A Detection Method for a Novel DDoS Attack against SDN Controllers by Vast New Low-Traffic Flows

作者:Dong Ping*; Du Xiaojiang; Zhang Hongke; Xu Tong
来源:IEEE International Conference on Communications (ICC), 2016-05-22 to 2016-05-27.

摘要

A Distributed Denial of Service (DDoS) attack against controllers is one of the key security threats of Software-Defined Networking (SDN). The breakdown of a controller may disrupt a whole SDN network. Nowadays, a novel DDoS means is that the attackers may generate vast new low-traffic flows to trigger malicious flooding requests to overload the controllers. It is difficult to prevent this attack, as the attackers may connect to any interface of any switch in an SDN network. In this paper, we propose an effective detection method, which is designed to detect the DDoS attack and to further locate the compromised interfaces the malicious attackers have connected. We first classify the flow events associated with an interface, then make a decision using Sequential Probability Ratio Test (SPRT), which has bounded false negative and false positive error rates. In addition, we evaluate the performance of the proposed method using DARPA Intrusion Detection Data Sets. We also discuss and compare our method to three other detection methods, which are based on the percentage, count, and entropy of the flows, respectively, and demonstrate the superiority of our method in terms of promptness, versatility and accuracy.