The growing number of IoT edge devices have inflicted a change in the cyber-attack space. The DDoS attacks, in particular, have significantly increased in magnitude and intensity. Of the existing DDoS solutions, while the destination-based defense mechanisms incur high false positives due to the seemingly legitimate nature of the attack traffic, defense mechanisms implemented at the source alone do not suffice due to the lack of visibility into ongoing DDoS attacks. This paper proposes a distributed DDoS detection and mitigation framework, SmartDefense, based on edge computing approaches towards detecting and mitigating DDoS attacks at and near the source. By mitigating the DDoS attacks near the source, SmartDefense significantly reduces unnecessary bandwidth otherwise consumed by DDoS traffic going from residential edge networks to the ISP edge network. Furthermore, SmartDefense demonstrates how ISPs can detect botnet devices in their customer's network by having smart edge devices pass attributes that are processed by the botnet detection engine at the provider's edge. The evaluation of this work shows that SmartDefense can improve the detection and mitigation rate, with over 90% of DDoS traffic caught at the source and over 97.5% of remaining DDoS traffic caught at the provider's edge. Our experiments also demonstrate how using a botnet detection engine can further reduce the DDoS traffic by up to 51.95% by facilitating ISPs to detect bot devices in their customers’ edge network.
- Deep neural networks
- Distributed Denial of Service (DDoS)
- Edge computing
- Internet of Things (IoT)
ASJC Scopus subject areas
- Computer Networks and Communications