TY - GEN
T1 - A sliding window based monitoring scheme to detect and prevent ddos attack in data center networks in a dynamic traffic environment
AU - Maswood, Mirza Mohd Shahriar
AU - Mamun, Md Mainul Islam
AU - Huang, Dijiang
AU - Medhi, Deep
N1 - Funding Information:
Acknowledgement: This work is partially supported by National Science Foundation Grant # 1526299.
PY - 2018/7/2
Y1 - 2018/7/2
N2 - Distributed Denial of Service (DDoS) attack is the most common type of attack faced by today's data centers (DC). Such attacks can have a devastating impact on the system as it consumes resources like network bandwidth, hard disk storage, and CPU processing resources. As a consequence, the legitimate customers face more service blocking due to a major portion of the resources being occupied by the illegitimate traffic generated by the attackers. In this paper, we proposed a novel monitoring scheme based on the sliding window to detect and prevent the DDoS attack in DCs that serve enterprise customers that has low computational complexity. Compared to a benchmark scheme (without attack monitoring and preventing), our scheme ensures service provisioning for the legitimate customers with no false alarm. We also measure the robustness of our scheme in terms of the time taken to detect and prevent attack traffic by varying the traffic intensities of illegitimate traffic. Simulation results show that our scheme can successfully detect the attack even if the attack traffic intensity is not too much higher than the projected legitimate traffic intensity.
AB - Distributed Denial of Service (DDoS) attack is the most common type of attack faced by today's data centers (DC). Such attacks can have a devastating impact on the system as it consumes resources like network bandwidth, hard disk storage, and CPU processing resources. As a consequence, the legitimate customers face more service blocking due to a major portion of the resources being occupied by the illegitimate traffic generated by the attackers. In this paper, we proposed a novel monitoring scheme based on the sliding window to detect and prevent the DDoS attack in DCs that serve enterprise customers that has low computational complexity. Compared to a benchmark scheme (without attack monitoring and preventing), our scheme ensures service provisioning for the legitimate customers with no false alarm. We also measure the robustness of our scheme in terms of the time taken to detect and prevent attack traffic by varying the traffic intensities of illegitimate traffic. Simulation results show that our scheme can successfully detect the attack even if the attack traffic intensity is not too much higher than the projected legitimate traffic intensity.
KW - Data Center Networks
KW - Distributed Denial of Service Attack
KW - Dynamic Traffic Engineering
KW - Service Blocking
UR - http://www.scopus.com/inward/record.url?scp=85067109539&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85067109539&partnerID=8YFLogxK
U2 - 10.1109/SARNOF.2018.8720399
DO - 10.1109/SARNOF.2018.8720399
M3 - Conference contribution
AN - SCOPUS:85067109539
T3 - 2018 IEEE 39th Sarnoff Symposium, Sarnoff 2018
BT - 2018 IEEE 39th Sarnoff Symposium, Sarnoff 2018
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 39th IEEE Sarnoff Symposium, Sarnoff 2018
Y2 - 24 September 2018 through 25 September 2018
ER -