Detecting DDoS attacks within milliseconds by using FPGA-based hardware acceleration

Timely detection and mitigation of Distributed Denial of Service (DDoS) attacks are still challenging for current datacenter and Internet packet exchange operators. Detecting volumetric attacks are in the range of seconds, whereas their mitigation is often in the range of minutes. Besides the fact that the attacks are effective until their mitigation is successful, there are further attacks that remain unnoticed by current equipment. These are hit-and-run attacks that last for a fraction of a second or a few seconds only, pushing the network or the targeted service towards an unstable state and evaporate. This paper presents an FPGA-based DDoS detector and its application. The detector is capable of detecting the top-9 DDoS attack types, the 96.67% of all DDoS attacks, and the so called hit-and-run attacks within milliseconds. The concept is validated through real-life use cases on attacks of a medium-sized datacenter network.