Mitigating Slow Hypertext Transfer Protocol Distributed Denial of Service Attacks in Software Defined Networks

Abstract

Distributed Denial of Service (DDoS) attacks have become one of the persistent forms of attacks on information technology infrastructure connected to public networks due to the ease of access to DDoS attack tools. Researchers have been able to develop several techniques to curb volumetric DDoS, which overwhelm the target with a large number of request packets. However, a limited number of research has been executed on mitigating slow DDoS. Attackers have resorted to slow DDoS because it mimics the behaviour of a slow legitimate client, thereby causing service unavailability. This paper provides the scholarly community with an approach to boost service availability in web servers under slow hypertext transfer protocol (HTTP) DDoS attacks through attack detection. Genetic Algorithm and Support Vector Machine (SVM) were selected to facilitate attack mitigation in a software-defined networking environment simulated in GNS3. Genetic Algorithm was used to select the NetFlow features, which indicated the presence of an attack and also determined the appropriate regularisation parameter, C, and gamma parameter for the SVM classifier. The results obtained showed that the classifier had detection accuracy, area under the receiver operating curve, true-positive rate, false-positive rate, and false-negative rate of 99.89 percent, 99.89 percent, 99.95 percent, 0.18 percent, and 0.05 percent respectively. Furthermore, the algorithm for subsequent implementations of the selective adaptive bubble burst mitigation mechanism was presented. This study contributes towards the ongoing research in detecting and mitigating slow HTTP DDoS attacks with emphasis on the use of machine learning classification and meta-heuristic algorithms.