An effective DDoS defense scheme for SDN

Xueli Huang, Xiaojiang Du, Bin Song

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

29 Scopus citations

Abstract

In this paper, we propose a scheme to protect the Software Defined Network(SDN) controller from Distributed Denial-of-Service(DDoS) attacks. We first predict the amount of new requests for each openflow switch periodically based on Taylor series, and the requests will then be directed to the security gateway if the prediction value is beyond the threshold. The requests that caused the dramatic decrease of entropy will be filtered out and rules will be made in security gateway by our algorithm; the rules of these requests will be sent to the controller. The controller will send the rules to each switch to make them direct the flows matching with the rules to the honey pot. The simulation shows the averages of both false positive and false negative are less than 2%.

Original languageEnglish
Title of host publication2017 IEEE International Conference on Communications, ICC 2017
EditorsMerouane Debbah, David Gesbert, Abdelhamid Mellouk
ISBN (Electronic)9781467389990
DOIs
StatePublished - 28 Jul 2017
Event2017 IEEE International Conference on Communications, ICC 2017 - Paris, France
Duration: 21 May 201725 May 2017

Publication series

NameIEEE International Conference on Communications
ISSN (Print)1550-3607

Conference

Conference2017 IEEE International Conference on Communications, ICC 2017
Country/TerritoryFrance
CityParis
Period21/05/1725/05/17

Fingerprint

Dive into the research topics of 'An effective DDoS defense scheme for SDN'. Together they form a unique fingerprint.

Cite this