TY - GEN
T1 - DDoS Attacks and Flash Event Detection Based on Flow Characteristics in SDN
AU - Sun, Guozi
AU - Jiang, Wenti
AU - Gu, Yu
AU - Ren, Danni
AU - Li, Huakang
N1 - Publisher Copyright:
© 2018 IEEE.
PY - 2018/7/2
Y1 - 2018/7/2
N2 - With the development of Software-Defined Networking (SDN), its security has been increasingly emphasized. Due to the centralized management and programmability of SD-N, an attacker can easily exploit its security vulnerabilities to carry out distributed denial-of-service (DDoS) attacks. Targeting at the -entropy improved on basis of Shan-non entropy and generalized entropy, we presents a multi-type DDoS detection and Flash Event method based on flow characteristics. To conduct the DDoS attack detection while detecting and distinguishing DDoS and Flash Events (FE) correctly, samples are classified via the multi-dimension features of the flow table in the switch, such as protocol type, the duration of flow and the -entropy of source / destination IP, Among them, the adjustable of -entropy is more conducive to discovering the attack behavior in the early stage. Experiments show that this method can effectively improve the detection rate of DDoS and reduce the false alarm rate of Flash Events, which verifies the accuracy and effectiveness of the experiments.
AB - With the development of Software-Defined Networking (SDN), its security has been increasingly emphasized. Due to the centralized management and programmability of SD-N, an attacker can easily exploit its security vulnerabilities to carry out distributed denial-of-service (DDoS) attacks. Targeting at the -entropy improved on basis of Shan-non entropy and generalized entropy, we presents a multi-type DDoS detection and Flash Event method based on flow characteristics. To conduct the DDoS attack detection while detecting and distinguishing DDoS and Flash Events (FE) correctly, samples are classified via the multi-dimension features of the flow table in the switch, such as protocol type, the duration of flow and the -entropy of source / destination IP, Among them, the adjustable of -entropy is more conducive to discovering the attack behavior in the early stage. Experiments show that this method can effectively improve the detection rate of DDoS and reduce the false alarm rate of Flash Events, which verifies the accuracy and effectiveness of the experiments.
UR - http://www.scopus.com/inward/record.url?scp=85063278776&partnerID=8YFLogxK
U2 - 10.1109/AVSS.2018.8639103
DO - 10.1109/AVSS.2018.8639103
M3 - Conference Proceeding
AN - SCOPUS:85063278776
T3 - Proceedings of AVSS 2018 - 2018 15th IEEE International Conference on Advanced Video and Signal-Based Surveillance
BT - Proceedings of AVSS 2018 - 2018 15th IEEE International Conference on Advanced Video and Signal-Based Surveillance
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 15th IEEE International Conference on Advanced Video and Signal-Based Surveillance, AVSS 2018
Y2 - 27 November 2018 through 30 November 2018
ER -