A Low-Rate DoS Attack Mitigation Scheme Based on Port and Traffic State in SDN

Low-rate Denial of Service (DoS) attacks can significantly compromise network availability and are difficult to detect and mitigate due to their stealthy exploitation of flaws in congestion control mechanisms. Software-Defined Networking (SDN) is a revolutionary architecture that decouples network c...

Full description

Saved in:
Bibliographic Details
Published inIEEE transactions on computers Vol. 74; no. 5; pp. 1758 - 1770
Main Authors Tang, Dan, Dai, Rui, Zuo, Chenguang, Chen, Jingwen, Li, Keqin, Qin, Zheng
Format Journal Article
LanguageEnglish
Published IEEE 01.05.2025
Subjects
Accuracy
Attack detection
attack mitigation
Computers
Electronic mail
Fractals
low-rate denial of service attacks
Monitoring
Prevention and mitigation
Software defined networking
Switches
Telecommunication traffic
Threat modeling
Online AccessGet full text

Cover

Abstract Low-rate Denial of Service (DoS) attacks can significantly compromise network availability and are difficult to detect and mitigate due to their stealthy exploitation of flaws in congestion control mechanisms. Software-Defined Networking (SDN) is a revolutionary architecture that decouples network control from packet forwarding, emerging as a promising solution for defending against low-rate DoS attacks. In this paper, we propose Trident, a low-rate DoS attack mitigation scheme based on port and traffic state in SDN. Specifically, we design a multi-step strategy to monitor switch states. First, Trident identifies switches suspected of suffering from low-rate DoS attacks through port state detection. Then, it monitors the traffic state of switches with abnormal port states. Once a switch is identified as suffering from an attack, Trident analyzes the flow information to pinpoint the malicious flow. Finally, Trident issues rules to the switch's flow table to block the malicious flow, effectively mitigating the attack. We prototype Trident on the Mininet platform and conduct experiments using a real-world topology to evaluate its performance. The experiments show that Trident can accurately and robustly detect low-rate DoS attacks, respond quickly to mitigate them, and maintain low overhead.
AbstractList Low-rate Denial of Service (DoS) attacks can significantly compromise network availability and are difficult to detect and mitigate due to their stealthy exploitation of flaws in congestion control mechanisms. Software-Defined Networking (SDN) is a revolutionary architecture that decouples network control from packet forwarding, emerging as a promising solution for defending against low-rate DoS attacks. In this paper, we propose Trident, a low-rate DoS attack mitigation scheme based on port and traffic state in SDN. Specifically, we design a multi-step strategy to monitor switch states. First, Trident identifies switches suspected of suffering from low-rate DoS attacks through port state detection. Then, it monitors the traffic state of switches with abnormal port states. Once a switch is identified as suffering from an attack, Trident analyzes the flow information to pinpoint the malicious flow. Finally, Trident issues rules to the switch's flow table to block the malicious flow, effectively mitigating the attack. We prototype Trident on the Mininet platform and conduct experiments using a real-world topology to evaluate its performance. The experiments show that Trident can accurately and robustly detect low-rate DoS attacks, respond quickly to mitigate them, and maintain low overhead.
Author Zuo, Chenguang
Li, Keqin
Dai, Rui
Tang, Dan
Chen, Jingwen
Qin, Zheng
Author_xml – sequence: 1
  givenname: Dan
  orcidid: 0000-0002-0062-0213
  surname: Tang
  fullname: Tang, Dan
  email: Dtang@hnu.edu.cn
