Software defined networks (SDNs) are innovative network frameworks that have recently received wide attention. Their programming flexibility facilitates automatic network management and control, thus mitigating existing issues in the traditional network architecture. However, SDNs face several security risks, in particular denial-of-service (DoS) attacks, the most common and serious network attacks. To address such a threat, an SDN-DoS attack detection method is proposed based on fusing multiple flow features for describing the network catastrophe between the normal and the attack state. Several statistic attributes of SDN flow information are first chosen as detection features; subsequently, the cusp model is used to establish a catastrophe equilibrium surface for SDN states. After being trained, the cusp catastrophe model can be utilized to infer whether an SDN is under DoS attack. The experimental results demonstrate that the method can effectively and timely perceive SDN-DoS attacks, not only in simple networks but also in larger enterprise networks.
This is a preview of subscription content, access via your institution.
Buy single article
Instant access to the full article PDF.
Tax calculation will be finalised during checkout.
Nunes B A A, Mendonca M, Nguyen X N, et al. A survey of software-defined networking: past, present, and future of programmable networks. IEEE Commun Surv Tut, 2014, 16: 1617–1634
Kreutz D, Ramos F, Verissimo P, et al. Software-defined networking: a comprehensive survey. Proc IEEE, 2015, 103: 14–76
Kreutz D, Ramos F, Verissimo P. Towards secure and dependable software-defined networks. In: Proceedings of the 2nd ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, Hong Kong, 2013. 55–60
Shin S, Gu G F. Attacking software-defined networks: a first feasibility study. In: Proceedings of the 2nd ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, Hong Kong, 2013. 165–166
Kandoi R, Antikainen M. Denial-of-service attacks in OpenFlow SDN networks. In: Proceedings of IFIP/IEEE the 1st International Workshop on Security for Emerging Distributed Network Technologies (DISSECT), Ottawa, 2015. 1323–1326
McKeown N, Anderson T, Balakrishnan H, et al. OpenFlow: enabling innovation in campus networks. ACM SIGCOMM Comp Commun Rev, 2008, 38: 69–74
Yan Q, Yu F R, Gong Q, et al. Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: a survey, some research issues, and challenges. IEEE Commun Surv Tut, 2016, 18: 602–622
Shin S, Yegneswaran V, Porras P, et al. Avant-guard: scalable and vigilant switch flow management in softwaredefined networks. In: Proceedings of ACM SIGSAC Conference on Computer & Communications Security, Berlin, 2013. 413–424
Wang H P, Xu L, Gu G F. FloodGuard: a DoS attack prevention extension in software-defined networks. In: Proceedings of the 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2015
Giotis K, Argyropoulos C, Androulidakis G, et al. Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments. Comput Netw, 2014, 62: 122–136
Mousavi S M, St-Hilaire M. Early detection of DDoS attacks against SDN controllers. In: Proceedings of 2015 International Conference on Computing, Networking and Communications, Garden Grove, 2015. 77–81
Braga R, Mota E, Passito A. Lightweight DDoS flooding attack detection using NOX/OpenFlow. In: Proceedings of the 35th Annual IEEE Conference on Local Computer Networks, Denver, 2010. 408–415
Yao L Y, Dong P, Zhang H K. Distributed denial of service attack detection based on object character in software defined network. Chin J Electron Inform Tech, 2017, 39: 381–388
Porras P, Shin S, Yegneswaran V, et al. A security enforcement kernel for OpenFlow networks. In: Proceedings of SIGGCOMM 1st Workshop on HotSDN. New York: ACM, 2012. 121–126
Shin S, Porras P, Yegneswaran V, et al. Fresco: modular composable security services for software-defined networks. In: Proceedings of NDSS, 2013. 1–15
Yao G, Bi J, Xiao P Y. Source address validation solution with openflow nox architecture. In: Proceedings of the 19th IEEE International Conference on Network Protocols, Vancouver, 2011. 7–12
Fayaz S K, Tobioka Y, Sekar V, et al. Bohatei: flexible and elastic DDoS defense. In: Proceedings of the 24th USENIX Conference on Security Symposium, Washington, 2015. 817–832
Mirkovic J, Reiher P. A taxonomy of DDoS attack and DDoS defense mechanisms. Comput Commun Rev, 2004, 34: 39–53
Zargar S T, Joshi J, Tipper D. A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Commun Surv Tut, 2013, 15: 2046–2069
Huang Y, Geng X J, Whinston A B. Defeating DDoS attacks by fixing the incentive chain. ACM Trans Inter Tech, 2007, 7: 5
Thom R. Structure stability, catastrophe theory, and applied mathematics. SIAM Rev, 1977, 19: 189–201
Stamovlasis D. Catastrophe theory: methodology, epistemology, and applications in learning science. In: Complex Dynamical Systems in Education. Berlin: Springer, 2016. 141–175
Guo R, Yin H, Wang D, et al. Research on the active DDoS filtering algorithm based on IP flow. In: Proceedings of IEEE 5th International Conference on Natural Computation, 2009. 628–632
Gude N, Koponen T, Pettit J, et al. NOX: towards an operating system for networks. Comput Commun Rev, 2008, 38: 105–110
Rauber A, Merkl D, Dittenbach M. The growing hierarchical self-organizing map: exploratory analysis of highdimensional data. IEEE Trans Neural Netw, 2002, 13: 1331–1341
Ashraf J, Latif S. Handling intrusion and DDoS attacks in software defined networks using machine learning techniques. In: Proceedings of IEEE 2014 National Software Engineering Conference (NSEC), Event-Karachi, 2014. 55–60
This work was supported by National Natural Science Foundation of China (Grant Nos. 61402525, 61402526, 61502528), Key Scientific Research Projects of Henan Province Education Department (Grant No. 18A520004), and Henan Province Science and Technology Projects (Grant No. 182102310925). We also thank Zhong HUA for interesting and helpful discussion on the ideas presented here.
About this article
Cite this article
Guo, Y., Miao, F., Zhang, L. et al. CATH: an effective method for detecting denial-of-service attacks in software defined networks. Sci. China Inf. Sci. 62, 32106 (2019). https://doi.org/10.1007/s11432-017-9439-7
- DoS attacks
- software defined network
- flow features
- cusp model
- equilibrium surface