International Science Index


10009068

An Earth Mover’s Distance Algorithm Based DDoS Detection Mechanism in SDN

Abstract:Software-defined networking (SDN) provides a solution for scalable network framework with decoupled control and data plane. However, this architecture also induces a particular distributed denial-of-service (DDoS) attack that can affect or even overwhelm the SDN network. DDoS attack detection problem has to date been mostly researched as entropy comparison problem. However, this problem lacks the utilization of SDN, and the results are not accurate. In this paper, we propose a DDoS attack detection method, which interprets DDoS detection as a signature matching problem and is formulated as Earth Mover’s Distance (EMD) model. Considering the feasibility and accuracy, we further propose to define the cost function of EMD to be a generalized Kullback-Leibler divergence. Simulation results show that our proposed method can detect DDoS attacks by comparing EMD values with the ones computed in the case without attacks. Moreover, our method can significantly increase the true positive rate of detection.
References:
[1] P. Zhang, H. Wang, C. Hu, and C. Lin, “On denial of service attacks in software defined networks,” IEEE Network, vol. 30, no. 6, pp. 28-33, 2016.
[2] S. M. Mousavi and M. St-Hilaire, “Early detection of DDoS attacks against SDN controllers,” in Computing, Networking and Communications (ICNC), 2015 International Conference on. IEEE, 2015, pp. 77-81.
[3] R. Kokila, S. T. Selvi, and K. Govindarajan, “DDos detection and analysis in SDN-based environment using support vector machine classifier,” in Advanced Computing (ICoAC), 2014 Sixth International Conference on. IEEE, 2014, pp. 205-210.
[4] K. Kumar, R. Joshi, and K. Singh, “A distributed approach using entropy to detect DDoS attacks in ISP domain,” in Signal Processing, Communications and Networking, 2007. ICSCN’07. International Conference on. IEEE, 2007, pp. 331-337.
[5] X. Ma and Y. Chen, “DDoS detection method based on chaos analysis of network traffic entropy,” IEEE Communications Letters, vol. 18, no. 1, pp. 114-117, 2014.
[6] Y. Xiang, K. Li, and W. Zhou, “Low-rate DDoS attacks detection and traceback by using new information metrics,” IEEE Transactions on Information Forensics and Security, vol. 6, no. 2, pp. 426-437, 2011.
[7] Q. Yan, F. R. Yu, Q. Gong, and J. Li, “Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: A survey, some research issues, and challenges,” IEEE Communications Surveys & Tutorials, vol. 18, no. 1, pp. 602-622, 2016.
[8] L. Barki, A. Shidling, N. Meti, D. Narayan, and M. M. Mulla,“Detection of distributed denial of service attacks in software defined networks,” in Advances in Computing, Communications and Informatics (ICACCI), 2016 International Conference on. IEEE, 2016, pp. 2576-2581.
[9] N.-N. Dao, J. Park, M. Park, and S. Cho, “A feasible method to combat against DDoS attack in SDN network,” in Information Networking (ICOIN), 2015 International Conference on. IEEE, 2015, pp. 309-311.
[10] X. Huang, X. Du, and B. Song, “An effective DDoS defense scheme for SDN,” in Communications (ICC), 2017 IEEE International Conference on. IEEE, 2017, pp. 1-6.
[11] Y. Rubner, C. Tomasi, and L. J. Guibas, “The earth mover’s distance as a metric for image retrieval,” International journal of computer vision, vol. 40, no. 2, pp. 99-121, 2000.
[12] D. Zhang and G. Lu, “Evaluation of similarity measurement for image retrieval,” in Neural Networks and Signal Processing, 2003. Proceedings of the 2003 International Conference on, vol. 2. IEEE, 2003, pp. 928-931.
[13] K. Benton, L. J. Camp, and C. Small, “OpenFlow vulnerability assessment,” in Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking. ACM, 2013, pp. 151-152.
[14] M. Team, “Mininet,” 2014.
[15] S. Floodlight, “OpenFlow controller,” Web: https://github.com/floodlight/floodlight.
[16] P. Biondi, “Scapy, a powerful interactive packet manipulation program,” 2010.
[17] Y Zhou, W Ni, K Zheng, R. P. Liu, and Y. Yang, “Scalable Node-Centric Route Mutation for Defense of Large-Scale Software-Defined Networks,” Security and Communication Networks, 2017.
[18] Y Zhou, K Zheng, W Ni, and R. P. Liu. “Elastic Switch Migration for Control Plane Load Balancing in SDN,” IEEE Access, 2018, DOI 10.1109/ACCESS.2018.2795576.