A HMM-R Approach to Detect L-DDoS Attack Adaptively on SDN Controller

Wentao Wang; Xuan Ke; Lingxia Wang

doi:10.3390/fi10090083

Future Internet (Aug 2018)

A HMM-R Approach to Detect L-DDoS Attack Adaptively on SDN Controller

Wentao Wang,
Xuan Ke,
Lingxia Wang

Affiliations

Wentao Wang: College of Computer Science, South-Central University for Nationalities, Wuhan 430074, China
Xuan Ke: College of Computer Science, South-Central University for Nationalities, Wuhan 430074, China
Lingxia Wang: College of Computer Science, South-Central University for Nationalities, Wuhan 430074, China

DOI: https://doi.org/10.3390/fi10090083
Journal volume & issue: Vol. 10, no. 9
p. 83

Abstract

Read online

A data center network is vulnerable to suffer from concealed low-rate distributed denial of service (L-DDoS) attacks because its data flow has the characteristics of data flow delay, diversity, and synchronization. Several studies have proposed addressing the detection of L-DDoS attacks, most of them are only detect L-DDoS attacks at a fixed rate. These methods cause low true positive and high false positive in detecting multi-rate L-DDoS attacks. Software defined network (SDN) is a new network architecture that can centrally control the network. We use an SDN controller to collect and analyze data packets entering the data center network and calculate the Renyi entropies base on IP of data packets, and then combine them with the hidden Markov model to get a probability model HMM-R to detect L-DDoS attacks at different rates. Compared with the four common attack detection algorithms (KNN, SVM, SOM, BP), HMM-R is superior to them in terms of the true positive rate, the false positive rate, and the adaptivity.

Published in Future Internet

ISSN: 1999-5903 (Online)
Publisher: MDPI AG
Country of publisher: Switzerland
LCC subjects: Technology: Technology (General): Industrial engineering. Management engineering: Information technology
Website: http://www.mdpi.com/journal/futureinternet/

About the journal

Abstract

Keywords