Abstract
Software defined network (SDN) is the key part of the next generation networks. Its central controller enables the high programmability and flexibility. However, SDN can be easily disrupted by a new DDoS attack which triggers enormous Packet_IN messages. Since the existing solutions focus on checking current network states with content feature to detect the attack, they can possibly be misled. In this paper, we propose a detection and defense scheme against the DDoS attack based on the time feature. Specifically, the time feature is the hit rate gradient of the flow table. We first extract the temporal behavior of an attack. A back propagation neural network is trained to extract an attack pattern and used to recognize an attack. Then either a defense or recovery action will be taken. We test our scheme with the DARPA 1999 intrusion detection data set and compare our scheme with another method using sequential probability ratio test (SPRT). The experiment and evaluation show that our scheme enables the real-time detection, effective defense and quick recovery from DDoS attacks.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abdelmoniem, A.M., Bensaou, B., Abu, A.J.: SICC: SDN-based incast congestion control for data centers. In: IEEE International Conference on Communications, ICC 2017, Paris, France, 21–25 May 2017, pp. 1–6 (2017). https://doi.org/10.1109/ICC.2017.7996826
Akhunzada, A., Ahmed, E., Gani, A., Khan, M.K., Razzak, M.I., Guizani, S.: Securing software defined networks: taxonomy, requirements, and open issues. IEEE Commun. Mag. 53(4), 36–44 (2015). https://doi.org/10.1109/MCOM.2015.7081073
Bizanis, N., Kuipers, F.A.: SDN and virtualization solutions for the internet of things: a survey. IEEE Access 4, 5591–5606 (2016). https://doi.org/10.1109/ACCESS.2016.2607786
Braga, R., de Souza Mota, E., Passito, A.: Lightweight DDOS flooding attack detection using NOX/OpenFlow. In: Proceedings of the 35th Annual IEEE Conference on Local Computer Networks, LCN 2010, 10–14 October 2010, Denver, Colorado, USA, pp. 408–415 (2010). https://doi.org/10.1109/LCN.2010.5735752
Dayal, N., Srivastava, S.: Analyzing behavior of DDOS attacks to identify DDOS detection features in SDN. In: 9th International Conference on Communication Systems and Networks, COMSNETS 2017, 4–8 January 2017, Bengaluru, India, pp. 274–281 (2017). https://doi.org/10.1109/COMSNETS.2017.7945387
Dong, P., Du, X., Zhang, H., Xu, T.: A detection method for a novel DDOS attack against SDN controllers by vast new low-traffic flows. In: 2016 IEEE International Conference on Communications, ICC 2016, 22–27 May 2016, Kuala Lumpur, Malaysia, pp. 1–6 (2016). https://doi.org/10.1109/ICC.2016.7510992
Huang, X., Du, X., Song, B.: An effective DDOS defense scheme for SDN. In: IEEE International Conference on Communications, ICC 2017, 21–25 May 2017, Paris, France, pp. 1–6 (2017). https://doi.org/10.1109/ICC.2017.7997187
Kotani, D., Okabe, Y.: A packet-in message filtering mechanism for protection of control plane in OpenFlow networks. In: Proceedings of the 10th ACM/IEEE Symposium on Architectures for Networking and Communications Systems, ANCS 2014, 20–21 October 2014, Los Angeles, CA, USA, pp. 29–40 (2014). https://doi.org/10.1145/2658260.2658276
Kreutz, D., Bessani, A.N., Feitosa, E., Cunha, H.: Towards secure and dependable authentication and authorization infrastructures. In: 20th IEEE Pacific Rim International Symposium on Dependable Computing, PRDC 2014, 18–21 November 2014, Singapore, pp. 43–52 (2014). https://doi.org/10.1109/PRDC.2014.14
