Addressing Shortcomings of Existing DDoS Protection Software Using Software-Defined Networking
9th Symposium on Software Performance 2018 (SSP'18), Hildesheim, Germany, (October 2018)Abstract
DDoS attacks are becoming increasingly frequent and violent. A typical type of attack is the TCP SYN flood, inhibiting a server from opening new TCP connections. Current countermeasures to this attack introduce inefficiencies by either reducing computing resources on the service host or creating new network bottlenecks. In this work, we present a novel approach to mitigate TCP SYN flood attacks using software-defined networking. We perform an initial evaluation of a proof-of-concept implementation that exhibits performance measures close to existing countermeasures while circumventing their inefficiencies.