论文信息 - DDoS Attacks and Flash Event Detection Based on Flow Characteristics in SDN

DDoS Attacks and Flash Event Detection Based on Flow Characteristics in SDN

With the development of Software-Defined Networking (SDN), its security has been increasingly emphasized. Due to the centralized management and programmability of SD-N, an attacker can easily exploit its security vulnerabilities to carry out distributed denial-of-service (DDoS) attacks. Targeting at the φ-entropy improved on basis of Shan-non entropy and generalized entropy, we presents a multi-type DDoS detection and Flash Event method based on flow characteristics. To conduct the DDoS attack detection while detecting and distinguishing DDoS and Flash Events (FE) correctly, samples are classified via the multi-dimension features of the flow table in the switch, such as protocol type, the duration of flow and the φ-entropy of source / destination IP, Among them, the adjustable of φ-entropy is more conducive to discovering the attack behavior in the early stage. Experiments show that this method can effectively improve the detection rate of DDoS and reduce the false alarm rate of Flash Events, which verifies the accuracy and effectiveness of the experiments.

[1] Miroslav Popovic,et al. Use of Tsallis entropy in detection of SYN flood DoS attacks , 2015, Secur. Commun. Networks.

[2] Sunny Behal,et al. Detection of DDoS attacks and flash events using novel information theory metrics , 2017, Comput. Networks.

[3] Yiming Li,et al. Software defined networking: State of the art and research challenges , 2014, Comput. Networks.

[4] Jae-Hyun Jun,et al. DDoS Attack Detection Using Flow Entropy and Packet Sampling on Huge Networks , 2014 .

[5] Jugal K. Kalita,et al. An empirical evaluation of information metrics for low-rate and high-rate DDoS attack detection , 2015, Pattern Recognit. Lett..

[6] Syed Ali Khayam,et al. Revisiting Traffic Anomaly Detection Using Software Defined Networking , 2011, RAID.

[7] Fatih Alagoz,et al. The Controller Placement Problem in Software Defined Mobile Networks (SDMN) , 2015 .

[8] Yonghong Chen,et al. DDoS Detection Method Based on Chaos Analysis of Network Traffic Entropy , 2014, IEEE Communications Letters.

[9] I. Jolliffe. Principal Component Analysis , 2002 .

[10] Fatih Alagöz,et al. SDNScore: A statistical defense mechanism against DDoS attacks in SDN environment , 2017, 2017 IEEE Symposium on Computers and Communications (ISCC).