LeCun, Y., Bengio, Y., Hinton, G.E.: Deep learning. Nature 521(7553), 436–444 (2015). https://doi.org/10.1038/nature14539
McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G.M., Peterson, L.L., Rexford, J., Shenker, S., Turner, J.S.: OpenFlow: enabling innovation in campus networks. Comput. Commun. Rev. 38(2), 69–74 (2008). https://doi.org/10.1145/1355734.1355746
MITLincolnLaboratory: DARPA 1999 Intrusion Detection Data Set. https://www.ll.mit.edu/ideval/docs/attackDB.html
Mousavi, S.M., St-Hilaire, M.: Early detection of DDOS attacks against SDN controllers. In: International Conference on Computing, Networking and Communications, ICNC 2015, 16–19 February 2015, Garden Grove, CA, USA, pp. 77–81 (2015). https://doi.org/10.1109/ICCNC.2015.7069319
Kokila, R.T., Selvi, S.T., Govindarajan, K.: DDOS detection and analysis in SDN-based environment using support vector machine classifier. In: 2014 6th International Conference on Advanced Computing (ICoAC), pp. 205–210, December 2014
Shin, S., Gu, G.: Attacking software-defined networks: a first feasibility study. In: Proceedings of the 2nd ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, HotSDN 2013, Friday, 16 August 2013, pp. 165–166. The Chinese University of Hong Kong, Hong Kong (2013). https://doi.org/10.1145/2491185.2491220
Wang, R., Jia, Z., Ju, L.: An entropy-based distributed DDOS detection mechanism in software-defined networking. In: 2015 IEEE TrustCom/BigDataSE/ISPA, 20–22 August 2015, Helsinki, Finland, vol. 1, pp. 310–317 (2015). https://doi.org/10.1109/Trustcom.2015.389
Xu, Y., Liu, Y.: DDOS attack detection under SDN context. In: 35th Annual IEEE International Conference on Computer Communications, INFOCOM 2016, 10–14 April 2016, San Francisco, CA, USA, pp. 1–9 (2016). https://doi.org/10.1109/INFOCOM.2016.7524500
Yan, Q., Gong, Q., Deng, F.: Detection of DDOS attacks against wireless SDN controllers based on the fuzzy synthetic evaluation decision-making model. Ad Hoc Sens. Wirel. Netw. 33(1–4), 275–299 (2016). http://www.oldcitypublishing.com/journals/ahswn-home/ahswn-issue-contents/ahswn-volume-33-number-1-4-2016/ahswn-33-1-4-p-275-299/
Zargar, S.T., Joshi, J., Tipper, D.: A survey of defense mechanisms against distributed denial of service (DDOS) flooding attacks. IEEE Commun. Surv. Tutor. 15(4), 2046–2069 (2013). https://doi.org/10.1109/SURV.2013.031413.00127
Zhang, Y.: An adaptive flow counting method for anomaly detection in SDN. In: Conference on Emerging Networking Experiments and Technologies, CoNEXT 2013, 9–12 December 2013, Santa Barbara, CA, USA, pp. 25–30 (2013). https://doi.org/10.1145/2535372.2535411
Acknowledgments
The work was supported by the National Natural Science Foundation of China (No. 61572001, No. 61502008, No. 61702005), The Natural Science Foundation of Anhui Province (No. 1508085QF132, No. 1708085QF136), and the Excellent Talent Project of Anhui University. The authors are very grateful to the anonymous referees for their detailed comments and suggestions regarding this paper.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Cui, J., He, J., Xu, Y., Zhong, H. (2018). TDDAD: Time-Based Detection and Defense Scheme Against DDoS Attack on SDN Controller. In: Susilo, W., Yang, G. (eds) Information Security and Privacy. ACISP 2018. Lecture Notes in Computer Science(), vol 10946. Springer, Cham. https://doi.org/10.1007/978-3-319-93638-3_37
Download citation
DOI: https://doi.org/10.1007/978-3-319-93638-3_37
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-93637-6
Online ISBN: 978-3-319-93638-3
eBook Packages: Computer ScienceComputer Science (R0)