For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
Defending DDoS Attacks in Software-Defined Networking Based on Legitimate Source and Destination IP Address Database
Xiulei WANG Ming CHEN Changyou XING Tingting ZHANG
IEICE TRANSACTIONS on Information and Systems
Publication Date: 2016/04/01
Online ISSN: 1745-1361
Type of Manuscript: Special Section PAPER (Special Section on Information and Communication System Security)
Category: Network security
network security, DDoS attacks, software-defined networking, non-parametric CUSUM,
Full Text: PDF(1.8MB)>>
The availability is an important issue of software-defined networking (SDN). In this paper, the experiments based on a SDN testbed showed that the resource utilization of the data plane and control plane changed drastically when DDoS attacks happened. This is mainly because the DDoS attacks send a large number of fake flows to network in a short time. Based on the observation and analysis, a DDoS defense mechanism based on legitimate source and destination IP address database is proposed in this paper. Firstly, each flow is abstracted as a source-destination IP address pair and a legitimate source-destination IP address pair database (LSDIAD) is established by historical normal traffic trace. Then the proportion of new source-destination IP address pair in the traffic per unit time is cumulated by non-parametric cumulative sum (CUSUM) algorithm to detect the DDoS attacks quickly and accurately. Based on the alarm from the non-parametric CUSUM, the attack flows will be filtered and redirected to a middle box network for deep analysis via south-bound API of SDN. An on-line updating policy is adopted to keep the LSDIAD timely and accurate. This mechanism is mainly implemented in the controller and the simulation results show that this mechanism can achieve a good performance in protecting SDN from DDoS attacks.