Common use of Problem and challenges Clause in Contracts

Problem and challenges. Many research efforts have been devoted to tackle DDoS attacks leveraging ML and/or SDN. ▇▇▇▇▇ et al. [44] proposed an intelligent method for detecting network-layer DDoS attacks in an SDN environment. The proposed method uses a Self-Organizing Maps (SOM) [45] model, an unsupervised artificial neural network, trained on traffic flow features. The contribution in [46] rely on Deep Neural Network (DNN) models to detect intrusion in an SDN network. The authors in [47] devised a ML-based collaborative DDoS mitigation strategy in a multi-SDN controller environment. The detection is performed using Naive Bayes classifier based on flow features extracted by the SDN controller. Upon detection of malicious behaviour, the SDN controller in the attacker’s network is automatically notified to create a deny IP based flow. Similar to [40], the work in [42] , [43] consider only network-layer attacks. Moreover, the proposed models are trained on NSL-KDD, a relatively old dataset that cannot reflect the current trend in network attacks. Hong et al.[48] devised an SDN-assisted defence method to detect and mitigate slow HTTP DDoS attacks. The defence solution is deployed as a SDN application and triggered by the web server when the number of open connections that sent incomplete HTTP requests exceeds a given threshold. The major weakness of threshold-based schemes is their lack of accuracy. In fact, threshold-based schemes are unsuitable for detecting application-layer DDoS attacks due to the resemblance between the traffic patterns generated by those attacks and benign activities. The authors in [49] demonstrated the potential of ML techniques in detecting low-rate application-layer DDoS using the characteristics of malicious TCP flows. A detection accuracy of over 97% has been achieved using K Nearest Neighbour, Decision Trees and DNN techniques. Some solutions related to the detection of DDoS attacks over 5G multi-tenant networks have been presented in recent years. For instance, Mamolar et. al [50] proposed an extension of the well-known Intrusion Detection System (IDS) Snort, capable of detecting DDoS attacks in real time, to support 5G multi-tenant traffic, so it can be deployed in a multi-tenant 5G environment. However, they do not leverage any AI technique, so we consider this approach too static and inappropriate for such dynamic network environments as those found in 5G. Furthermore, very few contributions have focused on addressing the issue in 5G network slicing environment leveraging mainly the resource isolation concept (e.g., [51]). However, the new shift towards cloud-native architecture where virtual network functions are deployed as containers makes the complete isolation hard to achieve. In addition, detecting DDoS attacks by only analysing the network traffic may not always be possible, especially with the emergence of stealthy application-layer DDoS attacks which aim at exhausting the server’s resources while generating a traffic that mimic the legitimate one. Thus, using new sources of information, such as resource usage and/or performance of service under attack, is vital to discriminate malicious behaviour due to DDoS attack.

Problem and challenges. Many research efforts have been devoted to tackle DDoS attacks leveraging ML and/or SDN. ▇▇▇▇▇ et al. [44] proposed an intelligent method for detecting network-layer DDoS attacks in an SDN environment. The proposed method uses a Self-Organizing Maps (SOM) [45] model, an unsupervised artificial neural network, trained on traffic flow features. The contribution in [46] rely on Deep Neural Network (DNN) DNN models to detect intrusion in an SDN network. The authors in [47] devised a ML-based collaborative DDoS mitigation strategy in a multi-SDN controller environment. The detection is performed using Naive Bayes classifier based on flow features extracted by the SDN controller. Upon detection of malicious behaviour, the SDN controller in the attacker’s network is automatically notified to create a deny IP ďĞŚĂǀŝŽƵƌ͕ ƚŚĞ ^ E ĐŽŶƚƌŽůůĞƌ ŝŶ ƚŚĞ ĂƚƚĂĐŬĞƌ͛ based flow. Similar to [40], the work in [42] , [43] consider only network-layer attacks. Moreover, the proposed models are trained on NSL-KDD, a relatively old dataset that cannot reflect the current trend in network attacks. Hong et al.[48] devised an SDN-assisted defence method to detect and mitigate slow HTTP DDoS attacks. The defence solution is deployed as a SDN application and triggered by the web server when the number of open connections that sent incomplete HTTP requests exceeds a given threshold. The major weakness of threshold-based schemes is their lack of accuracy. In fact, threshold-based schemes are unsuitable for detecting application-layer DDoS attacks due to the resemblance between the traffic patterns generated by those attacks and benign activities. The authors in [49] demonstrated the potential of ML techniques in detecting low-rate application-layer DDoS using the characteristics of malicious TCP flows. A detection accuracy of over 97% has been achieved using K K-Nearest Neighbour, Decision Trees and DNN techniques. Some solutions related to the detection of DDoS attacks over 5G multi-tenant networks have been presented in recent years. For instance, Mamolar et. al [50] proposed an extension of the well-known Intrusion Detection System (IDS) Snort, capable of detecting DDoS attacks in real time, to support 5G multi-tenant traffic, so it can be deployed in a multi-tenant 5G environment. However, they do not leverage any AI technique, so we consider this approach too static and inappropriate for such dynamic network environments as those found in 5G. Furthermore, very few contributions have focused on addressing the issue in 5G network slicing environment leveraging mainly the resource isolation concept (e.g., [51]). However, the new shift towards cloud-native architecture where virtual network functions are deployed as containers makes the complete isolation hard to achieve. In addition, detecting DDoS attacks by only analysing the network traffic may not always be possible, especially with the emergence of stealthy application-layer DDoS attacks which aim at exhausting the server’s resources while generating a traffic that mimic ƐĞƌǀĞƌ͛Ɛ ƌle gĞenƐerŽatƵingƌaĐtraĞffiƐc t haǁt mŚimŝic the legitimate one. Thus, using new sources of information, such as resource usage and/or performance of service under attack, is vital to discriminate malicious behaviour due to DDoS attack.