{"title":"基于多控制器的软件定义网络DDoS攻击检测","authors":"Parisa Valizadeh, Ahmad Taghinezhad-Niar","doi":"10.1109/ICWR54782.2022.9786246","DOIUrl":null,"url":null,"abstract":"With the rapid growth of computer devices, network communication faced different challenges from network management to traffic engineering. Software-Defined Networking (SDN) is a well-known solution for optimizing these communications. SDN is a new networking architecture to simplify network management that separates the control plane from the data plane. The central controller is the major advantage of SDN; however, it has security vulnerabilities such as being unreachable in Distributed Denial-of-Service attacks (DDoS). Consequently, it is very important to protect SDN from DDoS attacks. In this paper, we proposed an algorithm for DDoS attack detection and reducing its impact in SDN architecture with multiple distributed controllers. We presented two methods 1) the entropy of destination IP addresses and 2) Packet window initiation rate for early detection of DDoS. We used Mininet and floodlight to simulate our algorithm in different scenarios. The result shows that our algorithm outperforms other works in various network configurations and multi-victim attacks.","PeriodicalId":355187,"journal":{"name":"2022 8th International Conference on Web Research (ICWR)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-05-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"DDoS Attacks Detection in Multi-Controller Based Software Defined Network\",\"authors\":\"Parisa Valizadeh, Ahmad Taghinezhad-Niar\",\"doi\":\"10.1109/ICWR54782.2022.9786246\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"With the rapid growth of computer devices, network communication faced different challenges from network management to traffic engineering. Software-Defined Networking (SDN) is a well-known solution for optimizing these communications. SDN is a new networking architecture to simplify network management that separates the control plane from the data plane. The central controller is the major advantage of SDN; however, it has security vulnerabilities such as being unreachable in Distributed Denial-of-Service attacks (DDoS). Consequently, it is very important to protect SDN from DDoS attacks. In this paper, we proposed an algorithm for DDoS attack detection and reducing its impact in SDN architecture with multiple distributed controllers. We presented two methods 1) the entropy of destination IP addresses and 2) Packet window initiation rate for early detection of DDoS. We used Mininet and floodlight to simulate our algorithm in different scenarios. The result shows that our algorithm outperforms other works in various network configurations and multi-victim attacks.\",\"PeriodicalId\":355187,\"journal\":{\"name\":\"2022 8th International Conference on Web Research (ICWR)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-05-11\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 8th International Conference on Web Research (ICWR)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICWR54782.2022.9786246\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 8th International Conference on Web Research (ICWR)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICWR54782.2022.9786246","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
DDoS Attacks Detection in Multi-Controller Based Software Defined Network
With the rapid growth of computer devices, network communication faced different challenges from network management to traffic engineering. Software-Defined Networking (SDN) is a well-known solution for optimizing these communications. SDN is a new networking architecture to simplify network management that separates the control plane from the data plane. The central controller is the major advantage of SDN; however, it has security vulnerabilities such as being unreachable in Distributed Denial-of-Service attacks (DDoS). Consequently, it is very important to protect SDN from DDoS attacks. In this paper, we proposed an algorithm for DDoS attack detection and reducing its impact in SDN architecture with multiple distributed controllers. We presented two methods 1) the entropy of destination IP addresses and 2) Packet window initiation rate for early detection of DDoS. We used Mininet and floodlight to simulate our algorithm in different scenarios. The result shows that our algorithm outperforms other works in various network configurations and multi-victim attacks.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
