TY - GEN
T1 - A defense system for defeating DDoS attacks in SDN based networks
AU - Alshamrani, Adel
AU - Chowdhary, Ankur
AU - Pisharody, Sandeep
AU - Lu, Duo
AU - Huang, Dijiang
N1 - Publisher Copyright:
© 2017 Association for Computing Machinery.
PY - 2017/11/21
Y1 - 2017/11/21
N2 - Software-Defined Networking (SDN) is a network architecture that aims at providing high flexibility through the decoupling of the network logic from the forwarding functions. The ease of programmability makes SDN a great platform implementation of various initiatives that involve application deployment, security solutions, and decentralized network management in a multi-tenant data center environment. Although this can introduce many applications in different areas and leads to the high impact on several aspects, security of SDN architecture remains an open question and needs to be revisited based on the new concept of SDN. Current SDN-based attack detection mechanisms have some limitations. In this paper, we investigate two of those limitations: Misbehavior Attack and NewFlow Attack. We propose a secure system that periodically collects network statistics from the forwarding elements and apply Machine Learning (ML) classification algorithms. Our framework ensures that the proposed solution makes the SDN architecture more self-adaptive, and intelligent while reacting to network changes.
AB - Software-Defined Networking (SDN) is a network architecture that aims at providing high flexibility through the decoupling of the network logic from the forwarding functions. The ease of programmability makes SDN a great platform implementation of various initiatives that involve application deployment, security solutions, and decentralized network management in a multi-tenant data center environment. Although this can introduce many applications in different areas and leads to the high impact on several aspects, security of SDN architecture remains an open question and needs to be revisited based on the new concept of SDN. Current SDN-based attack detection mechanisms have some limitations. In this paper, we investigate two of those limitations: Misbehavior Attack and NewFlow Attack. We propose a secure system that periodically collects network statistics from the forwarding elements and apply Machine Learning (ML) classification algorithms. Our framework ensures that the proposed solution makes the SDN architecture more self-adaptive, and intelligent while reacting to network changes.
KW - Ddos mitigation
KW - Machine Learning
KW - Misbehavior Attack
KW - Software-Defined Networking
UR - http://www.scopus.com/inward/record.url?scp=85048001189&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85048001189&partnerID=8YFLogxK
U2 - 10.1145/3132062.3132074
DO - 10.1145/3132062.3132074
M3 - Conference contribution
AN - SCOPUS:85048001189
T3 - MobiWac 2017 - Proceedings of the 15th ACM International Symposium on Mobility Management and Wireless Access, Co-located with MSWiM 2017
SP - 83
EP - 92
BT - MobiWac 2017 - Proceedings of the 15th ACM International Symposium on Mobility Management and Wireless Access, Co-located with MSWiM 2017
PB - Association for Computing Machinery, Inc
T2 - 15th ACM International Symposium on Mobility Management and Wireless Access, MobiWac 2017
Y2 - 21 November 2017 through 25 November 2017
ER -