论文信息 - Multi-SDN Based Cooperation Scheme for DDoS Attack Defense

Multi-SDN Based Cooperation Scheme for DDoS Attack Defense

Distributed Denial of Service (DDoS) attack is one of the most severe threat in current internet. Software Defined Network (SDN) is novel network structure based on the idea of separation of control plane and data plane. SDN allows us to program and monitor networks, and decide how to forward a packet, so it provides a new solution to defend DDoS attack. This paper proposes a multi-SDN Based cooperation scheme to defend DDoS attack. We adopt machine learning to detect DDoS attack, and design a protocol to enable communication among controllers. This protocol can achieve two goals, one is to build and maintain an independent network among controllers of different SDN, and the other is to enable attack information exchange among controllers, so they can find attacker and mitigate DDoS attack. The experimental results show that the proposed protocol can achieve high detection accuracy, find attackers accurately and mitigate DDoS attack traffic effectively with a relatively low cost and latency.

[1] Sufian Hameed,et al. SDN Based Collaborative Scheme for Mitigation of DDoS Attacks , 2018, Future Internet.

[2] Nirwan Ansari,et al. IP traceback with deterministic packet marking , 2003, IEEE Communications Letters.

[3] Ruby B. Lee,et al. Machine Learning Based DDoS Attack Detection from Source Side in Cloud , 2017, 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud).

[4] Prajwal Gaikwad,et al. Passive IP Traceback: Disclosing the Locations of IP Spoofers from Path Backscatter , 2017 .

[5] David R. Karger,et al. Chord: a scalable peer-to-peer lookup protocol for internet applications , 2003, TNET.

[6] Pynbianglut Hadem,et al. SMITE: an SDN and MPLS integrated traceback mechanism , 2017, SIN.

[7] Rodrigo Braga,et al. Lightweight DDoS flooding attack detection using NOX/OpenFlow , 2010, IEEE Local Computer Network Conference.

[8] Anna R. Karlin,et al. Practical network support for IP traceback , 2000, SIGCOMM.

[9] Xiaolin Li,et al. Detection and defense of DDoS attack–based on deep learning in OpenFlow‐based SDN , 2018, Int. J. Commun. Syst..

[10] Bill Cheswick,et al. Tracing Anonymous Packets to Their Approximate Source , 2000, LISA.