IEEE Access (Jan 2020)
Low-Rate DDoS Attack Detection Based on Factorization Machine in Software Defined Network
Abstract
As the Software Define Network (SDN) adopts centralized control logic, it is vulnerable to various types of Distributed Denial of Service (DDoS) attacks. At present, almost all the research work focuses on high-rate DDoS attack against the SDN control layer. Moreover, most of the existing detection methods are effective for high-rate DDoS attack detection of the control layer, while a low-rate DDoS attack against the SDN data layer is highly concealed, and the detection accuracy against this kind of attack is low. In order to improve the detection accuracy of the low-rate DDoS attack against the SDN data layer, this paper studies the mechanism of such attacks, and then proposes a multi-feature DDoS attack detection method based on Factorization Machine (FM). The features extracted from the flow rules are used to detect low-rate DDoS attacks, and the detection of low-rate DDoS attacks based on FM machine learning algorithms is implemented. The experimental results show that the method can effectively detect the low-rate DDoS attack against the SDN data layer, and the detection accuracy reaches 95.80 percent. Because FM algorithm can achieve fine-grained detection for low-rate DDoS attack, which provides a reliable condition for defending against such attacks. Finally, this paper proposes a defense method based on dynamic deletion of flow rules, and carries out experimental simulation and analysis to prove the effectiveness of the defense method, and the success rate of forwarding normal packets reached 97.85 percent.
Keywords