基于软件定义网络的多标准ddos攻击防御方案

2015 International Conference on Advanced Technologies for Communications (ATC) Pub Date : 2015-10-01 DOI:10.1109/ATC.2015.7388340

P. V. Trung, Truong Thu Huong, Dang Van Tuyen, D. M. Duc, Nguyen Huu Thanh, Alan Marshall

{"title":"基于软件定义网络的多标准ddos攻击防御方案","authors":"P. V. Trung, Truong Thu Huong, Dang Van Tuyen, D. M. Duc, Nguyen Huu Thanh, Alan Marshall","doi":"10.1109/ATC.2015.7388340","DOIUrl":null,"url":null,"abstract":"Software-Defined Networking (SDN) has become a promising network architecture in which network devices are controlled by a SDN Controller. Employing SDN offers an attractive solution for network security. However the attack prediction and Prevention, especially for Distributed Denial of Service (DDoS) attacks is a challenge in SDN environments. This paper, analyzes the characteristics of traffic flows up-streaming to a Vietnamese ISP server, during both states of normal and DDoS attack traffic. Based on the traffic analysis, an SDN-based Attack Prevention Architecture is proposed that is able to capture and analyze incoming flows on-the-fly. A multi-criteria based Prevention mechanism is then designed using both hard-decision thresholds and Fuzzy Inference System to detect DDoS attack. In response to determining the presence of attacks, the designed system is capable of dropping attacks flows, demanding from the control plane.","PeriodicalId":142783,"journal":{"name":"2015 International Conference on Advanced Technologies for Communications (ATC)","volume":"66 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"40","resultStr":"{\"title\":\"A multi-criteria-based DDoS-attack prevention solution using software defined networking\",\"authors\":\"P. V. Trung, Truong Thu Huong, Dang Van Tuyen, D. M. Duc, Nguyen Huu Thanh, Alan Marshall\",\"doi\":\"10.1109/ATC.2015.7388340\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Software-Defined Networking (SDN) has become a promising network architecture in which network devices are controlled by a SDN Controller. Employing SDN offers an attractive solution for network security. However the attack prediction and Prevention, especially for Distributed Denial of Service (DDoS) attacks is a challenge in SDN environments. This paper, analyzes the characteristics of traffic flows up-streaming to a Vietnamese ISP server, during both states of normal and DDoS attack traffic. Based on the traffic analysis, an SDN-based Attack Prevention Architecture is proposed that is able to capture and analyze incoming flows on-the-fly. A multi-criteria based Prevention mechanism is then designed using both hard-decision thresholds and Fuzzy Inference System to detect DDoS attack. In response to determining the presence of attacks, the designed system is capable of dropping attacks flows, demanding from the control plane.\",\"PeriodicalId\":142783,\"journal\":{\"name\":\"2015 International Conference on Advanced Technologies for Communications (ATC)\",\"volume\":\"66 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"40\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 International Conference on Advanced Technologies for Communications (ATC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ATC.2015.7388340\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 International Conference on Advanced Technologies for Communications (ATC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ATC.2015.7388340","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 40

摘要

软件定义网络(SDN, Software-Defined Networking)是一种很有前途的网络架构，通过SDN控制器控制网络设备。采用SDN为网络安全提供了一个有吸引力的解决方案。然而，在SDN环境下，攻击预测和防御，特别是分布式拒绝服务攻击的预测和防御是一个挑战。本文分析了越南某ISP服务器在正常状态和DDoS攻击状态下的上行流量特征。在流量分析的基础上，提出了一种基于sdn的攻击防御体系结构，能够实时捕获和分析流入流量。采用硬决策阈值和模糊推理系统设计了基于多准则的DDoS攻击检测机制。为了响应确定攻击的存在，所设计的系统能够从控制平面请求丢弃攻击流。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A multi-criteria-based DDoS-attack prevention solution using software defined networking

Software-Defined Networking (SDN) has become a promising network architecture in which network devices are controlled by a SDN Controller. Employing SDN offers an attractive solution for network security. However the attack prediction and Prevention, especially for Distributed Denial of Service (DDoS) attacks is a challenge in SDN environments. This paper, analyzes the characteristics of traffic flows up-streaming to a Vietnamese ISP server, during both states of normal and DDoS attack traffic. Based on the traffic analysis, an SDN-based Attack Prevention Architecture is proposed that is able to capture and analyze incoming flows on-the-fly. A multi-criteria based Prevention mechanism is then designed using both hard-decision thresholds and Fuzzy Inference System to detect DDoS attack. In response to determining the presence of attacks, the designed system is capable of dropping attacks flows, demanding from the control plane.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2015 International Conference on Advanced Technologies for Communications (ATC)

自引率

0.00%

发文量