TY - JOUR
T1 - SmartDefense
T2 - A distributed deep defense against DDoS attacks with edge computing
AU - Myneni, Sowmya
AU - Chowdhary, Ankur
AU - Huang, Dijiang
AU - Alshamrani, Adel
N1 - Funding Information:
Dr. Dijiang Huang received his B.S. degree from Beijing University of Posts and Telecommunications, Beijing, China, and the M.S. and Ph.D. degrees from the University of Missouri Kansas City, Kansas City, MO, USA, 1995, 2001, and 2004, respectively. He is an Associate Professor with the School of Computing Informatics and Decision System Engineering, Arizona State University, Tempe, AZ, USA. His research interests include computer networking, security, and privacy. He is an Associate Editor of the Journal of Network and System Management (JNSM) and an Editor of the IEEE COMMUNICATIONS SURVEYS AND TUTORIALS. He has served as an organizer for many international conferences and workshops. His research was supported by the NSF, ONR, ARO, NATO, and Consortium of Embedded System (CES). He was the recipient of the ONR Young Investigator Program (YIP) Award.
Publisher Copyright:
© 2022 Elsevier B.V.
PY - 2022/5/22
Y1 - 2022/5/22
N2 - The growing number of IoT edge devices have inflicted a change in the cyber-attack space. The DDoS attacks, in particular, have significantly increased in magnitude and intensity. Of the existing DDoS solutions, while the destination-based defense mechanisms incur high false positives due to the seemingly legitimate nature of the attack traffic, defense mechanisms implemented at the source alone do not suffice due to the lack of visibility into ongoing DDoS attacks. This paper proposes a distributed DDoS detection and mitigation framework, SmartDefense, based on edge computing approaches towards detecting and mitigating DDoS attacks at and near the source. By mitigating the DDoS attacks near the source, SmartDefense significantly reduces unnecessary bandwidth otherwise consumed by DDoS traffic going from residential edge networks to the ISP edge network. Furthermore, SmartDefense demonstrates how ISPs can detect botnet devices in their customer's network by having smart edge devices pass attributes that are processed by the botnet detection engine at the provider's edge. The evaluation of this work shows that SmartDefense can improve the detection and mitigation rate, with over 90% of DDoS traffic caught at the source and over 97.5% of remaining DDoS traffic caught at the provider's edge. Our experiments also demonstrate how using a botnet detection engine can further reduce the DDoS traffic by up to 51.95% by facilitating ISPs to detect bot devices in their customers’ edge network.
AB - The growing number of IoT edge devices have inflicted a change in the cyber-attack space. The DDoS attacks, in particular, have significantly increased in magnitude and intensity. Of the existing DDoS solutions, while the destination-based defense mechanisms incur high false positives due to the seemingly legitimate nature of the attack traffic, defense mechanisms implemented at the source alone do not suffice due to the lack of visibility into ongoing DDoS attacks. This paper proposes a distributed DDoS detection and mitigation framework, SmartDefense, based on edge computing approaches towards detecting and mitigating DDoS attacks at and near the source. By mitigating the DDoS attacks near the source, SmartDefense significantly reduces unnecessary bandwidth otherwise consumed by DDoS traffic going from residential edge networks to the ISP edge network. Furthermore, SmartDefense demonstrates how ISPs can detect botnet devices in their customer's network by having smart edge devices pass attributes that are processed by the botnet detection engine at the provider's edge. The evaluation of this work shows that SmartDefense can improve the detection and mitigation rate, with over 90% of DDoS traffic caught at the source and over 97.5% of remaining DDoS traffic caught at the provider's edge. Our experiments also demonstrate how using a botnet detection engine can further reduce the DDoS traffic by up to 51.95% by facilitating ISPs to detect bot devices in their customers’ edge network.
KW - Botnets
KW - Deep neural networks
KW - Distributed Denial of Service (DDoS)
KW - Edge computing
KW - Internet of Things (IoT)
UR - http://www.scopus.com/inward/record.url?scp=85127175832&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85127175832&partnerID=8YFLogxK
U2 - 10.1016/j.comnet.2022.108874
DO - 10.1016/j.comnet.2022.108874
M3 - Article
AN - SCOPUS:85127175832
SN - 1389-1286
VL - 209
JO - Computer Networks
JF - Computer Networks
M1 - 108874
ER -