{"title":"基于线性回归的SDN网络早期DDoS攻击检测方法","authors":"Reza Bakhtiari Shohani, S. Mostafavi","doi":"10.1109/ICWR49608.2020.9122310","DOIUrl":null,"url":null,"abstract":"The software Defined Networks, by separating the data plane and control plane of the network, have made a drastic change to the scope of computer networks. Although this separation has accelerated and simplified the management, configuration and error detection, it has also caused some new security problems. One of these problems is the Vulnerability of the software defined networks' architecture to distributed denial of service attacks on the network's controllers. One of the most recent distributed denial of service attacks which entropy-based methods are incapable of detecting, is to send fake packets with different source to random addresses in a software defined network. In this paper, given the SDN structure and tra □ ic analysis, a statistical trapezoid model is introduced to estimate number of table misses for each switch. Then, using the linear regression method and EWMA estimation, the threshold of the table misses in specified time intervals, is estimated. The evaluation results imply that using this method, one can detect DDoS attacks in early stage in software defined networks, regardless of the sort of DDoS attack.","PeriodicalId":231982,"journal":{"name":"2020 6th International Conference on Web Research (ICWR)","volume":"30 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":"{\"title\":\"Introducing a New Linear Regression Based Method for Early DDoS Attack Detection in SDN\",\"authors\":\"Reza Bakhtiari Shohani, S. Mostafavi\",\"doi\":\"10.1109/ICWR49608.2020.9122310\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The software Defined Networks, by separating the data plane and control plane of the network, have made a drastic change to the scope of computer networks. Although this separation has accelerated and simplified the management, configuration and error detection, it has also caused some new security problems. One of these problems is the Vulnerability of the software defined networks' architecture to distributed denial of service attacks on the network's controllers. One of the most recent distributed denial of service attacks which entropy-based methods are incapable of detecting, is to send fake packets with different source to random addresses in a software defined network. In this paper, given the SDN structure and tra □ ic analysis, a statistical trapezoid model is introduced to estimate number of table misses for each switch. Then, using the linear regression method and EWMA estimation, the threshold of the table misses in specified time intervals, is estimated. The evaluation results imply that using this method, one can detect DDoS attacks in early stage in software defined networks, regardless of the sort of DDoS attack.\",\"PeriodicalId\":231982,\"journal\":{\"name\":\"2020 6th International Conference on Web Research (ICWR)\",\"volume\":\"30 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-04-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"9\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 6th International Conference on Web Research (ICWR)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICWR49608.2020.9122310\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 6th International Conference on Web Research (ICWR)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICWR49608.2020.9122310","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Introducing a New Linear Regression Based Method for Early DDoS Attack Detection in SDN
The software Defined Networks, by separating the data plane and control plane of the network, have made a drastic change to the scope of computer networks. Although this separation has accelerated and simplified the management, configuration and error detection, it has also caused some new security problems. One of these problems is the Vulnerability of the software defined networks' architecture to distributed denial of service attacks on the network's controllers. One of the most recent distributed denial of service attacks which entropy-based methods are incapable of detecting, is to send fake packets with different source to random addresses in a software defined network. In this paper, given the SDN structure and tra □ ic analysis, a statistical trapezoid model is introduced to estimate number of table misses for each switch. Then, using the linear regression method and EWMA estimation, the threshold of the table misses in specified time intervals, is estimated. The evaluation results imply that using this method, one can detect DDoS attacks in early stage in software defined networks, regardless of the sort of DDoS attack.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
