Advances, Systems and Applications
From: OpenStackDP: a scalable network security framework for SDN-based OpenStack cloud infrastructure
Attack Type | Attack Identification | Field of Interest | Detection Method | Mitigation Method |
---|---|---|---|---|
Scanning | Increase in Attacker, Host A, ratio to target addresses | IP Address Port | Level 1 (data-plane) Level 2 (NFV) | Block/Drop |
DoS | Volume of traffic flows from/to a single IP exceeds a threshold | IP Address TTL | Level 1 (data-plane) Level 2 (NFV) | Block/Drop |
DDoS | volume of traffic from multiple IPs targeting exceeds a threshold | IP Address TTL | Level 1 (data-plane) Level 2 (NFV) Level3-(control-plane) | Block/Drop |
Slow Rate | opens a great number of half-open connections and initiates request with no replies | IP Address Port | Level 1 (data-plane) Level 2 (NFV) Level3-(control-plane) | Block/Drop |
App layer | correlation/asymmetric volume between Request/Response | Port Protocol | Level3-(control-plane) Level 4- (application) | Block/Drop/Remediate |