Browse > Article
http://dx.doi.org/10.17661/jkiiect.2020.13.1.81

A Study on the Detection Technique of DDoS Attacks on the Software-Defined Networks  

Kim, SoonGohn (School of Software Engineering, Joongbu University)
Publication Information
The Journal of Korea Institute of Information, Electronics, and Communication Technology / v.13, no.1, 2020 , pp. 81-87 More about this Journal
Abstract
Recently, the network configuration is being rapidly changed to enable easy and free network service configuration based on SDN/NFV. Despite the many advantages and applications of SDN, many security issues such as Distributed Denial of Service (DDoS) attacks are being constantly raised as research issues. In particular, the effectiveness of DDoS attacks is much faster, SDN is causing more and more fatal damage. In this paper, we propose an entropy-based technique to detect and mitigate DDoS attacks in SDN, and prove it through experiments. The proposed scheme is designed to mitigate these attacks by detecting DDoS attacks on single and multiple victim systems and using time - specific techniques. We confirmed the effectiveness of the proposed scheme to reduce packet loss rate by 20(19.86)% while generating 3.21% network congestion.
Keywords
Software-Defined Networks; Network Security; DDoS; Entropy; Computer Network;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Akhunzada A., Ahmed E., Gani A., Khan M. K., Imran M., and Guizani, S., "Securing software defined networks: taxonomy, requirements, and open issues", IEEE Communications Magazine, Vol. 53, No. 4, pp. 36-44, 2015.   DOI
2 Scott-Hayward S., Natarajan S., and Sezer S., "A survey of security in software defined networks", IEEE Communications Surveys & Tutorials, Vol. 18, No. 1, pp. 623-654, 2016.   DOI
3 Scott-Hayward S., O'Callaghan G., and Sezer, S, "SDN security: A survey. In Future Networks and Services (SDN4FNS)", 2013 IEEE SDN, pp. 1-7, 2013.
4 Wang R., Jia Z., and Ju, L., "An Entropy-Based Distributed DDoS Detection Mechanism in SDN", In Trustcom/BigDataSE/ISPA, 2015 IEEE, Vol. 1, pp. 310-317, 2015.
5 Mousavi S.M. and St-Hilaire M., "Early detection of DDoS attacks against SDN controllers", In Computing Networking and Communications (ICNC) International Conference, pp. 77-81, 2015.
6 Muhammad Nugraha, Isyana Paramita, Ardiansyah Musa, Deokjai Choi, Buseung Cho, "Utilizing OpenFlow and sFlow to Detect and Mitigate SYN Flooding Attack," Journal of Korea Multimedia Society, Vol. 17, No. 8, pp.988-994, Aug. 2014.   DOI
7 Dharma N. G., Muthohar M. F., Prayuda J. A., Priagung K., Choi, D., "Time-based DDoS detection and mitigation for SDN controller,". In Network Operations and Management Symposium (APNOMS 2015), pp. 550-553, Aug. 2015.
8 sFlow Version 5. [Online]. http://sflow.org/sflowversion5.txt, May 2017.
9 Mininet, http://mininet.org/, 2018, May.
10 Openflow, https://openflow.stanford.edu/display/Beacon/Home, 2018. May
11 Scapy. http://www.secdev.org/projects/scapy/, 2018, May.