  organization: College of Computer Science and Electronic Engineering (CSEE), Hunan University (HNU), Changsha, China
– sequence: 2
  givenname: Rui
  orcidid: 0000-0003-1974-4731
  surname: Dai
  fullname: Dai, Rui
  email: dairui@hnu.edu.cn
  organization: College of Computer Science and Electronic Engineering (CSEE), Hunan University (HNU), Changsha, China
– sequence: 3
  givenname: Chenguang
  orcidid: 0009-0005-6133-6733
  surname: Zuo
  fullname: Zuo, Chenguang
  email: chenguangzuo@hnu.edu.cn
  organization: College of Computer Science and Electronic Engineering (CSEE), Hunan University (HNU), Changsha, China
– sequence: 4
  givenname: Jingwen
  orcidid: 0000-0002-7275-9273
  surname: Chen
  fullname: Chen, Jingwen
  email: cjw1128@hnu.edu.cn
  organization: College of Computer Science and Electronic Engineering (CSEE), Hunan University (HNU), Changsha, China
– sequence: 5
  givenname: Keqin
  orcidid: 0000-0001-5224-4048
  surname: Li
  fullname: Li, Keqin
  email: lik@newpaltz.edu
  organization: Department of Computer Science, State University of New York, New Paltz, NY, USA
– sequence: 6
  givenname: Zheng
  orcidid: 0000-0003-0877-3887
  surname: Qin
  fullname: Qin, Zheng
  email: zqin@hnu.edu.cn
  organization: College of Computer Science and Electronic Engineering (CSEE), Hunan University (HNU), Changsha, China
BookMark eNpNkMtOwzAQRS1UJNrCmg0L_0DamTh-LUvKSyoFkbCOHMcGA01QYgnx96RqF6yuRrpndHVmZNJ2rSPkEmGBCHpZ5osUUr5gPEPM2AmZIucy0ZqLCZkCoEo0y-CMzIbhAwBECnpKtiu66X6SFxMdXXcFXcVo7Cd9DDG8mRi6lhb23e0cvTaDa-h4P3d9pKZtaNkb74OlRdzDYWyut-fk1JuvwV0cc05eb2_K_D7ZPN095KtNYjETMVHOWwYMrAeJXgqma83qDBWvhVQ8s40QjZBpaiVnjnFllRzneoFGOGNrNifLw1_bd8PQO19992Fn-t8KodrrqMq82uuojjpG4upABOfcv7ZSqWbI_gDtV1qw
CODEN ITCOB4
Cites_doi 10.1109/TDSC.2021.3131531
10.1109/JAS.2024.124983
10.1109/SURV.2014.012214.00180
10.1145/2939672.2939785
10.1007/978-981-15-9031-3_8
10.1016/j.comnet.2018.02.029
10.1109/JAS.2022.105860
10.1109/TNSM.2024.3363490
10.1109/TIFS.2021.3117066
10.1016/j.cosrev.2024.100644
10.1109/JSAC.2011.111002
10.1016/j.cose.2023.103661
10.1016/j.cose.2024.103716
10.1109/LCOMM.2006.1633341
10.1109/TNET.2022.3195871
10.1109/TSC.2024.3489437
10.1109/TNET.2022.3169136
10.1109/TSC.2023.3266757
10.1145/2602204.2602219
10.1145/3556973
10.1145/3704434
10.1145/3359989.3365408
10.1109/SP54263.2024.00016
10.1109/TDSC.2015.2443807
10.1109/SP54263.2024.00267
10.1109/JSAC.2021.3126053
10.1109/TDSC.2023.3349180
10.1016/j.comnet.2019.01.031
10.1109/TIFS.2019.2932228
10.1109/tdsc.2024.3522104
10.1016/j.comnet.2012.07.003
10.1109/TETCI.2022.3170515
10.1016/j.eswa.2024.124356
10.1109/TSC.2021.3102046
10.1016/j.comcom.2023.12.041
ContentType Journal Article
DBID 97E
RIA
RIE
AAYXX
CITATION
DOI 10.1109/TC.2025.3541143
DatabaseName IEEE All-Society Periodicals Package (ASPP) 2005–Present
IEEE All-Society Periodicals Package (ASPP) 1998–Present
IEEE Electronic Library (IEL)
CrossRef
DatabaseTitle CrossRef
DatabaseTitleList
Database_xml – sequence: 1
  dbid: RIE
  name: IEEE Electronic Library (IEL)
  url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/
  sourceTypes: Publisher
DeliveryMethod fulltext_linktorsrc
Discipline Engineering
Computer Science
EISSN 1557-9956
EndPage 1770
ExternalDocumentID 10_1109_TC_2025_3541143
10882931
Genre orig-research
GrantInformation_xml – fundername: Natural Science Foundation General Project of Chongqing
  grantid: CSTB2022NSCQ-MSX1378
– fundername: National Natural Science Foundation of China
  grantid: 62472153
  funderid: 10.13039/501100001809
– fundername: YueLuShan Center Industrial Innovation Project
  grantid: 2023YCII0115
GroupedDBID --Z
-DZ
-~X
.55
.DC
0R~
29I
3EH
3O-
4.4
5GY
5VS
6IK
85S
97E
AAJGR
AARMG
AASAJ
AAWTH
ABAZT
ABFSI
ABQJQ
ABVLG
ACGFO
ACIWK
ACNCT
AENEX
AETEA
AETIX
AGQYO
AGSQL
AHBIQ
AI.
