Detection and Defense Mechanism of LDoS Attack in SDN Environment

YAN Tong, BAI Zhihua, GAO Zhen, YAN Lina, ZHOU Lei

doi:10.3778/j.issn.1673-9418.1905043

Jisuanji kexue yu tansuo (Apr 2020)

Detection and Defense Mechanism of LDoS Attack in SDN Environment

YAN Tong, BAI Zhihua, GAO Zhen, YAN Lina, ZHOU Lei

Affiliations

YAN Tong, BAI Zhihua, GAO Zhen, YAN Lina, ZHOU Lei: 1. School of Electrical and Information Engineering, Tianjin University, Tianjin 300072, China 2. Beijing Smartchip Microelectronics Technology Co., Ltd., Beijing 102200, China

DOI: https://doi.org/10.3778/j.issn.1673-9418.1905043

Abstract

Read online

Low-rate denial of service (LDoS) attack is a new type of network attack, which is characterized by low attack cost and strong concealment. As a new type of network architecture, software defined network (SDN) is also threatened by LDoS attacks. The control and forwarding separation of the SDN network and the programmable net-work behavior provide new ideas for the detection and defense of LDoS attacks. This paper proposes a new LDoS attack detection and defense method based on OpenFlow protocol. The rate of each OpenFlow data stream is separately counted, and the double-sliding-window method in signal detection is used to detect the attack traffic. Once the attack traffic is detected, the controller can implement real-time defense against the attack behavior by sending a flow table. Experi-ments show that this method can effectively detect LDoS attacks and can defend against LDoS attacks in a short time.

Published in Jisuanji kexue yu tansuo

ISSN: 1673-9418 (Print)
Publisher: Journal of Computer Engineering and Applications Beijing Co., Ltd., Science Press
Country of publisher: China
LCC subjects: Science: Mathematics: Instruments and machines: Electronic computers. Computer science
Website: http://fcst.ceaj.org

About the journal

Abstract

Keywords