论文信息 - An Entropy-Based DDoS Defense Mechanism in Software Defined Networks

An Entropy-Based DDoS Defense Mechanism in Software Defined Networks

The issue on defensing against Distributed Denial of Service (DDoS) attacks in Software Defined Networks (SDN) has been highly concerned by academe and industry. The existing studies cannot eliminate the false positives by using the simple classification algorithms. In this paper, we analyze the essential difference between DDoS attacks and flash crowds which causes some similar consequences to DDoS. Accordingly we design a novel effective Entropy-based DDoS Defense Mechanism (EDDM) running on the SDN controller, which including a two-stage DDoS detection method. Compared with the existing works, the EDDM avoids the dropping of legitimate packets and minimizes the losses of legitimate users. Simulations demonstrate that the EDDM can distinguish the DDoS attacks from flash crowds, find the locations of bots, and block attack packets at source effectively.

Xiaoning Zhang | Quan Zhou | Yajie Jiang | Zijing Cheng

[1] Alvaro García de la Villa. Distributed Denial of Service Attacks defenses and OpenFlow: Implementing denial-of-service defense mechanisms with software defined networking , 2014 .

[2] Alan Marshall,et al. A multi-criteria-based DDoS-attack prevention solution using software defined networking , 2015, 2015 International Conference on Advanced Technologies for Communications (ATC).

[3] Martin Vizváry. Mitigation of DDoS Attacks in Software Defined Networks , 2015 .

[4] Marc St-Hilaire,et al. Early detection of DDoS attacks against SDN controllers , 2015, 2015 International Conference on Computing, Networking and Communications (ICNC).

[5] Zhou Huachun Chen Jia Zhang Hongke Wang Mingxin. An entropy based anomaly traffic detection approach in SDN , 2015 .

[6] Kornchawal Chaipah,et al. A Security Analysis of a Hybrid Mechanism to Defend DDoS Attacks in SDN , 2016 .

[7] H. Kim,et al. A SDN-oriented DDoS blocking scheme for botnet-based attacks , 2014, 2014 Sixth International Conference on Ubiquitous and Future Networks (ICUFN).

[8] Rodrigo Braga,et al. Lightweight DDoS flooding attack detection using NOX/OpenFlow , 2010, IEEE Local Computer Network Conference.

[9] Xiaojiang Du,et al. A detection method for a novel DDoS attack against SDN controllers by vast new low-traffic flows , 2016, 2016 IEEE International Conference on Communications (ICC).