AIBXA
AKJIK
AKQYR
ALLEH
ALMA_UNASSIGNED_HOLDINGS
ASUFR
ATWAV
BEFXN
BFFAM
BGNUA
BKEBE
BPEOZ
CS3
DU5
E.L
EBS
EJD
HZ~
H~9
IAAWW
IBMZZ
ICLAB
IEDLZ
IFIPE
IFJZH
IPLJI
JAVBF
LAI
M43
MS~
MVM
O9-
OCL
P2P
PQQKQ
RIA
RIE
RNI
RNS
RXW
RZB
TAE
TN5
TWZ
UHB
UKR
UPT
VH1
X7M
XJT
XOL
XZL
YXB
YYQ
YZZ
ZCG
AAYOK
AAYXX
CITATION
RIG
ID FETCH-LOGICAL-c146t-8efc3030cf071f7639b93b4185b67854cd66d6722c753e358c87209f61a6eacb3
IEDL.DBID RIE
ISSN 0018-9340
IngestDate Sun Jul 06 05:02:41 EDT 2025
Wed Aug 27 02:04:40 EDT 2025
IsPeerReviewed true
IsScholarly true
Issue 5
Language English
License https://ieeexplore.ieee.org/Xplorehelp/downloads/license-information/IEEE.html
https://doi.org/10.15223/policy-029
https://doi.org/10.15223/policy-037
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-c146t-8efc3030cf071f7639b93b4185b67854cd66d6722c753e358c87209f61a6eacb3
ORCID 0000-0002-7275-9273
0000-0001-5224-4048
0000-0003-0877-3887
0000-0003-1974-4731
0009-0005-6133-6733
0000-0002-0062-0213
PageCount 13
ParticipantIDs ieee_primary_10882931
crossref_primary_10_1109_TC_2025_3541143
PublicationCentury 2000
PublicationDate 2025-May
2025-5-00
PublicationDateYYYYMMDD 2025-05-01
PublicationDate_xml – month: 05
  year: 2025
  text: 2025-May
PublicationDecade 2020
PublicationTitle IEEE transactions on computers
PublicationTitleAbbrev TC
PublicationYear 2025
Publisher IEEE
Publisher_xml – name: IEEE
References ref13
ref35
ref12
ref34
ref15
ref14
ref31
ref30
ref11
ref33
ref10
ref32
ref2
ref1
ref17
ref16
ref19
ref18
ref24
ref23
ref26
ref25
ref20
ref22
ref21
ref28
ref27
ref29
ref8
ref7
ref9
ref4
ref3
ref6
ref5
References_xml – ident: ref27
  doi: 10.1109/TDSC.2021.3131531
– ident: ref1
  doi: 10.1109/JAS.2024.124983
– ident: ref13
  doi: 10.1109/SURV.2014.012214.00180
– ident: ref26
  doi: 10.1145/2939672.2939785
– ident: ref28
  doi: 10.1007/978-981-15-9031-3_8
– ident: ref24
  doi: 10.1016/j.comnet.2018.02.029
– ident: ref2
  doi: 10.1109/JAS.2022.105860
– ident: ref19
  doi: 10.1109/TNSM.2024.3363490
– ident: ref6
  doi: 10.1109/TIFS.2021.3117066
– ident: ref11
  doi: 10.1016/j.cosrev.2024.100644
– ident: ref34
  doi: 10.1109/JSAC.2011.111002
– ident: ref10
  doi: 10.1016/j.cose.2023.103661
– ident: ref16
  doi: 10.1016/j.cose.2024.103716
– ident: ref31
  doi: 10.1109/LCOMM.2006.1633341
– ident: ref30
  doi: 10.1109/TNET.2022.3195871
– ident: ref32
  doi: 10.1109/TSC.2024.3489437
– ident: ref7
  doi: 10.1109/TNET.2022.3169136
– ident: ref23
  doi: 10.1109/TSC.2023.3266757
– ident: ref14
  doi: 10.1145/2602204.2602219
– ident: ref15
  doi: 10.1145/3556973
– ident: ref12
  doi: 10.1145/3704434
– ident: ref21
  doi: 10.1145/3359989.3365408
– ident: ref3
  doi: 10.1109/SP54263.2024.00016
– ident: ref25
  doi: 10.1109/TDSC.2015.2443807
– ident: ref4
  doi: 10.1109/SP54263.2024.00267
– ident: ref18
  doi: 10.1109/JSAC.2021.3126053
– ident: ref5
  doi: 10.1109/TDSC.2023.3349180
– ident: ref22
  doi: 10.1016/j.comnet.2019.01.031
– ident: ref33
  doi: 10.1109/TIFS.2019.2932228
– ident: ref35
  doi: 10.1109/tdsc.2024.3522104
– ident: ref20
  doi: 10.1016/j.comnet.2012.07.003
– ident: ref8
  doi: 10.1109/TETCI.2022.3170515
– ident: ref9
  doi: 10.1016/j.eswa.2024.124356
– ident: ref29
  doi: 10.1109/TSC.2021.3102046
– ident: ref17
  doi: 10.1016/j.comcom.2023.12.041
SSID ssj0006209
Score 2.4936614
Snippet Low-rate Denial of Service (DoS) attacks can significantly compromise network availability and are difficult to detect and mitigate due to their stealthy...
