Poseidon: Mitigating Volumetric DDoS Attacks with Programmable Switches

—Distributed Denial-of-Service (DDoS) attacks have become a critical threat to the Internet. Due to the increasing number of vulnerable Internet of Things (IoT) devices, attackers can easily compromise a large set of nodes and launch high-volume DDoS attacks from the botnets. State-of-the-art DDoS defenses, however, have not caught up with the fast develop-ment of the attacks. Middlebox-based defenses can achieve high performance with specialized hardware; however, these defenses incur a high cost, and deploying new defenses typically requires a device upgrade. On the other hand, software-based defenses are highly flexible, but software-based packet processing leads to high performance overheads. In this paper, we propose P OSEIDON , a system that addresses these limitations in today’s DDoS defenses. It leverages emerging programmable switches, which can be reconfigured in the field without additional hardware upgrade. Users of P OSEIDON can specify their defense strategies in a modular fashion in the form of a set of defense primitives; this can be further customized easily for each network and extended to include new defenses. P OSEIDON then maps the defense primitives to run on programmable switches—and when necessary, on server software—for effective defense. When attacks change, P OSEIDON can reconfigure the underlying defense primitives to respond to the new attack patterns. Evaluations using our prototype demonstrate that P OSEIDON can effectively defend against high-volume attacks, easily support customization of defense strategies, and adapt to dynamic attacks with low