RAG and LLMs for Carpet-Bombing DDoS Detection in SDN
A new framework uses Retrieval-Augmented Generation (RAG) and Large Language Models (LLMs) to detect and mitigate Carpet-Bombing DDoS attacks in Software-Defined Networking (SDN) environments. The approach combines interface-level traffic features, semantic embeddings, FAISS-based similarity retrieval, and LLM-driven inference to classify traffic without supervised training. Experiments were conducted under multiple Carpet-Bombing scenarios to evaluate effectiveness.
Key facts
- The framework targets Carpet-Bombing DDoS attacks in SDN.
- It uses RAG and LLMs for real-time detection and mitigation.
- No conventional supervised model training or retraining is required.
- The system combines interface-level traffic features, semantic embeddings, FAISS retrieval, and LLM inference.
- Experiments were conducted under multiple Carpet-Bombing scenarios.
- The paper is available on arXiv with ID 2605.26307.
- SDN's centralized control is vulnerable to DDoS attacks.
- Carpet-Bombing attacks distribute traffic across multiple targets to evade detection.
Entities
Institutions
- arXiv