In-Network SYN Flooding DDoS Attack Detection Utilizing P4 Switches

Abstract

With the rapid development of Internet applications, the demand for reliable online services similarly increases. However, Distributed Denial-of-Service (DDoS) attacks disrupt the accessibility and the availability of online services. Therefore, DDoS detection and mitigation are crucial tasks to achieve high service availability. In this paper, we propose a novel in-network detection scheme for SYN flooding, the most prevalent type of DDoS attacks. By relocating the attack detection from a centralized controller to programmable P4 switches, the detection time is reduced, and the workload is distributed in the network. Extending passive classification methods, we propose an active detection mechanism, identifying SYN flooding DDoS attacks by selective packet dropping. By this, we expect more accurate detections compared to the state-of-the-art under congested network conditions.