SourceID crossref
ieee
SourceType Index Database
Publisher
StartPage 1758
SubjectTerms Accuracy
Attack detection
attack mitigation
Computers
Electronic mail
Fractals
low-rate denial of service attacks
Monitoring
Prevention and mitigation
Software defined networking
Switches
Telecommunication traffic
Threat modeling
Title A Low-Rate DoS Attack Mitigation Scheme Based on Port and Traffic State in SDN
URI https://ieeexplore.ieee.org/document/10882931
Volume 74
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
link http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1LS8NAEF60Jz1YrRXriz148JKYx24ex9paitgctIXewj6xiIlIiuCvd3aTSBAEb0nYhWV25_FlZ75B6FqkVEtNYgA5OnIIo9JJY0GckARMMap9T5kC50UWzVfkYU3XTbG6rYVRStnkM-WaR3uXL0uxNb_KQMMhHkxN1fQuILe6WOvH7EZtPocPGhwSr-Hx8b30djkBIBhQN6TEt_U5HRfU6aliXcqsj7J2MXUmyau7rbgrvn7xNP57tYfooAku8bg-DUdoRxUD1G8bN-BGjwdov8NCeIyyMX4sP50niDrxtHzG46pi4hUvNjX9RlnAxBf1pvAdeDyJ4d2kn2JWSAyezlBQYBuy4g2MnGZDtJrdLydzp2mz4Agwk5WTKC3AkXlCQ7ihwd6kPA25IbXh4MkoETKKZBQHgQBoo0KaiCQGWevIZxGYbR6eoF5RFuoU4TjhJCA6lgbocJYy7QsmRCwSQlWi-AjdtJLP32s2jdyiEC_Nl5PcbFLebNIIDY1IO8NqaZ798f0c7ZnpdS7iBepVH1t1CfFCxa_sOfkGn7W6QA
linkProvider IEEE
linkToHtml http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV07T8MwELZQGYCBQimiPD0wsCTkYecxlpaqQJsBUqlbZDu2qCoShFIh8es554EiJCS2JHIi6-y77865-w6haxFSlSriQ5CjPIMwmhqhL4jhEodJRpVtSV3gPI-86YI8LumyLlYva2GklGXymTT1ZfkvP83FRh-VgYaDPxjqqultAH7qVOVaP4bXazI6bNBhl1g1k49thbfxCEJBh5ouJXZZodMCoVZXlRJUJl0UNdOpcknW5qbgpvj6xdT47_keoP3avcTDaj8coi2Z9VC3ad2Aa03uob0WD-ERioZ4ln8az-B34nH-godFwcQaz1cVAUeewYuv8k3iO8C8FMO9TkDFLEsxYJ0mocCl04pXMHIc9dFich-PpkbdaMEQYCgLI5BKAJRZQoHDocDihDx0uaa14YBllIjU81LPdxwBwY10aSACH2StPJt5YLi5e4w6WZ7JE4T9gBOHKD_VoQ5nIVO2YEL4IiBUBpIP0E0j-eS94tNIyjjECpN4lOhFSupFGqC-FmlrWCXN0z-eX6GdaTyfJbOH6OkM7epPVZmJ56hTfGzkBXgPBb8s98w3jOK9ig
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=A+Low-Rate+DoS+Attack+Mitigation+Scheme+Based+on+Port+and+Traffic+State+in+SDN&rft.jtitle=IEEE+transactions+on+computers&rft.au=Tang%2C+Dan&rft.au=Dai%2C+Rui&rft.au=Zuo%2C+Chenguang&rft.au=Chen%2C+Jingwen&rft.date=2025-05-01&rft.pub=IEEE&rft.issn=0018-9340&rft.volume=74&rft.issue=5&rft.spage=1758&rft.epage=1770&rft_id=info:doi/10.1109%2FTC.2025.3541143&rft.externalDocID=10882931
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0018-9340&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0018-9340&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0018-9340&client=summon