A Detection Method for DDoS Attack against SDN Controller
- DOI
- 10.2991/icmea-17.2018.67How to use a DOI?
- Keywords
- SDN; DDoS; entropy; SPRT
- Abstract
through the data plane and control plane isolation, SDN network architecture framework helps to simplify network configuration and management, improves the development efficiency, and the centralized logic controller to give more control over the entire network, the network has full visibility. These advantages of SDN also expose the network security vulnerabilities. Compared with the conventional network, the impact of the attack is more serious. A Distribute Denial of Service attack against controller is one of the serious security threats of SDN. Slow attack is more difficult to protect. The destruction of the controller may break whole SDN network. In order to mitigate this threat, this paper introduces a lightweight detection scheme based on entropy of the destination IP address and SPRT. We first calculate the entropy of the destination IP address in SDN, then make a decision by using SPRT (Sequential Probability Ratio Test). Our paper plays a very good protection against DDoS slow attack in SDN.
- Copyright
- © 2018, the Authors. Published by Atlantis Press.
- Open Access
- This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).
Cite this article
TY - CONF AU - LinHai Meng PY - 2018/02 DA - 2018/02 TI - A Detection Method for DDoS Attack against SDN Controller BT - Proceedings of the 4th Annual International Conference on Material Engineering and Application (ICMEA 2017) PB - Atlantis Press SP - 292 EP - 296 SN - 2352-5401 UR - https://doi.org/10.2991/icmea-17.2018.67 DO - 10.2991/icmea-17.2018.67 ID - Meng2018/02 ER -