TY - GEN
T1 - Improving the Two-stage Detection of Cyberattacks in SDN Environment Using Dynamic Thresholding
AU - Wang, Tao
AU - Feng, Yaokai
AU - Sakurai, Kouichi
N1 - Funding Information:
ACKNOWLEDGEMENT This work was partially supported by JSPS KAKENHI Grant Number JP18K11295 and by Strategic International Research Cooperative Program, Japan Science and Technology Agency (JST).
Publisher Copyright:
© 2021 IEEE.
PY - 2021/1/4
Y1 - 2021/1/4
N2 - In recent years, the DDoS (Distributed Denial of Service) attack continues to be one of the most dangerous threats even in the SDN (Software Defined Networking) environment. Many approaches have been proposed to deal with the DDoS attacks in the SDN environment. Among those approaches, the two-step detection, in which a trigger mechanism is added before the detection algorithm is called, is gaining more and more attention. In other words, it is the trigger, not the resource-consuming detection algorithm, that constantly monitors network traffic. Thus, the detection algorithm is only called when it is triggered. However, in the existing two-step methods, the trigger uses a static threshold to determine whether or not to start the detection process. In practice, it is difficult to determine an appropriate threshold, and the threshold has a decisive effect on the frequency of the detection process being called and ultimately, it impacts detection performance. In this paper, we propose a self-feedback dynamic thresholding system in which the threshold used in the trigger is dynamically adjusted based on the previous results of trigger and detection. Experimental results and our discussion show that our proposal significantly reduces the number of calls to the resource-consuming detection algorithm with no sacrifice of detection result.
AB - In recent years, the DDoS (Distributed Denial of Service) attack continues to be one of the most dangerous threats even in the SDN (Software Defined Networking) environment. Many approaches have been proposed to deal with the DDoS attacks in the SDN environment. Among those approaches, the two-step detection, in which a trigger mechanism is added before the detection algorithm is called, is gaining more and more attention. In other words, it is the trigger, not the resource-consuming detection algorithm, that constantly monitors network traffic. Thus, the detection algorithm is only called when it is triggered. However, in the existing two-step methods, the trigger uses a static threshold to determine whether or not to start the detection process. In practice, it is difficult to determine an appropriate threshold, and the threshold has a decisive effect on the frequency of the detection process being called and ultimately, it impacts detection performance. In this paper, we propose a self-feedback dynamic thresholding system in which the threshold used in the trigger is dynamically adjusted based on the previous results of trigger and detection. Experimental results and our discussion show that our proposal significantly reduces the number of calls to the resource-consuming detection algorithm with no sacrifice of detection result.
UR - http://www.scopus.com/inward/record.url?scp=85103740567&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85103740567&partnerID=8YFLogxK
U2 - 10.1109/IMCOM51814.2021.9377395
DO - 10.1109/IMCOM51814.2021.9377395
M3 - Conference contribution
AN - SCOPUS:85103740567
T3 - Proceedings of the 2021 15th International Conference on Ubiquitous Information Management and Communication, IMCOM 2021
BT - Proceedings of the 2021 15th International Conference on Ubiquitous Information Management and Communication, IMCOM 2021
A2 - Lee, Sukhan
A2 - Choo, Hyunseung
A2 - Ismail, Roslan
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 15th International Conference on Ubiquitous Information Management and Communication, IMCOM 2021
Y2 - 4 January 2021 through 6 January 2021
ER -