Detection and Mitigation of DDoS/Dos Security threats in an NFV Architecture

Abstract

ABSTRACT: DDoS/DoS attacks are one of the most used attacks by cybercriminals. Due to their huge impact in traditional or novel network architectures, these kinds of attacks can make that the biggest websites fail. The novel Network Functions Virtualizations (NFV) architecture can also be affected by the external attacks, and the DDoS/DoS also affect the NFV layers, being the Net- work Functions Virtualization Infrastructure (NFVI) the most critical layer as it hosts the major part of the attack that also affect the other layers. This fact makes the NFV architecture an interesting target for the attackers. There are many different kinds of traditional techniques used for DDoS/DoS attack detection, some of them include Artificial Intelligence, Intrusion Detection Systems (IDSs), Deep packet inspection (DPI). Most of them are well known and have remained unchanged during the last few years. In this work, we implement a novel technique called Gaussian Mixture Model (GMM), normally used in other scientific or engineer- ing areas, to detect DDoS/DoS cyberattacks in a real NFV environment. Moreover, this work developed a mitigation strategy to avoid the negative impact caused by DDoS/DoS attacks, inside the Software Defined Networking (SDN)-NFV environment. Finally, this work presents an additional strategy as a complement to the aforemen- tioned mitigation strategy to cover all aspects that can affect Web service availability. This strategy looks for the implementation of a load balancer to distribute the network traffic through a pool of servers to avoid the situation in which thousands or millions of users sent requests to the Web service and provoking, denial of service with legiti- mate traffic. As a results, this work proves that the novel Machine Learning (ML) technique (GMM) implemented to prevent the attack was very powerful blocking around 1.3 million of DDoS/DoS packets (this amount of traffic represents around 90% of the incoming traffic in this test) sent by the attacker, allowing the Web server to continue to provide the service without any interruption. Also, the load balancing strategy was able to cover and manage situations with a huge volume of traffic requests sent to a Web server and proving that it is capable to preserve the service availability and the benefit of using it was over 36% much efficient in contrast to not using it. This work performs the implementation of the previously mentioned strategies and shows their benefits in a real NFV environment where the system was able to mitigate the DDoS/DoS attacks and avoid the negative impact caused by thousands of users, guaranteeing the service availability exposed in the NFV environment.