Multi-SDN Based Cooperation Scheme for DDoS Attack Defense

2018 Third International Conference on Security of Smart Cities, Industrial Control System and Communications (SSIC) Pub Date : 2018-10-01 DOI:10.1109/SSIC.2018.8556830

Boren He, Futai Zou, Yue Wu

{"title":"Multi-SDN Based Cooperation Scheme for DDoS Attack Defense","authors":"Boren He, Futai Zou, Yue Wu","doi":"10.1109/SSIC.2018.8556830","DOIUrl":null,"url":null,"abstract":"Distributed Denial of Service (DDoS) attack is one of the most severe threat in current internet. Software Defined Network (SDN) is novel network structure based on the idea of separation of control plane and data plane. SDN allows us to program and monitor networks, and decide how to forward a packet, so it provides a new solution to defend DDoS attack. This paper proposes a multi-SDN Based cooperation scheme to defend DDoS attack. We adopt machine learning to detect DDoS attack, and design a protocol to enable communication among controllers. This protocol can achieve two goals, one is to build and maintain an independent network among controllers of different SDN, and the other is to enable attack information exchange among controllers, so they can find attacker and mitigate DDoS attack. The experimental results show that the proposed protocol can achieve high detection accuracy, find attackers accurately and mitigate DDoS attack traffic effectively with a relatively low cost and latency.","PeriodicalId":302563,"journal":{"name":"2018 Third International Conference on Security of Smart Cities, Industrial Control System and Communications (SSIC)","volume":"10 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 Third International Conference on Security of Smart Cities, Industrial Control System and Communications (SSIC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SSIC.2018.8556830","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

Abstract

Distributed Denial of Service (DDoS) attack is one of the most severe threat in current internet. Software Defined Network (SDN) is novel network structure based on the idea of separation of control plane and data plane. SDN allows us to program and monitor networks, and decide how to forward a packet, so it provides a new solution to defend DDoS attack. This paper proposes a multi-SDN Based cooperation scheme to defend DDoS attack. We adopt machine learning to detect DDoS attack, and design a protocol to enable communication among controllers. This protocol can achieve two goals, one is to build and maintain an independent network among controllers of different SDN, and the other is to enable attack information exchange among controllers, so they can find attacker and mitigate DDoS attack. The experimental results show that the proposed protocol can achieve high detection accuracy, find attackers accurately and mitigate DDoS attack traffic effectively with a relatively low cost and latency.

查看原文本刊更多论文

基于多sdn的DDoS攻击防范协同方案

分布式拒绝服务(DDoS)攻击是当今互联网最严重的威胁之一。软件定义网络(SDN)是一种基于控制平面和数据平面分离思想的新型网络结构。SDN允许我们对网络进行编程和监控，并决定如何转发数据包，因此它为防御DDoS攻击提供了一种新的解决方案。提出了一种基于多sdn的协同防御DDoS攻击方案。我们采用机器学习来检测DDoS攻击，并设计了一个协议来实现控制器之间的通信。该协议可以实现两个目的，一是在不同SDN的控制器之间建立和维护一个独立的网络，二是使控制器之间能够交换攻击信息，从而发现攻击者，减轻DDoS攻击。实验结果表明，该协议能够实现较高的检测精度，准确发现攻击者，有效缓解DDoS攻击流量，且成本和时延相对较低。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2018 Third International Conference on Security of Smart Cities, Industrial Control System and Communications (SSIC)

自引率

0.00%

发文量