Early detection of DDoS attacks against SDN controllers

A Software Defined Network (SDN) is a new network architecture that provides central control over the network. Although central control is the major advantage of SDN, it is also a single point of failure if it is made unreachable by a Distributed Denial of Service (DDoS) Attack. To mitigate this thr...

Full description

Saved in:
Bibliographic Details
Published in2015 International Conference on Computing, Networking and Communications (ICNC) pp. 77 - 81
Main Authors Mousavi, Seyed Mohammad, St-Hilaire, Marc
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.02.2015
Subjects
Computer architecture
Computer crime
Control systems
Controller
DDoS attack
Entropy
IP networks
Monitoring
Process control
SDN
Online AccessGet full text

Cover

More Information
Summary:A Software Defined Network (SDN) is a new network architecture that provides central control over the network. Although central control is the major advantage of SDN, it is also a single point of failure if it is made unreachable by a Distributed Denial of Service (DDoS) Attack. To mitigate this threat, this paper proposes to use the central control of SDN for attack detection and introduces a solution that is effective and lightweight in terms of the resources that it uses. More precisely, this paper shows how DDoS attacks can exhaust controller resources and provides a solution to detect such attacks based on the entropy variation of the destination IP address. This method is able to detect DDoS within the first five hundred packets of the attack traffic.
DOI:10.1109/ICCNC.2015.7069319