ADAM: An Adaptive DDoS Attack Mitigation Scheme in Software-Defined Cyber-Physical System

With the widespread innovation of the Internet of Things, software-defined networking (SDN), and cloud computing, cyber-physical systems (CPSs) have been developed and widely adopted to facilitate our daily life and economy. In particular, modern society heavily relies on all kinds of CPSs, such as smart grids, and transportation systems. So the shutdown of critical services can lead to serious consequences. Meanwhile, distributed denial-of-service (DDoS) attacks are becoming a major threat to the CPSs due to their ease of execution and the devastation they cause. In addition, owing to the constant updating of attack methods, there is an urgent need for a method to defend against both the known and unknown DDoS attacks. In this article, we present an adaptive DDoS attack mitigation (ADAM) scheme to detect and mitigate DDoS attacks in software-defined CPSs. By combining information entropy and unsupervised anomaly detection methods, ADAM can not only automatically determine the current state, but also adaptively identify suspicious features and thereafter precisely mitigate DDoS attacks. We also propose a pipeline filtering mechanism to accurately drop attack traffic, and this method can be implemented in the existing SDN networks without additional devices required. Unlike most of the classification-based DDoS mitigation scenarios, we aim to mitigate a wide spectrum of DDoS attacks without defining attack characteristics in advance. Real data-driven experimental results show that ADAM has an average mitigation accuracy of 99.13% under high-intensity DDoS attacks. Compared to similar work, our method reduces the false-positive rate by 35%-59%.