English

Simulation for L3 Volumetric Attack Detection

Networking and Internet Architecture 2018-01-29 v1

Abstract

The detection of a volumetric attack involves collecting statistics on the network traffic, and identifying suspicious activities. We assume that available statistical information includes the number of packets and the number of bytes passed per flow. We apply methods of machine learning to detect malicious traffic. A prototype project is implemented as a module for the Floodlight controller. The prototype was tested on the Mininet simulation platform. The simulated topology includes a number of edge switches, a connected graph of core switches, and a number of server and user hosts. The server hosts run simple web servers. The user hosts simulate web clients. The controller employs Dijkstra's algorithm to find the best flow in the graph. The controller periodically polls the edge switches and provides current and historical statistics on each active flow. The streaming analytics evaluates the traffic volume and detects volumetric attacks.

Keywords

Cite

@article{arxiv.1801.08938,
  title  = {Simulation for L3 Volumetric Attack Detection},
  author = {Oliver Rutishauser},
  journal= {arXiv preprint arXiv:1801.08938},
  year   = {2018}
}

Comments

8 pages with figures, code, and conclusions

R2 v1 2026-06-22T23:58:41.164Z