IEEE Access (Jan 2020)

Detecting DoS Attacks Based on Multi-Features in SDN

  • Meng Yue,
  • Huaiyuan Wang,
  • Liang Liu,
  • Zhijun Wu

DOI
https://doi.org/10.1109/ACCESS.2020.2999668
Journal volume & issue
Vol. 8
pp. 104688 – 104700

Abstract

Read online

Denial of Service (DoS) attack is a serious threat to Software Defined Network (SDN). Although many research efforts have been devoted to identify new features for DoS attack detection, the existing approaches are not able to detect various types of DoS attacks. In SDN, DoS attacks against data plane are mainly organized in two ways: 1) DoS attack with multiple flow entries (M-DoS) to exhaust the Ternary Content-Addressable Memory (TCAM) resource of the switch. 2) DoS attack with a single well-designed entry (S-DoS) to overwhelm the target link and further impact the controller. To detect these two attacks, we propose a new approach by extracting six features of flow table, and using the back propagation (BP) neural network to construct the classifier. Test results of test-bed experiments indicate that the accurate detection probability of proposed approach is 98.9%, which can effectively distinguish M-DoS flows and S-DoS flows without being affected by Flash crowd scene.

Keywords