A detection method for a novel DDoS attack against SDN controllers by vast new low-traffic flows

Ping Dong, Xiaojiang Du, Hongke Zhang, Tong Xu

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

117 Scopus citations

Abstract

A Distributed Denial of Service (DDoS) attack against controllers is one of the key security threats of Software-Defined Networking (SDN). The breakdown of a controller may disrupt a whole SDN network. Nowadays, a novel DDoS means is that the attackers may generate vast new low-traffic flows to trigger malicious flooding requests to overload the controllers. It is difficult to prevent this attack, as the attackers may connect to any interface of any switch in an SDN network. In this paper, we propose an effective detection method, which is designed to detect the DDoS attack and to further locate the compromised interfaces the malicious attackers have connected. We first classify the flow events associated with an interface, then make a decision using Sequential Probability Ratio Test (SPRT), which has bounded false negative and false positive error rates. In addition, we evaluate the performance of the proposed method using DARPA Intrusion Detection Data Sets. We also discuss and compare our method to three other detection methods, which are based on the percentage, count, and entropy of the flows, respectively, and demonstrate the superiority of our method in terms of promptness, versatility and accuracy.

Original languageEnglish
Title of host publication2016 IEEE International Conference on Communications, ICC 2016
ISBN (Electronic)9781479966646
DOIs
StatePublished - 12 Jul 2016
Event2016 IEEE International Conference on Communications, ICC 2016 - Kuala Lumpur, Malaysia
Duration: 22 May 201627 May 2016

Publication series

Name2016 IEEE International Conference on Communications, ICC 2016

Conference

Conference2016 IEEE International Conference on Communications, ICC 2016
Country/TerritoryMalaysia
CityKuala Lumpur
Period22/05/1627/05/16

Keywords

  • DDoS
  • SDN
  • controller
  • detection

Fingerprint

Dive into the research topics of 'A detection method for a novel DDoS attack against SDN controllers by vast new low-traffic flows'. Together they form a unique fingerprint.

Cite this