DDoS Attacks and Flash Event Detection Based on Flow Characteristics in SDN

Guozi Sun, Wenti Jiang, Yu Gu, Danni Ren, Huakang Li

Research output: Chapter in Book or Report/Conference proceedingConference Proceedingpeer-review

16 Citations (Scopus)

Abstract

With the development of Software-Defined Networking (SDN), its security has been increasingly emphasized. Due to the centralized management and programmability of SD-N, an attacker can easily exploit its security vulnerabilities to carry out distributed denial-of-service (DDoS) attacks. Targeting at the -entropy improved on basis of Shan-non entropy and generalized entropy, we presents a multi-type DDoS detection and Flash Event method based on flow characteristics. To conduct the DDoS attack detection while detecting and distinguishing DDoS and Flash Events (FE) correctly, samples are classified via the multi-dimension features of the flow table in the switch, such as protocol type, the duration of flow and the -entropy of source / destination IP, Among them, the adjustable of -entropy is more conducive to discovering the attack behavior in the early stage. Experiments show that this method can effectively improve the detection rate of DDoS and reduce the false alarm rate of Flash Events, which verifies the accuracy and effectiveness of the experiments.

Original languageEnglish
Title of host publicationProceedings of AVSS 2018 - 2018 15th IEEE International Conference on Advanced Video and Signal-Based Surveillance
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781538692943
DOIs
Publication statusPublished - 2 Jul 2018
Externally publishedYes
Event15th IEEE International Conference on Advanced Video and Signal-Based Surveillance, AVSS 2018 - Auckland, New Zealand
Duration: 27 Nov 201830 Nov 2018

Publication series

NameProceedings of AVSS 2018 - 2018 15th IEEE International Conference on Advanced Video and Signal-Based Surveillance

Conference

Conference15th IEEE International Conference on Advanced Video and Signal-Based Surveillance, AVSS 2018
Country/TerritoryNew Zealand
CityAuckland
Period27/11/1830/11/18

Cite this