软件定义网络中分布式拒绝服务攻击的检测方法

2018 IEEE 6th International Conference on Future Internet of Things and Cloud (FiCloud) Pub Date : 2018-08-01 DOI:10.1109/FiCloud.2018.00069

A. Sangodoyin, B. Modu, I. Awan, Jules Pagna Disso

{"title":"软件定义网络中分布式拒绝服务攻击的检测方法","authors":"A. Sangodoyin, B. Modu, I. Awan, Jules Pagna Disso","doi":"10.1109/FiCloud.2018.00069","DOIUrl":null,"url":null,"abstract":"Distributed Denial of Service (DDoS) flooding attack continue to be one of the major security concerns as attack volumes are increasing year on year. Many works have shown Slowloris, ACK and SYN flooding attacks to be notorious amongst several other forms of DDoS attacks. This is mainly due to similarity in attack and legitimate traffic, weaknesses in protocols been exploited and anomaly detection mechanism deployed. Conventional approach to detection demands a paradigm shift and the emerging Software Defined Networks (SDN) introduces new opportunities to detect and mitigate attacks based on its central management system. In this work, we assess the severity of TCP-ACK, SYN and Slowloris attack on the server at the data plane layer. We evaluate the detection of DDoS attacks by simulating with Mininet. Our detection mechanism relies on deviation from the confidence interval obtained from normal distribution of throughput polled without attack from the server. Our emulation result shows that using a window size of one minute, flooding attacks can be detected with an accuracy of 99%.","PeriodicalId":174838,"journal":{"name":"2018 IEEE 6th International Conference on Future Internet of Things and Cloud (FiCloud)","volume":"292 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"16","resultStr":"{\"title\":\"An Approach to Detecting Distributed Denial of Service Attacks in Software Defined Networks\",\"authors\":\"A. Sangodoyin, B. Modu, I. Awan, Jules Pagna Disso\",\"doi\":\"10.1109/FiCloud.2018.00069\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Distributed Denial of Service (DDoS) flooding attack continue to be one of the major security concerns as attack volumes are increasing year on year. Many works have shown Slowloris, ACK and SYN flooding attacks to be notorious amongst several other forms of DDoS attacks. This is mainly due to similarity in attack and legitimate traffic, weaknesses in protocols been exploited and anomaly detection mechanism deployed. Conventional approach to detection demands a paradigm shift and the emerging Software Defined Networks (SDN) introduces new opportunities to detect and mitigate attacks based on its central management system. In this work, we assess the severity of TCP-ACK, SYN and Slowloris attack on the server at the data plane layer. We evaluate the detection of DDoS attacks by simulating with Mininet. Our detection mechanism relies on deviation from the confidence interval obtained from normal distribution of throughput polled without attack from the server. Our emulation result shows that using a window size of one minute, flooding attacks can be detected with an accuracy of 99%.\",\"PeriodicalId\":174838,\"journal\":{\"name\":\"2018 IEEE 6th International Conference on Future Internet of Things and Cloud (FiCloud)\",\"volume\":\"292 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-08-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"16\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 IEEE 6th International Conference on Future Internet of Things and Cloud (FiCloud)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/FiCloud.2018.00069\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 IEEE 6th International Conference on Future Internet of Things and Cloud (FiCloud)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/FiCloud.2018.00069","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 16

摘要

随着攻击量逐年增加，分布式拒绝服务(DDoS)洪水攻击仍然是主要的安全问题之一。许多工作表明，在其他几种形式的DDoS攻击中，Slowloris, ACK和SYN洪水攻击是臭名昭着的。这主要是由于攻击和合法流量相似，利用协议的弱点和部署异常检测机制。传统的检测方法需要范式转变，新兴的软件定义网络(SDN)基于其中央管理系统引入了检测和减轻攻击的新机会。在这项工作中，我们在数据平面层评估了TCP-ACK、SYN和Slowloris攻击对服务器的严重程度。我们通过Mininet模拟来评估DDoS攻击的检测。我们的检测机制依赖于从未受到服务器攻击的吞吐量的正态分布中获得的置信区间的偏差。仿真结果表明，使用1分钟的窗口大小，可以检测到洪水攻击，准确率达到99%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

An Approach to Detecting Distributed Denial of Service Attacks in Software Defined Networks

Distributed Denial of Service (DDoS) flooding attack continue to be one of the major security concerns as attack volumes are increasing year on year. Many works have shown Slowloris, ACK and SYN flooding attacks to be notorious amongst several other forms of DDoS attacks. This is mainly due to similarity in attack and legitimate traffic, weaknesses in protocols been exploited and anomaly detection mechanism deployed. Conventional approach to detection demands a paradigm shift and the emerging Software Defined Networks (SDN) introduces new opportunities to detect and mitigate attacks based on its central management system. In this work, we assess the severity of TCP-ACK, SYN and Slowloris attack on the server at the data plane layer. We evaluate the detection of DDoS attacks by simulating with Mininet. Our detection mechanism relies on deviation from the confidence interval obtained from normal distribution of throughput polled without attack from the server. Our emulation result shows that using a window size of one minute, flooding attacks can be detected with an accuracy of 99%.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2018 IEEE 6th International Conference on Future Internet of Things and Cloud (FiCloud)

自引率

0.00%

发文量