| Title | Distributed Denial of Service Defense in Software Defined Network Using OpenFlow |
| Publication Type | Conference Paper |
| Year of Publication | 2020 |
| Authors | Zhai, P., Song, Y., Zhu, X., Cao, L., Zhang, J., Yang, C. |
| Conference Name | 2020 IEEE/CIC International Conference on Communications in China (ICCC) |
| Keywords | application plane, centralized control, composability, Computer crime, computer network security, control plane, data plane, DDoS, DDoS Attacks, denial-of-service attack, distributed denial of service attacks, Distributed Denial of Service defense, dynamic networks, dynamic threshold, Entropy, exponentially weighted moving average algorithm, Heuristic algorithms, IP networks, Metrics, moving average processes, network architecture solution, network security threats, OpenFlow, OpenFlow protocol, Protocols, pubcrawl, Renyi entropy, resilience, Resiliency, SDN, security, Software Defined Network, software defined networking, telecommunication traffic, traditional network system |
| Abstract | Software Defined Network (SDN) is a new type of network architecture solution, and its innovation lies in decoupling traditional network system into a control plane, a data plane, and an application plane. It logically implements centralized control and management of the network, and SDN is considered to represent the development trend of the network in the future. However, SDN still faces many security challenges. Currently, the number of insecure devices is huge. Distributed Denial of Service (DDoS) attacks are one of the major network security threats.This paper focuses on the detection and mitigation of DDoS attacks in SDN. Firstly, we explore a solution to detect DDoS using Renyi entropy, and we use exponentially weighted moving average algorithm to set a dynamic threshold to adapt to changes of the network. Second, to mitigate this threat, we analyze the historical behavior of each source IP address and score it to determine the malicious source IP address, and use OpenFlow protocol to block attack source.The experimental results show that the scheme studied in this paper can effectively detect and mitigate DDoS attacks. |
| DOI | 10.1109/ICCC49849.2020.9238872 |
| Citation Key | zhai_distributed_2020 |
Distributed Denial of Service Defense in Software Defined Network Using OpenFlow