TY - GEN
T1 - Detecting distributed cyber attacks in SDN based on automatic thresholding
AU - Komiya, Ryousuke
AU - Feng, Yaokai
AU - Sakurai, Kouichi
N1 - Funding Information:
This work was partially supported by JSPS KAKENHI Grant Numbers JP17K00187 and JP18K11295. This work is also partially supported by Strategic International Research Cooperative Program, Japan Science and Technology Agency (JST)
PY - 2018/12/26
Y1 - 2018/12/26
N2 - Distributed Cyber Attack launched from many hosts simultaneously has become one of the most sophisticated and the most dangerous attacks in the cyber world including the traditional Internet and the SDN (Software Defined Networking) environments. As a kind of centralized network environment, the SDN has been greatly developed and popularized in recent years, especially in cloud systems. Thus, how to efficiently detect distributed attacks in SDN environments has attracted great attentions in academia and industry and various researches have been done to counter such attacks. The latest related researches made attempts to exploit the information of the PacketIn packets collected in the SDN controller and those methods proved efficient for detecting distributed cyber attacks in SDN environments. However, such methods adopted a threshold for distinguishing between attacks and normal situations. The threshold must be properly determined manually in advance, which is not easy in many applications even for experts. In this study, we try to automatically extract a proper threshold from the historical data of the monitored SDN environment so that the difficult parameter-tuning (determination of the threshold) process can be removed. In addition, because the extracted threshold can well reflect the actual situations of the monitored environment, a better detection performance than the existing approaches can be expected. The detection performance of our proposal is also tested using real traffic data.
AB - Distributed Cyber Attack launched from many hosts simultaneously has become one of the most sophisticated and the most dangerous attacks in the cyber world including the traditional Internet and the SDN (Software Defined Networking) environments. As a kind of centralized network environment, the SDN has been greatly developed and popularized in recent years, especially in cloud systems. Thus, how to efficiently detect distributed attacks in SDN environments has attracted great attentions in academia and industry and various researches have been done to counter such attacks. The latest related researches made attempts to exploit the information of the PacketIn packets collected in the SDN controller and those methods proved efficient for detecting distributed cyber attacks in SDN environments. However, such methods adopted a threshold for distinguishing between attacks and normal situations. The threshold must be properly determined manually in advance, which is not easy in many applications even for experts. In this study, we try to automatically extract a proper threshold from the historical data of the monitored SDN environment so that the difficult parameter-tuning (determination of the threshold) process can be removed. In addition, because the extracted threshold can well reflect the actual situations of the monitored environment, a better detection performance than the existing approaches can be expected. The detection performance of our proposal is also tested using real traffic data.
UR - http://www.scopus.com/inward/record.url?scp=85061440107&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85061440107&partnerID=8YFLogxK
U2 - 10.1109/CANDARW.2018.00083
DO - 10.1109/CANDARW.2018.00083
M3 - Conference contribution
AN - SCOPUS:85061440107
T3 - Proceedings - 2018 6th International Symposium on Computing and Networking Workshops, CANDARW 2018
SP - 417
EP - 423
BT - Proceedings - 2018 6th International Symposium on Computing and Networking Workshops, CANDARW 2018
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 6th International Symposium on Computing and Networking Workshops, CANDARW 2018
Y2 - 27 November 2018 through 30 November 2018
ER -