A New Framework for DDoS Attack Detection and Defense in SDN Environment
TLDR
A new framework of cooperative detection methods of control plane and data plane is proposed, which effectively improve the detection accuracy and efficiency, and prevent DDoS attacks on SDN.Abstract:
While software defined network (SDN) brings more innovation to the development of future networks, it also faces a more severe threat from DDoS attacks. In order to deal with the single point of failure on SDN controller caused by DDoS attacks, we propose a framework for detection and defense of DDoS attacks in the SDN environment. Firstly, we deploy a trigger mechanism of DDoS attack detection on data plane to screen for abnormal flows in the network. Then, we use a combined machine learning algorithm based on K-Means and KNN to exploit the rate characteristics and asymmetry characteristics of the flows and to detect the suspicious flows determined by the detection trigger mechanism. Finally, the controller will take corresponding actions to defense against the attacks. In this paper, we propose a new framework of cooperative detection methods of control plane and data plane, which effectively improve the detection accuracy and efficiency, and prevent DDoS attacks on SDN.read more
Citations
More filters
SDNShield: Towards more comprehensive defense against DDoS attacks on SDN control plane
TL;DR: SDNShield as mentioned in this paper deploys specialized software boxes to improve the scalability of ingress SDN switches to accommodate control plane workload surges, and further incorporates a two-stage filtering scheme to protect the centralized controller.
Journal ArticleDOI
Machine Learning Approach Equipped with Neighbourhood Component Analysis for DDoS Attack Detection in Software-Defined Networking
TL;DR: To classify the SDN traffic as normal or attack traffic using machine learning algorithms equipped with Neighbourhood Component Analysis (NCA), a public “DDoS attack SDN Dataset” including a total of 23 features is handled.
Journal ArticleDOI
Towards DDoS detection mechanisms in Software-Defined Networking
TL;DR: A comprehensive review of the DDoS detection mechanisms utilized in Software-Defined Networking is presented, drawing a conclusion that the machine learning-based DDoS Detection mechanisms and threshold- based DDoS detect mechanisms are the two most popular technologies utilized to detect DDoS attacks in SDN.
Journal ArticleDOI
An Efficient IDS Framework for DDoS Attacks in SDN Environment
TL;DR: In this paper, the authors proposed a novel framework to address the performance issues of IDS and the design issues of SDN about DDoS attacks by incorporating intelligence in the data layer using Data Plane Development Kit (DPDK) in the SDN architecture.
Journal ArticleDOI
Machine-Learning-Enabled DDoS Attacks Detection in P4 Programmable Networks
TL;DR: In this article, the authors investigate the potential of Artificial Intelligence and Machine Learning (ML) algorithms to perform automated DDoS Attacks Detection (DAD), specifically focusing on Transmission Control Protocol SYN flood attacks.
References
More filters
Journal ArticleDOI
OpenFlow: enabling innovation in campus networks
Nick McKeown,Thomas Anderson,Hari Balakrishnan,Guru Parulkar,Larry L. Peterson,Jennifer Rexford,Scott Shenker,Jonathan S. Turner +7 more
TL;DR: This whitepaper proposes OpenFlow: a way for researchers to run experimental protocols in the networks they use every day, based on an Ethernet switch, with an internal flow-table, and a standardized interface to add and remove flow entries.
Journal ArticleDOI
P4: programming protocol-independent packet processors
Pat Bosshart,Daniel P. Daly,Glen Gibb,Martin J. Izzard,Nick McKeown,Jennifer Rexford,Cole Schlesinger,Daniel Talayco,Amin Vahdat,George Varghese,David Walker +10 more
TL;DR: This paper proposes P4 as a strawman proposal for how OpenFlow should evolve in the future, and describes how to use P4 to configure a switch to add a new hierarchical label.
Proceedings Article
HyperFlow: a distributed control plane for OpenFlow
Amin Tootoonchian,Yashar Ganjali +1 more
TL;DR: HyperFlow is logically centralized but physically distributed: it provides scalability while keeping the benefits of network control centralization, and enables interconnecting independently managed OpenFlow networks, an essential feature missing in current OpenFlow deployments.
Proceedings ArticleDOI
Kandoo: a framework for efficient and scalable offloading of control applications
TL;DR: Kandoo is proposed, a framework for preserving scalability without changing switches that enables network operators to replicate local controllers on demand and relieve the load on the top layer, which is the only potential bottleneck in terms of scalability.
Proceedings ArticleDOI
Lightweight DDoS flooding attack detection using NOX/OpenFlow
TL;DR: This work presents a lightweight method for DDoS attack detection based on traffic flow features, in which the extraction of such information is made with a very low overhead compared to traditional approaches.