{"title":"利用动态阈值改进SDN环境下网络攻击的两阶段检测","authors":"Tao Wang, Yaokai Feng, K. Sakurai","doi":"10.1109/IMCOM51814.2021.9377395","DOIUrl":null,"url":null,"abstract":"In recent years, the DDoS (Distributed Denial of Service) attack continues to be one of the most dangerous threats even in the SDN (Software Defined Networking) environment. Many approaches have been proposed to deal with the DDoS attacks in the SDN environment. Among those approaches, the two-step detection, in which a trigger mechanism is added before the detection algorithm is called, is gaining more and more attention. In other words, it is the trigger, not the resource-consuming detection algorithm, that constantly monitors network traffic. Thus, the detection algorithm is only called when it is triggered. However, in the existing two-step methods, the trigger uses a static threshold to determine whether or not to start the detection process. In practice, it is difficult to determine an appropriate threshold, and the threshold has a decisive effect on the frequency of the detection process being called and ultimately, it impacts detection performance. In this paper, we propose a self-feedback dynamic thresholding system in which the threshold used in the trigger is dynamically adjusted based on the previous results of trigger and detection. Experimental results and our discussion show that our proposal significantly reduces the number of calls to the resource-consuming detection algorithm with no sacrifice of detection result.","PeriodicalId":275121,"journal":{"name":"2021 15th International Conference on Ubiquitous Information Management and Communication (IMCOM)","volume":"357 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-01-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Improving the Two-stage Detection of Cyberattacks in SDN Environment Using Dynamic Thresholding\",\"authors\":\"Tao Wang, Yaokai Feng, K. Sakurai\",\"doi\":\"10.1109/IMCOM51814.2021.9377395\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In recent years, the DDoS (Distributed Denial of Service) attack continues to be one of the most dangerous threats even in the SDN (Software Defined Networking) environment. Many approaches have been proposed to deal with the DDoS attacks in the SDN environment. Among those approaches, the two-step detection, in which a trigger mechanism is added before the detection algorithm is called, is gaining more and more attention. In other words, it is the trigger, not the resource-consuming detection algorithm, that constantly monitors network traffic. Thus, the detection algorithm is only called when it is triggered. However, in the existing two-step methods, the trigger uses a static threshold to determine whether or not to start the detection process. In practice, it is difficult to determine an appropriate threshold, and the threshold has a decisive effect on the frequency of the detection process being called and ultimately, it impacts detection performance. In this paper, we propose a self-feedback dynamic thresholding system in which the threshold used in the trigger is dynamically adjusted based on the previous results of trigger and detection. Experimental results and our discussion show that our proposal significantly reduces the number of calls to the resource-consuming detection algorithm with no sacrifice of detection result.\",\"PeriodicalId\":275121,\"journal\":{\"name\":\"2021 15th International Conference on Ubiquitous Information Management and Communication (IMCOM)\",\"volume\":\"357 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-01-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 15th International Conference on Ubiquitous Information Management and Communication (IMCOM)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IMCOM51814.2021.9377395\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 15th International Conference on Ubiquitous Information Management and Communication (IMCOM)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IMCOM51814.2021.9377395","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Improving the Two-stage Detection of Cyberattacks in SDN Environment Using Dynamic Thresholding
In recent years, the DDoS (Distributed Denial of Service) attack continues to be one of the most dangerous threats even in the SDN (Software Defined Networking) environment. Many approaches have been proposed to deal with the DDoS attacks in the SDN environment. Among those approaches, the two-step detection, in which a trigger mechanism is added before the detection algorithm is called, is gaining more and more attention. In other words, it is the trigger, not the resource-consuming detection algorithm, that constantly monitors network traffic. Thus, the detection algorithm is only called when it is triggered. However, in the existing two-step methods, the trigger uses a static threshold to determine whether or not to start the detection process. In practice, it is difficult to determine an appropriate threshold, and the threshold has a decisive effect on the frequency of the detection process being called and ultimately, it impacts detection performance. In this paper, we propose a self-feedback dynamic thresholding system in which the threshold used in the trigger is dynamically adjusted based on the previous results of trigger and detection. Experimental results and our discussion show that our proposal significantly reduces the number of calls to the resource-consuming detection algorithm with no sacrifice of detection result.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
