软件定义网络中恶意DDoS洪水的检测与缓解

Q4 Engineering
{"title":"软件定义网络中恶意DDoS洪水的检测与缓解","authors":"","doi":"10.33140/jeee.02.02.07","DOIUrl":null,"url":null,"abstract":"The advent of software-defined networking (SDN) has significantly transformed network management by offering modular control and data plane characteristics, enabling adaptability and flexibility in managing networks. This innovation entails the separation of control and data plane elements to facilitate efficient network administration. Nevertheless, the centralization resulting from control plane separation renders SDN vulnerable to cyber threats, particularly Distributed Denial-of-service (DDoS) attacks that target SDN controllers. Recently, studies have highlighted the relevance of entropy-based attack detection techniques compared to alternative methods. However, relying solely on entropy may overlook detection in specific variables, such as flow specification variations. To address the limitations of entropy-based detection systems, we developed a DDoS attack detection framework within the SDN control plane, integrating the packet flow initiation and specification properties with an entropy-based algorithm to ensure accurate attack detection measures. Our lightweight framework aims to mitigate DDoS attacks by detecting their impact in the early stages, thus preventing SDN controllers from being hijacked due to excessive packet flooding. The simulation is employed in Mininet network simulator to implement, and the testbed is created by focusing UDP flood attacks in widely used data-centric tree topologies. The experimental results demonstrate that our proposed solution effectively detects and mitigates novel parameters of SDN-based DDoS floods within 150 packets while maintaining minimal delay and high accuracy","PeriodicalId":39047,"journal":{"name":"Journal of Electrical and Electronics Engineering","volume":"15 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-06-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Detection and Mitigation of Malicious DDoS Floods in Software Defined Networks\",\"authors\":\"\",\"doi\":\"10.33140/jeee.02.02.07\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The advent of software-defined networking (SDN) has significantly transformed network management by offering modular control and data plane characteristics, enabling adaptability and flexibility in managing networks. This innovation entails the separation of control and data plane elements to facilitate efficient network administration. Nevertheless, the centralization resulting from control plane separation renders SDN vulnerable to cyber threats, particularly Distributed Denial-of-service (DDoS) attacks that target SDN controllers. Recently, studies have highlighted the relevance of entropy-based attack detection techniques compared to alternative methods. However, relying solely on entropy may overlook detection in specific variables, such as flow specification variations. To address the limitations of entropy-based detection systems, we developed a DDoS attack detection framework within the SDN control plane, integrating the packet flow initiation and specification properties with an entropy-based algorithm to ensure accurate attack detection measures. Our lightweight framework aims to mitigate DDoS attacks by detecting their impact in the early stages, thus preventing SDN controllers from being hijacked due to excessive packet flooding. The simulation is employed in Mininet network simulator to implement, and the testbed is created by focusing UDP flood attacks in widely used data-centric tree topologies. The experimental results demonstrate that our proposed solution effectively detects and mitigates novel parameters of SDN-based DDoS floods within 150 packets while maintaining minimal delay and high accuracy\",\"PeriodicalId\":39047,\"journal\":{\"name\":\"Journal of Electrical and Electronics Engineering\",\"volume\":\"15 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-06-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Electrical and Electronics Engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.33140/jeee.02.02.07\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"Engineering\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Electrical and Electronics Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.33140/jeee.02.02.07","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"Engineering","Score":null,"Total":0}
引用次数: 0

摘要

软件定义网络(SDN)的出现通过提供模块化控制和数据平面特性,实现网络管理的适应性和灵活性,极大地改变了网络管理。这种创新需要分离控制和数据平面元素,以促进有效的网络管理。然而,控制平面分离带来的集中化使得SDN容易受到网络威胁,特别是针对SDN控制器的分布式拒绝服务(DDoS)攻击。最近,与其他方法相比,研究强调了基于熵的攻击检测技术的相关性。然而,仅仅依靠熵可能会忽略对特定变量的检测,例如流量规格变化。为了解决基于熵的检测系统的局限性,我们在SDN控制平面内开发了一个DDoS攻击检测框架,将数据包流发起和规范属性与基于熵的算法集成在一起,以确保准确的攻击检测措施。我们的轻量级框架旨在通过在早期阶段检测其影响来减轻DDoS攻击,从而防止SDN控制器因过度数据包泛滥而被劫持。该仿真在Mininet网络模拟器中实现,并通过将UDP flood攻击集中在广泛使用的以数据为中心的树型拓扑结构中创建测试平台。实验结果表明,该方案在150个数据包内有效地检测和缓解了基于sdn的DDoS洪水的新参数,同时保持了最小的延迟和高精度
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Detection and Mitigation of Malicious DDoS Floods in Software Defined Networks
The advent of software-defined networking (SDN) has significantly transformed network management by offering modular control and data plane characteristics, enabling adaptability and flexibility in managing networks. This innovation entails the separation of control and data plane elements to facilitate efficient network administration. Nevertheless, the centralization resulting from control plane separation renders SDN vulnerable to cyber threats, particularly Distributed Denial-of-service (DDoS) attacks that target SDN controllers. Recently, studies have highlighted the relevance of entropy-based attack detection techniques compared to alternative methods. However, relying solely on entropy may overlook detection in specific variables, such as flow specification variations. To address the limitations of entropy-based detection systems, we developed a DDoS attack detection framework within the SDN control plane, integrating the packet flow initiation and specification properties with an entropy-based algorithm to ensure accurate attack detection measures. Our lightweight framework aims to mitigate DDoS attacks by detecting their impact in the early stages, thus preventing SDN controllers from being hijacked due to excessive packet flooding. The simulation is employed in Mininet network simulator to implement, and the testbed is created by focusing UDP flood attacks in widely used data-centric tree topologies. The experimental results demonstrate that our proposed solution effectively detects and mitigates novel parameters of SDN-based DDoS floods within 150 packets while maintaining minimal delay and high accuracy
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Journal of Electrical and Electronics Engineering
Journal of Electrical and Electronics Engineering Engineering-Electrical and Electronic Engineering
CiteScore
0.90
自引率
0.00%
发文量
0
审稿时长
16 weeks
期刊介绍: Journal of Electrical and Electronics Engineering is a scientific interdisciplinary, application-oriented publication that offer to the researchers and to the PhD students the possibility to disseminate their novel and original scientific and research contributions in the field of electrical and electronics engineering. The articles are reviewed by professionals and the selection of the papers is based only on the quality of their content and following the next criteria: the papers presents the research results of the authors, the papers / the content of the papers have not been submitted or published elsewhere, the paper must be written in English, as well as the fact that the papers should include in the reference list papers already published in recent years in the Journal of Electrical and Electronics Engineering that present similar research results. The topics and instructions for authors of this journal can be found to the appropiate sections.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信