Proposed statistical-based approach for detecting distribute denial of service against the controller of software defined network (SADDCS)

Mohammad A. AL-Adaileh; Mohammed Anbar; Yung-Wey Chong; Ahmed Al-Ani

doi:10.1051/matecconf/201821802012

All issues

Volume 218 (2018)

MATEC Web Conf., 218 (2018) 02012

Abstract

Open Access

Issue		MATEC Web Conf. Volume 218, 2018 The 1^st International Conference on Industrial, Electrical and Electronics (ICIEE 2018)


Article Number		02012
Number of page(s)		8
Section		Control Electronics, Circuits, and Systems
DOI		https://doi.org/10.1051/matecconf/201821802012
Published online		26 October 2018

MATEC Web of Conferences 218, 02012 (2018)

Proposed statistical-based approach for detecting distribute denial of service against the controller of software defined network (SADDCS)

Mohammad A. AL-Adaileh^*, Mohammed Anbar^*, Yung-Wey Chong¹ and Ahmed Al-Ani¹

¹ National Advanced IPv6 Centre, Universiti Sains Malaysia, 11800 Gelugor, Penang, Malaysia

^* Corresponding author: m_aladaileh2003@nav6.usm.my and anbar@nav6.usm.my

Abstract

Software-defined networkings (SDNs) have grown rapidly in recent years be-cause of SDNs are widely used in managing large area networks and securing networks from Distributed Denial of Services (DDoS) attacks. SDNs allow net-works to be monitored and managed through centralized controller. Therefore, SDN controllers are considered as the brain of networks and are considerably vulnerable to DDoS attacks. Thus, SDN controller suffer from several challenges that exhaust network resources. For SDN controller, the main target of DDoS attacks is to prevent legitimate users from using a network resource or receiving their services. Nevertheless, some approaches have been proposed to detect DDoS attacks through the examination of the traffic behavior of networks. How-ever, these approaches take too long to process all incoming packets, thereby leading to high bandwidth consumption and delays in the detection of DDoS at-tacks. In addition, most existing approaches for the detection of DDoS attacks suffer from high positive/negative false rates and low detection accuracy. This study proposes a new approach to detecting DDoS attacks. The approach is called the statistical-based approach for detecting DDoS against the controllers of software-defined networks. The proposed approach is designed to detect the presence of DDoS attacks accurately, reduce false positive/negative flow rates, and minimize the complexity of targeting SDN controllers according to a statistical analysis of packet features. The proposed approach passively captures net-work traffic, filters traffic, and selects the most significant features that contribute to DDoS attack detection. The general stages of the proposed approach are (i) da-ta preprocessing, (ii) statistical analysis, (iii) correlation identification between two vectors, and (iv) rule-based DDoS detection.

This is an Open Access article distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Current usage metrics show cumulative count of Article Views (full-text article views including HTML views, PDF and ePub downloads, according to the available data) and Abstracts Views on Vision4Press platform.

Data correspond to usage on the plateform after 2015. The current usage metrics is available 48-96 hours after online publication and is updated daily on week days.

Initial download of the metrics may take a while.