Open Access iconOpen Access



Adaptive Polling Rate for SNMP for Detecting Elusive DDOS

Yichiet Aun*, Yen-Min Jasmina Khaw, Ming-Lee Gan, Vasaki Ponnusamy

Faculty of Information Communication and Technology, Kampar, 31900, Malaysia

* Corresponding Authors: Yichiet Aun. Email: aunyc@email

Journal of Cyber Security 2022, 4(1), 17-28.


Resilient network infrastructure is pivotal for business entities that are growing reliance on the Internet. Distributed Denial-of-Service (DDOS) is a common network threat that collectively overwhelms and exhausts network resources using coordinated botnets to interrupt access to network services, devices, and resources. IDS is typically deployed to detect DDOS based on Snort rules. Although being fairly accurate, IDS operates on a compute-intensive packet inspection technique and lacks rapid DDOS detection. Meanwhile, SNMP is a comparably lightweight countermeasure for fast detection. However, this SNMP trigger is often circumvented if the DDOS burst rate is coordinated to flood the network smaller than the SNMP polling rate. Besides, SNMP does not scale well if the poll rate is set extremely fine for improved detection accuracy. In this paper, a lightweight 3D SNMP scaling method is proposed to optimize the SNMP poll rate for DDOS mitigation automatically. The 3D-SNMP uses horizontal scaling to dynamically adjust the optimal poll rate through random packet inspection that is selective. Suppose a sign of DDOS is detected, 3D-SNMP scales down the poll rate for finer detection. As DDOS subsides, 3D-SNMP scales the poll rate up for faster DDOS detection. The equilibrium between scalability and accuracy is determined on the fly depending on the types of DDOS variants. 3D-SNMP also adds a vertical scaling to detect non-salient DDOS that falls below the detection threshold. The experimental results showed that 3D-SNMP achieved DDOS detection of 92% while remaining scalable to different DDOS variants and volumes.


Cite This Article

Y. Aun, Y. Jasmina Khaw, M. Gan and V. Ponnusamy, "Adaptive polling rate for snmp for detecting elusive ddos," Journal of Cyber Security, vol. 4, no.1, pp. 17–28, 2022.

cc This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
  • 1298


  • 854


  • 0


Share Link