Abstract:Distributed denial-of-service (DDoS) attacks, which are becoming increasingly serious, have become one of the biggest threats to network security. Traditional defense mechanisms such as instruction detection, traffic filtering and multiple authentication are limited to static networks, which leads to obvious drawbacks. Software-defined networking (SDN) is a typical dynamic network that provides defenses against DDoS. The existing SDN-based DDoS protection solutions are still in development with many problems that need improvement. A DDoS detection scheme combined with trigger detection and in-depth detection is given here to shorten the detection period with low system overhead. A low-overhead, coarse-grained trigger detection algorithm is integrated with a precise, fine-grained, in-depth detection algorithm to reduce system complexity while ensuring high detection accuracy. An SDN DDoS detection system has been implemented on the Mininet platform to test and evaluate the system. The test show that the detection system has low system overhead, high detection accuracy, and strong practical value.
宋宇波, 杨慧文, 武威, 胡爱群, 高尚. 软件定义网络DDoS联合检测系统[J]. 清华大学学报(自然科学版), 2019, 59(1): 28-35.
SONG Yubo, YANG Huiwen, WU Wei, HU Aiqun, GAO Shang. Joint DDoS detection system based on software-defined networking. Journal of Tsinghua University(Science and Technology), 2019, 59(1): 28-35.
[1] DIXIT A, HAO F, MUKHERJEE S, et al. Towards an elastic distributed SDN controller[C]//Proceedings of the 2nd ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking. Hong Kong, China:ACM, 2013:7-12. [2] GAO S, LI Z, XIAO B, et al. Security threats in the data plane of software-defined networks[J]. IEEE Network, 2018, 32(4):108-113. [3] DAO N N, PARK J, PARK M, et al. A feasible method to combat against DDoS attack in SDN network[C]//Proceedings of 2015 International Conference on Information Networking. Siem Reap, Cambodia:IEEE, 2015:309-311. [4] GIOTIS K, ARGYROPOULOS C, ANDROULIDAKIS G, et al. Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments[J]. Computer Networks, 2014, 62:122-136. [5] MOUSAVI S M, ST-HILAIRE M. Early detection of DDoS attacks against SDN controllers[C]//Proceedings of 2015 International Conference on Computing, Networking and Communications. Garden Grove, USA:IEEE, 2015:77-81. [6] CONTI M, GANGWAL A, GAUR M S. A comprehensive and effective mechanism for DDoS detection in SDN[C]//Proceedings of 2017 IEEE International Conference on Wireless and Mobile Computing, Networking and Communications. Rome, Italy:IEEE, 2017:1-8. [7] WANG X L, CHEN M, XING C Y, et al. Defending DDoS attacks in software-defined networking based on legitimate source and destination IP address database[J]. IEICE Transactions on Information and Systems, 2016, 99(4):850-859. [8] BRAGA B R, MOTA M E, PASSITO P A. Lightweight DDoS flooding attack detection using NOX/OpenFlow[C]//Proceedings of the IEEE Local Computer Network Conference. Denver, USA:IEEE, 2010:408-415. [9] 肖甫, 马俊青, 黄洵松, 等. SDN环境下基于KNN的DDoS攻击检测方法[J]. 南京邮电大学学报(自然科学版), 2015, 35(1):84-88. XIAO F, MA J Q, HUANG X S, et al. DDoS attack detection based on KNN in software defined networks[J]. Journal of Nanjing University of Posts and Telecommunications (Natural Science Edition), 2015, 35(1):84-88. (in Chinese) [10] GAO S, LI Z, YAO Y, et al. Software-defined firewall:Enabling malware traffic detection and programmable security control[C]//Proceedings of the 2018 on Asia Conference on Computer and Communications Security. Songdo, Korea:ACM, 2018:413-424. [11] 左青云, 陈鸣, 王秀磊, 等. 一种基于SDN的在线流量异常检测方法[J]. 西安电子科技大学学报(自然科学版), 2015, 42(1):155-160. ZUO Q Y, CHEN M, WANG X L, et al. Online traffic anomaly detection method for SDN[J]. Journal of Xidian University, 2015, 42(1):155-160. (in Chinese) [12] XU Y, LIU Y. DDoS attack detection under SDN context[C]//Proceedings of the IEEE INFOCOM 2016-The 35th Annual IEEE International Conference on Computer Communications. San Francisco, USA:IEEE, 2016:1-9. [13] DA SILVA A S, WICKBOLDT J A, GRANVILLE L Z, et al. ATLANTIC:A framework for anomaly traffic detection, classification, and mitigation in SDN[C]//Proceedings of the NOMS 2016-2016 IEEE/IFIP Network Operations and Management Symposium. Istanbul, Turkey:IEEE, 2016:27-35. [14] NANDA S, ZAFARI F, DECUSATIS C, et al. Predicting network attack patterns in SDN using machine learning approach[C]//Proceedings of 2016 IEEE Conference on Network Function Virtualization and Software Defined Networks. Palo Alto, USA:IEEE, 2016:167-172. [15] GAO S, PENG Z, XIAO B, et al. FloodDefender:Protecting data and control plane resources under SDN-aimed DoS attacks[C]//Proceedings of INFOCOM 2017-IEEE Computer Communications Conference. Atlanta, USA:IEEE, 2017:1-9. [16] BARKI L, SHIDLING A, METI N, et al. Detection of distributed denial of service attacks in software defined networks[C]//Proceedings of 2016 International Conference on Advances in Computing, Communications and Informatics. Jaipur, India:IEEE, 2016:2576-2581.