ADVICE: Towards adaptive scheduling for data collection and DDoS detection in SDN

Abstract Distributed Denial of Service (DDoS) is one of the most rampant attacks which threaten network security. To overcome DDoS in Software-Defined Networking (SDN), many DDoS detection methods have been presented, among which periodic detection approaches with a specific interval are widely utilized. However, periodic data collection and DDoS detection may result in high network load occupancy between SDN controller and switches, high overhead of SDN controller, and long response time to DDoS attacks. Hence, in order to address those issues above, an ADaptiVe schedulIng for data Collection and DDoS dEtection (ADVICE) mechanism is proposed in this work, to flexibly adjust the data collection and detection interval and decrease the workload of the SDN controller. Instead of detects all flow entries at one period, ADVICE collects the flow statistic information with dynamic intervals and finely-grained initiate DDoS detection for each flow entry. Based on the survival time and credence degree of each flow entry, ADVICE can reduce the network load occupancy and assure the rapid detection of DDoS. Experimental results indicate that ADVICE can effectively minimize the controller's workload and optimize the usage of the limited switch-controller connection bandwidth, shorten the response time of DDoS attacks compared with state-of-the-art methods, and thus protect the network from various DDoS attacks.

[1]  Raj Jain,et al.  A Survey on Distributed Denial of Service (DDoS) Attacks in SDN and Cloud Computing Environments , 2019, IEEE Access.

[2]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[3]  Nick Feamster,et al.  The road to SDN: an intellectual history of programmable networks , 2014, CCRV.

[4]  Jian Zhu,et al.  SD-Anti-DDoS: Fast and efficient DDoS defense in software-defined networks , 2016, J. Netw. Comput. Appl..

[5]  David Erickson,et al.  The beacon openflow controller , 2013, HotSDN '13.

[6]  Georgios Kambourakis,et al.  Lightweight algorithm for protecting SDN controller against DDoS attacks , 2017, 2017 10th IFIP Wireless and Mobile Networking Conference (WMNC).

[7]  Javier Carmona-Murillo,et al.  Detection and Mitigation of DoS and DDoS Attacks in IoT-Based Stateful SDN: An Experimental Approach , 2020, Sensors.

[8]  Jagdeep Singh,et al.  Detection and mitigation of DDoS attacks in SDN: A comprehensive review, research challenges and future directions , 2020, Comput. Sci. Rev..

[9]  Yonggang Wen,et al.  “ A Survey of Software Defined Networking , 2020 .

[10]  Jie Wu,et al.  Optimal Filter Assignment Policy Against Distributed Denial-of-Service Attack , 2020 .

[11]  Majd Latah,et al.  A novel intelligent approach for detecting DoS flooding attacks in software-defined networks , 2018 .

[12]  David K. Y. Yau,et al.  Realtime DDoS Defense Using COTS SDN Switches via Adaptive Correlation Analysis , 2018, IEEE Transactions on Information Forensics and Security.

[13]  Gaurav Singal,et al.  DDOS Attack Detection & Prevention in SDN using OpenFlow Statistics , 2019, 2019 IEEE 9th International Conference on Advanced Computing (IACC).

[14]  Jin Ye,et al.  A DDoS Attack Detection Method Based on SVM in Software Defined Network , 2018, Secur. Commun. Networks.

[15]  B. B. Gupta,et al.  Taxonomy of DoS and DDoS attacks and desirable defense mechanism in a Cloud computing environment , 2017, Neural Computing and Applications.

[16]  Guo-Chih Hong,et al.  Dynamic Threshold for DDoS Mitigation in SDN Environment , 2019, 2019 Asia-Pacific Signal and Information Processing Association Annual Summit and Conference (APSIPA ASC).

[17]  Farsad Zamani Boroujeni,et al.  The DDoS attacks detection through machine learning and statistical methods in SDN , 2020, The Journal of Supercomputing.

[18]  Truong Thu Huong,et al.  Self-organizing map-based approaches in DDoS flooding detection using SDN , 2018, 2018 International Conference on Information Networking (ICOIN).

[19]  Ali Kashif Bashir,et al.  Towards sFlow and adaptive polling sampling for deep learning based DDoS detection in SDN , 2020, Future Gener. Comput. Syst..

[20]  Kensuke Fukuda,et al.  Seven Years and One Day: Sketching the Evolution of Internet Traffic , 2009, IEEE INFOCOM 2009.

[21]  Jisa David,et al.  Efficient DDoS flood attack detection using dynamic thresholding on flow-based network traffic , 2019, Comput. Secur..

[22]  Danilo Souza Silva,et al.  Machine learning algorithms to detect DDoS attacks in SDN , 2019, Concurr. Comput. Pract. Exp..

[23]  Mudar Sarem,et al.  DDoS Attack Detection Method Based on Improved KNN With the Degree of DDoS Attack in Software-Defined Networks , 2020, IEEE Access.

[24]  Van-Hau Pham,et al.  A role-based statistical mechanism for DDoS attack detection in SDN , 2018, 2018 5th NAFOSTED Conference on Information and Computer Science (NICS).

[25]  Chuan Heng Foh,et al.  Defending against Packet-In messages flooding attack under SDN context , 2018, Soft Comput..