Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Wireless Personal Communications
Erschienen in: Wireless Personal Communications 1/2021

08.04.2021 | Manuscript

A Statistical Model for Early Detection of DDoS Attacks on Random Targets in SDN

verfasst von: Reza Bakhtiari Shohani, Seyedakbar Mostafavi, Vesal Hakami

Erschienen in: Wireless Personal Communications | Ausgabe 1/2021

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Software Defined Networks (SDNs) have accelerated and simplified the management, configuration and error detection in today’s networking systems. However, SDN is prone to some new security threats, the most important of which is its vulnerability to a new generation of Distributed Denial of Service (DDoS) attack in which fake packets target random destinations instead of targeting a single server. In this paper, we show that the existing early detection methods such as entropy- and principal component analysis (PCA)-based methods are not sufficiently capable of detecting this type of attack. Instead, we propose a novel network traffic anomaly detection framework for tackling with DDoS in SDN. Our framework consists of four stages: first, we draw on extensive experiments on an SDN test-bed to analyze the behavior of normal and attack traffic. Second, a statistical trapezoid model is proposed to estimate the number of table misses in the controller. Third, we estimate the threshold of the table misses in regular time intervals using linear regression together with EWMA estimation. In the last stage, we use the derived model as a reference to detect DDoS attacks as anomalous deviations. The evaluation results demonstrate that using this method, one can detect DDoS attacks against an SDN-based network in its early stages, with few false positives, and regardless of the specifics of the attack.
Vorheriger Artikel An Efficient Code Domain NOMA Scheme with Enhanced Spectral and Energy Efficiency for Networks Beyond 5G
Nächster Artikel A Novel Approach for QoS Enhancement with Revision Scheme Using SeDSR Protocol in Wireless Sensor Networks

