TY - GEN
T1 - Packet in Message Based DDoS Attack Detection in SDN Network Using OpenFlow
AU - You, Xiang
AU - Feng, Yaokai
AU - Sakurai, Kouichi
N1 - Publisher Copyright:
© 2017 IEEE.
PY - 2017/7/2
Y1 - 2017/7/2
N2 - Using the OpenFlow protocol, the virtual network technology SDN (Software Defined Network) is now widely used. In recent years, the number of DDoS attacks has been increasing year by year. To detect DDoS attacks in SDN, data recorded in the flow table in OpenFlow switch is analyzed and various detection methods are submitted. However, SDN centrally manages communication within the network, when detecting DDoS (Distributed Denial of Service) attacks. This creates a heavy processing load, and the processing load of the OpenFlow controller must be considered. In this paper, in order to reduce the processing load of the controller, we do not collect data of the flow table, extract three features from the Packet In message for communication between the controller and the switch, and perform real-time attack detection. Furthermore, to avoid stringent detection time intervals, triggers will be added before detection to realize light and dynamic DDoS attacks detection.
AB - Using the OpenFlow protocol, the virtual network technology SDN (Software Defined Network) is now widely used. In recent years, the number of DDoS attacks has been increasing year by year. To detect DDoS attacks in SDN, data recorded in the flow table in OpenFlow switch is analyzed and various detection methods are submitted. However, SDN centrally manages communication within the network, when detecting DDoS (Distributed Denial of Service) attacks. This creates a heavy processing load, and the processing load of the OpenFlow controller must be considered. In this paper, in order to reduce the processing load of the controller, we do not collect data of the flow table, extract three features from the Packet In message for communication between the controller and the switch, and perform real-time attack detection. Furthermore, to avoid stringent detection time intervals, triggers will be added before detection to realize light and dynamic DDoS attacks detection.
UR - http://www.scopus.com/inward/record.url?scp=85050362132&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85050362132&partnerID=8YFLogxK
U2 - 10.1109/CANDAR.2017.93
DO - 10.1109/CANDAR.2017.93
M3 - Conference contribution
AN - SCOPUS:85050362132
T3 - Proceedings - 2017 5th International Symposium on Computing and Networking, CANDAR 2017
SP - 522
EP - 528
BT - Proceedings - 2017 5th International Symposium on Computing and Networking, CANDAR 2017
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 5th International Symposium on Computing and Networking, CANDAR 2017
Y2 - 19 November 2017 through 22 November 2017
ER -