A Detection Method for DDoS Attack against SDN Controller

Distributed denial of service (DDoS) attacks has caused huge economic losses to society. They have become one of the main threats to Internet security. Most of the current detection methods based on a single feature and fixed model parameters cannot effectively detect early DDoS attacks in cloud and big data environment. In this paper, an adaptive DDoS attack detection method (ADADM) based on multiple-kernel learning (MKL) is proposed. Based on the burstiness of DDoS attack flow, the distribution of addresses, and the interactivity of communication, we define five features to describe the network flow characteristic. Based on the ensemble learning framework, the weight of each dimension is adaptively adjusted by increasing the interclass mean with a gradient ascent and reducing the intraclass variance with a gradient descent, and the classifier is established to identify an early DDoS attack by training simple multiple-kernel learning (SMKL) models with two characteristics including interclass mean squared difference growth (M-SMKL) and intraclass variance descent (S-SMKL). The sliding window mechanism is used to coordinate the S-SMKL and M-SMKL to detect the early DDoS attack. The experimental results indicate that this method can detect DDoS attacks early and accurately.

Download Full-text

DDoS Attack Detection Method Based on Linear Prediction Model

Emerging Intelligent Computing Technology and Applications - Lecture Notes in Computer Science ◽

10.1007/978-3-642-04070-2_106 ◽

2009 ◽

pp. 1004-1013 ◽

Cited By ~ 9

Author(s):

Jieren Cheng ◽

Jianping Yin ◽

Chengkun Wu ◽

Boyun Zhang ◽

Yun Liu

Keyword(s):

Prediction Model ◽

Linear Prediction ◽

Detection Method ◽

Attack Detection ◽

Ddos Attack ◽

Ddos Attack Detection ◽

Linear Prediction Model

Download Full-text

A DDoS Attack Detection Method Based on Machine Learning

Journal of Physics Conference Series ◽

10.1088/1742-6596/1237/3/032040 ◽

2019 ◽

Vol 1237 ◽

pp. 032040

Author(s):

Jiangtao Pei ◽

Yunli Chen ◽

Wei Ji

Keyword(s):

Machine Learning ◽

Detection Method ◽

Attack Detection ◽

Ddos Attack ◽

Ddos Attack Detection

Download Full-text

Mitigation of DDoS attack instigated by compromised switches on SDN controller by analyzing the flow rule request traffic

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i2.6.10065 ◽

2018 ◽

Vol 7 (2.6) ◽

pp. 46 ◽

Cited By ~ 2

Author(s):

Sanjeetha R ◽

Shikhar Srivastava ◽

Rishab Pokharna ◽

Syed Shafiq ◽

Dr Anita Kanavalli

Keyword(s):

Network Architecture ◽

Flow Rule ◽

Software Defined Network ◽

Ddos Attacks ◽

Control Plane ◽

Ddos Attack ◽

Flow Table ◽

Data Plane ◽

Ddos Detection ◽

Sdn Controller

Software Defined Network (SDN) is a new network architecture which separates the data plane from the control plane. The SDN controller implements the control plane and switches implement the data plane. Many papers discuss about DDoS attacks on primary servers present in SDN and how they can be mitigated with the help of controller. In our paper we show how DDoS attack can be instigated on the SDN controller by manipulating the flow table entries of switches, such that they send continuous requests to the controller and exhaust its resources. This is a new, but one of the possible way in which a DDoS attack can be performed on controller. We show the vulnerability of SDN for this kind of attack. We further propose a solution for mitigating it, by running a DDoS Detection module which uses variation of flow entry request traffic from all switches in the network to identify compromised switches and blocks them completely.

Download Full-text