The Bronx New York USAFlorida Center for Cybersecurity University of South Florida Tampa Florida USAFlorida Center for Cybersecurity University of South Florida Tampa Florida USADepartment of Electrical Engineering University of South Florida Tampa Florida USAAbstract SYN flood attacks (half‐open attacks) have been proven a serious threat to software‐defined networking (SDN)‐enabled infrastructures. A variety of intrusion detection and prevention systems (IDPS) have been introduced for identifying and preventing such security threats, but they often result in significant performance overhead and response time. Therefore, those existing approaches are inflexible for large‐scale networks and real‐time applications. For this reason, a novel and adaptive threshold‐based kernel‐level intrusion detection and prevention system by leveraging SDN capabilities are proposed. The proposed systems to detect and mitigate the aforementioned threats within an SDN over widely used traditional IDPS technologies, Snort and Zeek, are comparatively examined. The approach is evaluated using a mixture of fundamental adverse attacks and SDN‐specific threats on a real‐world testbed. The experimental results demonstrate the efficacy of the mechanism to detect and mitigate SYN flood attacks within an SDN environment.https://doi.org/10.1049/ntw2.12009
collection DOAJ
language English
format Article
sources DOAJ
author Mohamed Rahouti
Kaiqi Xiong
Nasir Ghani
Farooq Shaikh
spellingShingle Mohamed Rahouti
Kaiqi Xiong
Nasir Ghani
Farooq Shaikh
SYNGuard: Dynamic threshold‐based SYN flood attack detection and mitigation in software‐defined networks
IET Networks
author_facet Mohamed Rahouti
Kaiqi Xiong
Nasir Ghani
Farooq Shaikh
author_sort Mohamed Rahouti
title SYNGuard: Dynamic threshold‐based SYN flood attack detection and mitigation in software‐defined networks
title_short SYNGuard: Dynamic threshold‐based SYN flood attack detection and mitigation in software‐defined networks
title_full SYNGuard: Dynamic threshold‐based SYN flood attack detection and mitigation in software‐defined networks
title_fullStr SYNGuard: Dynamic threshold‐based SYN flood attack detection and mitigation in software‐defined networks
title_full_unstemmed SYNGuard: Dynamic threshold‐based SYN flood attack detection and mitigation in software‐defined networks
title_sort synguard: dynamic threshold‐based syn flood attack detection and mitigation in software‐defined networks
publisher Wiley
series IET Networks
issn 2047-4954
2047-4962
publishDate 2021-03-01
description Abstract SYN flood attacks (half‐open attacks) have been proven a serious threat to software‐defined networking (SDN)‐enabled infrastructures. A variety of intrusion detection and prevention systems (IDPS) have been introduced for identifying and preventing such security threats, but they often result in significant performance overhead and response time. Therefore, those existing approaches are inflexible for large‐scale networks and real‐time applications. For this reason, a novel and adaptive threshold‐based kernel‐level intrusion detection and prevention system by leveraging SDN capabilities are proposed. The proposed systems to detect and mitigate the aforementioned threats within an SDN over widely used traditional IDPS technologies, Snort and Zeek, are comparatively examined. The approach is evaluated using a mixture of fundamental adverse attacks and SDN‐specific threats on a real‐world testbed. The experimental results demonstrate the efficacy of the mechanism to detect and mitigate SYN flood attacks within an SDN environment.
url https://doi.org/10.1049/ntw2.12009
work_keys_str_mv AT mohamedrahouti synguarddynamicthresholdbasedsynfloodattackdetectionandmitigationinsoftwaredefinednetworks
AT kaiqixiong synguarddynamicthresholdbasedsynfloodattackdetectionandmitigationinsoftwaredefinednetworks
AT nasirghani synguarddynamicthresholdbasedsynfloodattackdetectionandmitigationinsoftwaredefinednetworks
AT farooqshaikh synguarddynamicthresholdbasedsynfloodattackdetectionandmitigationinsoftwaredefinednetworks
_version_ 1721238340112482304

Similar Items