Early detection of DDoS attacks against SDN controllers

A Software Defined Network (SDN) is a new network architecture that provides central control over the network. Although central control is the major advantage of SDN, it is also a single point of failure if it is made unreachable by a Distributed Denial of Service (DDoS) Attack. To mitigate this threat, this paper proposes to use the central control of SDN for attack detection and introduces a solution that is effective and lightweight in terms of the resources that it uses. More precisely, this paper shows how DDoS attacks can exhaust controller resources and provides a solution to detect such attacks based on the entropy variation of the destination IP address. This method is able to detect DDoS within the first five hundred packets of the attack traffic.

[1]  Jie Zhang,et al.  An advanced entropy-based DDOS detection scheme , 2010, 2010 International Conference on Information, Networking and Automation (ICINA).

[2]  Dan Schnackenberg,et al.  Statistical approaches to DDoS attack detection and response , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[3]  Shawn Ostermann,et al.  Detecting Anomalous Network Traffic with Self-organizing Maps , 2003, RAID.

[4]  Martín Casado,et al.  NOX: towards an operating system for networks , 2008, CCRV.

[5]  Guofei Gu,et al.  CloudWatcher: Network security monitoring using OpenFlow in dynamic cloud networks (or: How to provide security monitoring as a service in clouds?) , 2012, 2012 20th IEEE International Conference on Network Protocols (ICNP).

[6]  Toshinori Sueyoshi,et al.  Early DoS/DDoS Detection Method using Short-term Statistics , 2010, 2010 International Conference on Complex, Intelligent and Software Intensive Systems.

[7]  Ilkyeun Ra,et al.  An efficient and reliable DDoS attack detection using a fast entropy computation method , 2009, 2009 9th International Symposium on Communications and Information Technology.

[8]  Sy-Yen Kuo,et al.  Design of event-based Intrusion Detection System on OpenFlow Network , 2013, 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).