Simulation for L3 Volumetric Attack Detection

TL;DR

This paper presents a simulation-based approach using machine learning to detect volumetric network attacks by analyzing traffic statistics within a controlled environment.

Contribution

It introduces a prototype module integrated into the Floodlight controller that employs streaming analytics for volumetric attack detection in a simulated network.

Findings

Prototype effectively detects volumetric attacks in simulation

Machine learning methods improve detection accuracy

System operates in real-time within the simulation environment

Abstract

The detection of a volumetric attack involves collecting statistics on the network traffic, and identifying suspicious activities. We assume that available statistical information includes the number of packets and the number of bytes passed per flow. We apply methods of machine learning to detect malicious traffic. A prototype project is implemented as a module for the Floodlight controller. The prototype was tested on the Mininet simulation platform. The simulated topology includes a number of edge switches, a connected graph of core switches, and a number of server and user hosts. The server hosts run simple web servers. The user hosts simulate web clients. The controller employs Dijkstra's algorithm to find the best flow in the graph. The controller periodically polls the edge switches and provides current and historical statistics on each active flow. The streaming analytics evaluates the traffic volume and detects volumetric attacks.