OpenFlowSIA: An optimized protection scheme for software-defined networks from flooding attacks

In this paper, we propose an optimized protection mechanism (OpenFlowSIA) for Software-Defined Networks from flooding attacks (Distributed Denial-of-Service) based on Support Vector Machine and our proposed algorithm called the Idle-timeout Adjustment (IA). Our methodology not only utilizes SVM advantages in classification such as high accuracy and little processing time, but also applies effectively the IA algorithm and coherent policies to protect network from resource exhaustion caused by flooding attacks, particularly for the SDN controller and OpenFlow switches. Through comprehensive experiments, the OpenFlowSIA scheme illustrates that it can be an innovative solution to secure and save the network resources under flooding attacks in the Software-Defined Networks.

[1]  Lei Xu,et al.  FloodGuard: A DoS Attack Prevention Extension in Software-Defined Networks , 2015, 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[2]  Vinod Yegneswaran,et al.  AVANT-GUARD: scalable and vigilant switch flow management in software-defined networks , 2013, CCS.

[3]  S. Thamarai Selvi,et al.  DDoS detection and analysis in SDN-based environment using support vector machine classifier , 2014, 2014 Sixth International Conference on Advanced Computing (ICoAC).

[4]  Thierry Turletti,et al.  A Survey of Software-Defined Networking: Past, Present, and Future of Programmable Networks , 2014, IEEE Communications Surveys & Tutorials.

[5]  Alan Marshall,et al.  A multi-criteria-based DDoS-attack prevention solution using software defined networking , 2015, 2015 International Conference on Advanced Technologies for Communications (ATC).

[6]  John Pescatore DDoS Attacks Advancing and Enduring : A SANS Survey , 2015 .

[7]  P ? ? ? ? ? ? ? % ? ? ? ? , 1991 .

[8]  Saman Taghavi Zargar,et al.  A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks , 2013, IEEE Communications Surveys & Tutorials.

[9]  Nello Cristianini,et al.  An Introduction to Support Vector Machines and Other Kernel-based Learning Methods , 2000 .

[10]  Stephen P. Boyd,et al.  Convex Optimization , 2004, Algorithms and Theory of Computation Handbook.

[11]  Rodrigo Braga,et al.  Lightweight DDoS flooding attack detection using NOX/OpenFlow , 2010, IEEE Local Computer Network Conference.