Efficient Joint Detection and Defense Mechanism for DDoS Attack in SDN

doi:10.12068/j.issn.1005-3026.2020.09.001

Journal of Northeastern University Natural Science ›› 2020, Vol. 41 ›› Issue (9): 1217-1222.DOI: 10.12068/j.issn.1005-3026.2020.09.001

• Information & Control • Next Articles

Efficient Joint Detection and Defense Mechanism for DDoS Attack in SDN

ZENG Rong-fei¹， GAO Yuan²， WANG Xing-wei²， ZHANG Bang²

1.School of Software， Northeastern University， Shenyang 110169， China; 2.School of Computer Science & Engineering， Northeastern University， Shenyang 110169， China.

Received:2019-09-30 Revised:2019-09-30 Online:2020-09-15 Published:2020-09-15
Contact: WANG Xing-wei
About author:-
Supported by:
-

Abstract

Abstract: In order to defend against the DDoS attacks for SDN(software-defined networking) controller， this paper proposed an efficient joint detection and defense mechanism. The joint detection part adopted the combination of improved self-organizing mapping algorithm and multidimensional conditional entropy algorithm. By combining the two methods， the purpose of joint detection was achieved. The joint defense part includes a conventional defense module and a fast defense module， which adopts different defense strategies for different detection results by adjusting the priority. Extensive experimental results showed that the joint detection mechanism can achieve a detection rate of 95.2%， and the response time of the joint defense mechanism to the controller can be reduced by 0.11s on average， compared with the single defense mechanism.

Key words: software-defined networking, distributed denial of service attack, improved self-organizing mapping algorithm, multidimensional conditional entropy algorithm, priority

CLC Number:

TP393.08

ZENG Rong-fei， GAO Yuan， WANG Xing-wei， ZHANG Bang. Efficient Joint Detection and Defense Mechanism for DDoS Attack in SDN[J]. Journal of Northeastern University Natural Science, 2020, 41(9): 1217-1222.

References

[1]Erel M，Teoman E，zevik Y，et al.Scalability analysis and flow admission control in mininet-based SDN environment［C］//Proceedings of the IEEE Conference on Network Function Virtualization and Software Defined Network (NFV-SDN).San Francisco，CA，2015:18-19.
[2]Jain S，Kumar A，Mandal S，et al.B4:experience with a globally-deployed software defined WAN［C］//Proceedings of the ACM SIGCOMM Computer Communication Review.Hong Kong，2013:3-14.
[3]Luo T，Tan H P，Quek T Q S.Sensor OpenFlow:enabling software-defined wireless sensor networks［J］.IEEE Communications Letters，2012，16(11):1896-1899.
[4]Natarajan S，Ramaiah A，Mathen M.A software defined cloud-gateway automation system using OpenFlow［C］//Proceedings of the 2013 IEEE the 2nd International Conference on Cloud Networking (CloudNet).San Francisco，CA，2013:219-226.
[5]Gao L L，Zheng L，Qiu Z L，et al.Research on model of five-level scheduling based on SDN［C］//Proceedings of the International Conference on Computer，Information and Telecommunication Systems (CITS).Colmar，France，2018:1-5.
[6]Mousavi S M，St-Hilaire M.Early detection of DDoS attacks against SDN controllers［C］//Proceedings of the 2015 International Conference on Computing，Networking and Communications (ICNC).Anaheim，CA，2015:77-81.
[7]Li M，Dongliang W.Anormaly intrusion detection based on SOM［C］//Proceedings of the 2009 WASE International Conference on Information Engineering.Taiyuan，2009:40-43.
[8]Jiang D，Yang Y，Xia M.Research on intrusion detection based on an improved SOM neural network［C］//Proceedings of the 2009 Fifth International Conference on Information Assurance and Security.Xi’an，2009:400-403.
[9]Vokorokos L，Balaz A，Chovanec M.Intrusion detection system using self organizing map［J］.Acta Electrotechnica et Informatica，2006，6(1):1-6.
[10]Huang H，Xu H，Wang X，et al.Maximum F1-score discriminative training criterion for automatic mispronunciation detection［J］.IEEE/ZACM Transactions on Audio，Speech，and Language Processing，2015，23(4):787-797.
[11]Borgnat P，Dewaele G，Fukuda K，et al.Seven years and one day:sketching the evolution of Internet traffic［C］//International Conference on Computer Communications.Rio de Janeiro，2009:711-719.
[15]关守平，房少纯.一种新型的区间-粒子群优化算法［J］.东北大学学报(自然科学版)，2012，33(10):1381-1384.(Guan Shou-ping，Fang Shao-chun.A new interval particle swarm optimization algorithm［J］.Journal of Northeastern University(Natural Science)，2012，33(10):1381-1384.)

Efficient Joint Detection and Defense Mechanism for DDoS Attack in SDN

RichHTML

PDF (PC)

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 2

Recommended Articles

Metrics

Comments

[1]	JIANG Yan-ping， SONG Xin-chao， SHAO Xin-ran. Matching Model for Private Idle Parking Spaces and Demanders Between Dual-Role Agents [J]. Journal of Northeastern University(Natural Science), 2022, 43(4): 591-599.
[2]	LIN Yongjie， YANG Xianfeng， ZOU Nan， JIA Lei. New Passive Transit Signal Priority Control Strategy for the Bus Vehicles at Urban Arteries [J]. Journal of Northeastern University, 2013, 34(9): 1227-1231.