An effective DDoS defense scheme for SDN

In this paper, we propose a scheme to protect the Software Defined Network(SDN) controller from Distributed Denial-of-Service(DDoS) attacks. We first predict the amount of new requests for each openflow switch periodically based on Taylor series, and the requests will then be directed to the securit...

Full description

Saved in:
Bibliographic Details
Published in2017 IEEE International Conference on Communications (ICC) pp. 1 - 6
Main Authors Xueli Huang, Xiaojiang Du, Bin Song
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.05.2017
Subjects
Computer crime
Entropy
IP networks
Logic gates
Switches
Online AccessGet full text

Cover

More Information
Summary:In this paper, we propose a scheme to protect the Software Defined Network(SDN) controller from Distributed Denial-of-Service(DDoS) attacks. We first predict the amount of new requests for each openflow switch periodically based on Taylor series, and the requests will then be directed to the security gateway if the prediction value is beyond the threshold. The requests that caused the dramatic decrease of entropy will be filtered out and rules will be made in security gateway by our algorithm; the rules of these requests will be sent to the controller. The controller will send the rules to each switch to make them direct the flows matching with the rules to the honey pot. The simulation shows the averages of both false positive and false negative are less than 2%.
ISSN:1938-1883
DOI:10.1109/ICC.2017.7997187