RADD: A Real-time and Accurate Method for DDoS Detection Based on In-Network Computing

Distributed Denial-of-Service (DDoS) attacks pose formidable threats to the security and availability of critical Internet infrastructure. In-network computing technology brings new opportunities to address DDoS attacks due to its intrinsic data plane programmability and high performance. However, existing DDoS attacks detection schemes based on in-network computing are difficult to strike a balance between true positive rate and false positive rate, especially in low-rate DDoS attacks scenarios. In response to this challenge, we propose RADD, an entropy-based method to detect DDoS attacks in real time based on in-network computing. RADD measures the distribution of network traffic from the perspective of individual IP address to discern subtle fluctuations within network traffic, hence providing early indications of potential DDoS attacks. We implement a prototype of RADD over programmable switches and results show that our proposed method significantly outperforms the state-of-the-art or has equivalent accuracy in low-rate and high-rate DDoS attacks scenarios.