Efficient Joint Detection and Defense Mechanism for DDoS Attack in SDN

被引：1

作者：

Zeng R.-F. ^{[1
]}

Gao Y. ^{[2
]}

Wang X.-W. ^{[2
]}

Zhang B. ^{[2
]}

机构：

[1] School of Software, Northeastern University, Shenyang

[2] School of Computer Science & Engineering, Northeastern University, Shenyang

来源：

Dongbei Daxue Xuebao/Journal of Northeastern University | 2020年 / 41卷 / 09期

关键词：

Distributed denial of service attack; Improved self-organizing mapping algorithm; Multidimensional conditional entropy algorithm; Priority; Software-defined networking;

D O I：

10.12068/j.issn.1005-3026.2020.09.001

中图分类号：

学科分类号：

摘要：

In order to defend against the DDoS attacks for SDN(software-defined networking) controller, this paper proposed an efficient joint detection and defense mechanism. The joint detection part adopted the combination of improved self-organizing mapping algorithm and multidimensional conditional entropy algorithm. By combining the two methods, the purpose of joint detection was achieved. The joint defense part includes a conventional defense module and a fast defense module, which adopts different defense strategies for different detection results by adjusting the priority. Extensive experimental results showed that the joint detection mechanism can achieve a detection rate of 95.2%, and the response time of the joint defense mechanism to the controller can be reduced by 0.11 s on average, compared with the single defense mechanism. © 2020, Editorial Department of Journal of Northeastern University. All right reserved.

引用

页码：1217 / 1222

页数：5

共 11 条

[1] Erel M, Teoman E, Ozcevik Y, Et al., Scalability analysis and flow admission control in mininet-based SDN environment, Proceedings of the IEEE Conference on Network Function Virtualization and Software Defined Network (NFV-SDN), pp. 18-19, (2015)
[2] Jain S, Kumar A, Mandal S, Et al., B4: experience with a globally-deployed software defined WAN, Proceedings of the ACM SIGCOMM Computer Communication Review, pp. 3-14, (2013)
[3] Luo T, Tan H P, Quek T Q S., Sensor OpenFlow: enabling software-defined wireless sensor networks, IEEE Communications Letters, 16, 11, pp. 1896-1899, (2012)
[4] Natarajan S, Ramaiah A, Mathen M., A software defined cloud-gateway automation system using OpenFlow, Proceedings of the 2013 IEEE the 2nd International Conference on Cloud Networking (CloudNet), pp. 219-226, (2013)
[5] Gao L L, Zheng L, Qiu Z L, Et al., Research on model of five-level scheduling based on SDN, Proceedings of the International Conference on Computer, Information and Telecommunication Systems (CITS), pp. 1-5, (2018)
[6] Mousavi S M, St-Hilaire M., Early detection of DDoS attacks against SDN controllers, Proceedings of the 2015 International Conference on Computing, Networking and Communications (ICNC), pp. 77-81, (2015)
[7] Li M, Dongliang W., Anormaly intrusion detection based on SOM, Proceedings of the 2009 WASE International Conference on Information Engineering, pp. 40-43, (2009)
[8] Jiang D, Yang Y, Xia M., Research on intrusion detection based on an improved SOM neural network, Proceedings of the 2009 Fifth International Conference on Information Assurance and Security, pp. 400-403, (2009)
[9] Vokorokos L, Balaz A, Chovanec M., Intrusion detection system using self organizing map, Acta Electrotechnica et Informatica, 6, 1, pp. 1-6, (2006)
[10] Huang H, Xu H, Wang X, Et al., Maximum F1-score discriminative training criterion for automatic mispronunciation detection, IEEE/ZACM Transactions on Audio, Speech, and Language Processing, 23, 4, pp. 787-797, (2015)

← 1 2 →