Low-Rate DDoS Attack Detection Based on Factorization Machine in Software Defined Network

As the Software Define Network (SDN) adopts centralized control logic, it is vulnerable to various types of Distributed Denial of Service (DDoS) attacks. At present, almost all the research work focuses on high-rate DDoS attack against the SDN control layer. Moreover, most of the existing detection methods are effective for high-rate DDoS attack detection of the control layer, while a low-rate DDoS attack against the SDN data layer is highly concealed, and the detection accuracy against this kind of attack is low. In order to improve the detection accuracy of the low-rate DDoS attack against the SDN data layer, this paper studies the mechanism of such attacks, and then proposes a multi-feature DDoS attack detection method based on Factorization Machine (FM). The features extracted from the flow rules are used to detect low-rate DDoS attacks, and the detection of low-rate DDoS attacks based on FM machine learning algorithms is implemented. The experimental results show that the method can effectively detect the low-rate DDoS attack against the SDN data layer, and the detection accuracy reaches 95.80 percent. Because FM algorithm can achieve fine-grained detection for low-rate DDoS attack, which provides a reliable condition for defending against such attacks. Finally, this paper proposes a defense method based on dynamic deletion of flow rules, and carries out experimental simulation and analysis to prove the effectiveness of the defense method, and the success rate of forwarding normal packets reached 97.85 percent.

[1]  Song Guo,et al.  Can We Beat DDoS Attacks in Clouds? , 2014, IEEE Transactions on Parallel and Distributed Systems.

[2]  F. Richard Yu,et al.  Software-Defined Networking (SDN) and Distributed Denial of Service (DDoS) Attacks in Cloud Computing Environments: A Survey, Some Research Issues, and Challenges , 2016, IEEE Communications Surveys & Tutorials.

[3]  Subhasis Banerjee,et al.  Compact TCAM: Flow Entry Compaction in TCAM for Power Aware SDN , 2013, ICDCN.

[4]  Wenzhong Lin,et al.  An SDNFV-Based DDoS Defense Technology for Smart Cities , 2019, IEEE Access.

[5]  Antonio Pescapè,et al.  A tool for the generation of realistic network workload for emerging networking scenarios , 2012, Comput. Networks.

[6]  Yaohui Jin,et al.  Intelligent timeout master: Dynamic timeout for SDN-based data centers , 2015, 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM).

[7]  Vinod Yegneswaran,et al.  AVANT-GUARD: scalable and vigilant switch flow management in software-defined networks , 2013, CCS.

[8]  Fatih Alagöz,et al.  SDNScore: A statistical defense mechanism against DDoS attacks in SDN environment , 2017, 2017 IEEE Symposium on Computers and Communications (ISCC).

[9]  Fernando M. V. Ramos,et al.  Software-Defined Networking: A Comprehensive Survey , 2014, Proceedings of the IEEE.

[10]  Jianhua Li,et al.  Big Data Analysis-Based Secure Cluster Management for Optimized Control Plane in Software-Defined Networks , 2018, IEEE Transactions on Network and Service Management.

[11]  Mohammed Moin Mulla,et al.  Detection of distributed denial of service attacks in software defined networks , 2016, 2016 International Conference on Advances in Computing, Communications and Informatics (ICACCI).

[12]  Marc St-Hilaire,et al.  Early detection of DDoS attacks against SDN controllers , 2015, 2015 International Conference on Computing, Networking and Communications (ICNC).

[13]  Vivek Nigam,et al.  Slow TCAM Exhaustion DDoS Attack , 2017, SEC.

[14]  Giovanni Chiola,et al.  Mobile executions of Slow DoS Attacks , 2016, Log. J. IGPL.

[15]  Vivek Nigam,et al.  A Selective Defense for Application Layer DDoS Attacks , 2014, 2014 IEEE Joint Intelligence and Security Informatics Conference.

[16]  Yang Wang,et al.  SGS: Safe-Guard Scheme for Protecting Control Plane Against DDoS Attacks in Software-Defined Networking , 2019, IEEE Access.

[17]  Keqin Li,et al.  SDNFV-Based Dynamic Network Function Deployment: Model and Mechanism , 2018, IEEE Communications Letters.

[18]  Giovanni Chiola,et al.  Designing and Modeling the Slow Next DoS Attack , 2015, CISIS-ICEUTE.

[19]  Qi Hao,et al.  A Survey on Software-Defined Network and OpenFlow: From Concept to Implementation , 2014, IEEE Communications Surveys & Tutorials.

[20]  Gürkan Gür,et al.  JESS: Joint Entropy-Based DDoS Defense Scheme in SDN , 2018, IEEE Journal on Selected Areas in Communications.

[21]  Albert G. Greenberg,et al.  The nature of data center traffic: measurements & analysis , 2009, IMC '09.

[22]  Ahmed Toumanari,et al.  Survey of Security in Software-Defined Network , 2017 .

[23]  D. G. Narayan,et al.  Detection of distributed denial of service attacks using machine learning algorithms in software defined networks , 2017, 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI).

[24]  Rodrigo Braga,et al.  Lightweight DDoS flooding attack detection using NOX/OpenFlow , 2010, IEEE Local Computer Network Conference.

[25]  Markku Antikainen,et al.  Denial-of-service attacks in OpenFlow SDN networks , 2015, 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM).

[26]  Ghufran Ahmed,et al.  Deep Learning based Ensemble Convolutional Neural Network Solution for Distributed Denial of Service Detection in SDNs , 2019, 2019 UK/ China Emerging Technologies (UCET).

[27]  Steffen Rendle,et al.  Factorization Machines , 2010, 2010 IEEE International Conference on Data Mining.

[28]  Joel J. P. C. Rodrigues,et al.  Hybrid Deep-Learning-Based Anomaly Detection Scheme for Suspicious Flow Detection in SDN: A Social Multimedia Perspective , 2019, IEEE Transactions on Multimedia.

[29]  Vijay Mann,et al.  SPHINX: Detecting Security Attacks in Software-Defined Networks , 2015, NDSS.