Simulation for L3 Volumetric Attack Detection.
The detection of a volumetric attack involves collecting statistics on the network traffic, and identifying suspicious activities. We assume that available statistical information includes the number of packets and the number of bytes passed per flow. We apply methods of machine learning to detect malicious traffic. A prototype project is implemented as a module for the Floodlight controller. The prototype was tested on the Mininet simulation platform. The simulated topology includes a number of edge switches, a connected graph of core switches, and a number of server and user hosts. The server hosts run simple web servers. The user hosts simulate web clients. The controller employs Dijkstra's algorithm to find the best flow in the graph. The controller periodically polls the edge switches and provides current and historical statistics on each active flow. The streaming analytics evaluates the traffic volume and detects volumetric attacks.
Publisher URL: http://arxiv.org/abs/1801.08938