An SDN-supported collaborative approach for DDoS flooding detection and containment
作者: Tommy Chin , Xenia Mountrouidou , Xiangyang Li , Kaiqi Xiong
DOI: 10.1109/MILCOM.2015.7357519
关键词: Flooding (computer networking) 、 Deep packet inspection 、 Denial-of-service attack 、 Scalability 、 SYN flood 、 Computer network 、 Software-defined networking 、 Network topology 、 Anomaly detection 、 Engineering
摘要: Software Defined Networking (SDN) has the potential to enable novel security applications that support flexible, on-demand deployment of system elements. It can offer targeted forensic evidence collection and investigation computer network attacks. Such unique capabilities are instrumental intrusion detection is challenged by large volumes data complex topologies. This paper presents an innovative approach coordinates distributed traffic Monitors attack Correlators supported Open Virtual Switches (OVS). The conduct anomaly perform deep packet inspection for signature recognition. These elements take advantage complementary views information availability on both control planes. Moreover, they collaboratively look flooding constituents possess different characteristics in level abstraction. Therefore, this able not only quickly raise alert against threats, but also follow it up with careful verification reduce false alarms. We experiment SDN-supported collaborative detect TCP SYN flood attacks Global Environment Network Innovations (GENI), a realistic virtual testbed. response times accuracy, context small medium corporate network, have demonstrated its effectiveness scalability.
sci-hub.se 参考文章(13)
Tommy Chin, Xenia Mountrouidou, Xiangyang Li, Kaiqi Xiong, Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking (SDN) 2015 IEEE 35th International Conference on Distributed Computing Systems Workshops. pp. 95- 99 ,(2015) , 10.1109/ICDCSW.2015.27
Syed Akbar Mehdi, Junaid Khalid, Syed Ali Khayam, Revisiting Traffic Anomaly Detection Using Software Defined Networking Lecture Notes in Computer Science. pp. 161- 180 ,(2011) , 10.1007/978-3-642-23644-0_9
Adel Zaalouk, Rahamatullah Khondoker, Ronald Marx, Kpatcha Bayarou, OrchSec: An orchestrator-based architecture for enhancing network-security using Network Monitoring and SDN Control functions 2014 IEEE Network Operations and Management Symposium (NOMS). pp. 1- 9 ,(2014) , 10.1109/NOMS.2014.6838409
Mark Berman, Jeffrey S. Chase, Lawrence Landweber, Akihiro Nakao, Max Ott, Dipankar Raychaudhuri, Robert Ricci, Ivan Seskar, GENI: A federated testbed for innovative network experiments Computer Networks. ,vol. 61, pp. 5- 23 ,(2014) , 10.1016/J.BJP.2013.12.037
Jose Camacho, Gabriel Macia-Fernandez, Jesus Diaz-Verdejo, Pedro Garcia-Teodoro, Tackling the Big Data 4 vs for anomaly detection international conference on computer communications. pp. 500- 505 ,(2014) , 10.1109/INFCOMW.2014.6849282
K. Giotis, C. Argyropoulos, G. Androulidakis, D. Kalogeras, V. Maglaris, Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments Computer Networks. ,vol. 62, pp. 122- 136 ,(2014) , 10.1016/J.BJP.2013.10.014
Chun-Jen Chung, Pankaj Khatkar, Tianyi Xing, Jeongkeun Lee, Dijiang Huang, NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems IEEE Transactions on Dependable and Secure Computing. ,vol. 10, pp. 198- 211 ,(2013) , 10.1109/TDSC.2013.8
Elias Bou-Harb, Mourad Debbabi, Chadi Assi, Behavioral analytics for inferring large-scale orchestrated probing events international conference on computer communications. pp. 506- 511 ,(2014) , 10.1109/INFCOMW.2014.6849283
Neil C. Rowe, Joseph Barrus, A Distributed Autonomous-Agent Network-Intrusion Detection and Response System Monterey, California. Naval Postgraduate School. ,(1998)
Rodrigo Braga, Edjard Mota, Alexandre Passito, Lightweight DDoS flooding attack detection using NOX/OpenFlow local computer networks. pp. 408- 415 ,(2010) , 10.1109/LCN.2010.5735752