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Literatur
1.
Gao, D., Liu, Z., Liu, Y., Foh, C. H., Zhi, T., & Chao, H. C. (2018). Defending against packet-in messages flooding attack under sdn context. Soft Computing, 22(20), 6797–6809.CrossRef
2.
Mousavi, S. M., & St-Hilaire, M. (2018). Early detection of ddos attacks against software defined network controllers. Journal of Network and Systems Management, 26(3), 573–591.CrossRef
3.
Gupta, B., & Badve, O. P. (2017). Taxonomy of dos and DDoS attacks and desirable defense mechanism in a cloud computing environment. Neural Computing and Applications, 28(12), 3655–3682.CrossRef
4.
Banitalebi Dehkordi, A., Soltanaghaei, M., & Boroujeni, F. (2021). The DDoS attacks detection through machine learning and statistical methods in SDN. Journal of Supercomputing, 77, 2383–2415.
5.
Kalkan, K., Altay, L., Gür, G., & Alagöz, F. (2018). Jess: Joint entropy-based DDoS defense scheme in SDN. IEEE Journal on Selected Areas in Communications, 36(10), 2358–2372.CrossRef
6.
Bhushan, K., & Gupta, B. B. (2019). Distributed denial of service (DDoS) attack mitigation in software defined network (SDN)-based cloud computing environment. Journal of Ambient Intelligence and Humanized Computing, 10(5), 1985–1997.
7.
Chourishi, D., Miri, A., Milić, M., Ismaeel, S. (2015). Role-based multiple controllers for load balancing and security in SDN. In: 2015 IEEE Canada International Humanitarian Technology Conference (IHTC2015), pp 1–4. IEEE.
8.
Kumar, P., Tripathi, M., Nehra, A., Conti, M., & Lal, C. (2018). Safety: Early detection and mitigation of TCP SYN flood utilizing entropy in SDN. IEEE Transactions on Network and Service Management, 15(4), 1545–1559.CrossRef
9.
Gao, D., Liu, Z., Liu, Y., Foh, C. H., Zhi, T., & Chao, H. C. (2018). Defending against packet-in messages flooding attack under sdn context. Soft Computing, 22(20), 6797–6809.
10.
Gupta, B., & Badve, O. P. (2017). Taxonomy of dos and DDoS attacks and desirable defense mechanism in a cloud computing environment. Neural Computing and Applications, 28(12), 3655–3682.
11.
Kalkan, K., Altay, L., Gür, G., & Alagöz, F. (2018). Jess: Joint entropy-based DDoS defense scheme in SDN. IEEE Journal on Selected Areas in Communications, 36(10), 2358–2372.
12.
Kumar, P., Tripathi, M., Nehra, A., Conti, M., & Lal, C. (2018). Safety: Early detection and mitigation of TCP SYN flood utilizing entropy in SDN. IEEE Transactions on Network and Service Management, 15(4), 1545–1559.
13.
Li, R., Wu, B. (2020). Early detection of ddos based on \(\phi\)-entropy in SDN networks. In: 2020 IEEE 4th Information Technology, Networking, Electronic and Automation Control Conference (ITNEC), vol. 1, pp 731–735. IEEE.
14.
Nugraha, M., Paramita, I., Musa, A., Choi, D., & Cho, B. (2014). Utilizing openflow and sFlow to detect and mitigate SYN flooding attack. Journal of Korea Multimedia Society, 17(8), 988–994.CrossRef
15.
Mousavi, S. M., & St-Hilaire, M. (2018). Early detection of ddos attacks against software defined network controllers. Journal of Network and Systems Management, 26(3), 573–591.
16.
Behal, S., & Kumar, K. (2017). Detection of DDoS attacks and flash events using novel information theory metrics. Computer Networks, 116, 96–110.CrossRef
17.
Nugraha, M., Paramita, I., Musa, A., Choi, D., & Cho, B. (2014). Utilizing openflow and sFlow to detect and mitigate SYN flooding attack. Journal of Korea Multimedia Society, 17(8), 988–994.
18.
Piedrahita, A. F. M., Rueda, S., Mattos, D. M., Duarte, O. C. M. (2015). Flowfence: A denial of service defense system for software defined networking. In: 2015 Global Information Infrastructure and Networking Symposium (GIIS), pp 1–6. IEEE.
19.
Bhushan, K., & Gupta, B. B. (2019). Distributed denial of service (DDoS) attack mitigation in software defined network (SDN)-based cloud computing environment. Journal of Ambient Intelligence and Humanized Computing, 10(5), 1985–1997.CrossRef
20.
21.
Banitalebi Dehkordi, A., Soltanaghaei, M., & Boroujeni, F. (2021). The DDoS attacks detection through machine learning and statistical methods in SDN. Journal of Supercomputing, 77, 2383–2415.CrossRef
22.
AlEroud, A., & Alsmadi, I. (2017). Identifying cyber-attacks on software defined networks: An inference-based intrusion detection approach. Journal of Network and Computer Applications, 80, 152–164.CrossRef
23.
Shin, S., Yegneswaran, V., Porras, P., Gu, G. (2013). Avant-guard: Scalable and vigilant switch flow management in software-defined networks. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, pp 413–424. ACM.
24.
25.
26.
27.
28.
Wang, R., Jia, Z., Ju, L. (2015). An entropy-based distributed DDoS detection mechanism in software-defined networking. In: 2015 IEEE Trustcom/BigDataSE/ISPA, vol. 1, pp. 310–317. IEEE.
29.
Wu, D., Li, J., Das, S. K., Wu, J., Ji, Y., Li, Z. (2018). A novel distributed denial-of-service attack detection scheme for software defined networking environments. In: 2018 IEEE International Conference on Communications (ICC), pp 1–6. IEEE.
30.
Abdi, H., & Williams, L. J. (2010). Principal component analysis. Wiley interdisciplinary reviews: Computational statistics, 2(4), 433–459.CrossRef
Metadaten
Titel
A Statistical Model for Early Detection of DDoS Attacks on Random Targets in SDN
verfasst von
Reza Bakhtiari Shohani
Seyedakbar Mostafavi
Vesal Hakami
Publikationsdatum
08.04.2021
Verlag
Springer US
Erschienen in
Wireless Personal Communications / Ausgabe 1/2021
Print ISSN: 0929-6212
Elektronische ISSN: 1572-834X
DOI
https://doi.org/10.1007/s11277-021-08465-5

Weitere Artikel der Ausgabe 1/2021

Wireless Personal Communications 1/2021 Zur Ausgabe

OriginalPaper

Stochastic-Reinforcement Learning Assisted Dynamic Power Management Model for Zone-Routing Protocol in Mobile Ad Hoc Networks

OriginalPaper

Design of Ultra-Low Power High-Q Single Ended Active Inductors for IF BPF of Receiver Frontend Using 130 nm BiCMOS Technology

OriginalPaper

Energy Efficient Multitier Random DEC Routing Protocols for WSN: In Agricultural

OriginalPaper

A Perspective on Network Coding Based on Packet Length

OriginalPaper

Multi-scale Single Image Super-Resolution with Remote-Sensing Application Using Transferred Wide Residual Network

OriginalPaper

IARP: An Intelligent ACO-Based Routing Protocol with Multiple Mobile Sinks Support for Wireless Sensor Networks

Neuer Inhalt

    Bildnachweise