Visible to the public An Effective DDoS Defense Scheme for SDN

Submitted by grigby1 on Mon, 11/19/2018 - 12:24pm
TitleAn Effective DDoS Defense Scheme for SDN
Publication TypeConference Paper
Year of Publication2017
AuthorsHuang, X., Du, X., Song, B.
Conference Name2017 IEEE International Conference on Communications (ICC)
Date PublishedMay 2017
PublisherIEEE
ISBN Number978-1-4673-8999-0
KeywordsComputer crime, computer network security, DDoS Attacks, distributed denial-of-service attacks, Entropy, honey pots, human factors, internetworking, IP networks, Logic gates, openflow switch, prediction value, pubcrawl, resilience, Resiliency, Scalability, SDN controller, security gateway, software defined networkcontroller, software defined networking, Switches, Taylor series
Abstract

In this paper, we propose a scheme to protect the Software Defined Network(SDN) controller from Distributed Denial-of-Service(DDoS) attacks. We first predict the amount of new requests for each openflow switch periodically based on Taylor series, and the requests will then be directed to the security gateway if the prediction value is beyond the threshold. The requests that caused the dramatic decrease of entropy will be filtered out and rules will be made in security gateway by our algorithm; the rules of these requests will be sent to the controller. The controller will send the rules to each switch to make them direct the flows matching with the rules to the honey pot. The simulation shows the averages of both false positive and false negative are less than 2%.
URLhttps://ieeexplore.ieee.org/document/7997187
DOI10.1109/ICC.2017.7997187
Citation Keyhuang_effective_2017
Groups: