TY - GEN
T1 - DDoS attack identification and defense using SDN based on machine learning method
AU - Yang, Lingfeng
AU - Zhao, Hui
N1 - Publisher Copyright:
© 2018 IEEE.
PY - 2018/7/2
Y1 - 2018/7/2
N2 - SDN (Software Defined Network) has attracted great interests as a new paradigm in the network. Thus, the security of SDN is important. Distributed Denial Service (DDoS) attack has been the plague of the Internet. Now, it is a threat in some SDN applied scenarios, such as the campus network. In order to alleviate the DDoS attack in the campus network, we propose an SDN framework to identify and defend DDoS attacks based on machine learning. This framework consists of 3 parts which are traffic collection module, DDoS attack identification module and flow table delivery module. Traffic collection module extracts traffic characteristics to prepare for traffic identification. Utilizing the flexible and multi-dimensional features of SDN network architecture in deploying DDoS attack detection system, the controller extracts the network traffic characteristics through statistical flow table information and uses the support vector machines (SVM) method to identify the attack traffic. Then the flow table delivery module dynamically adjusts the forwarding policy to resist DDoS attacks according to the traffic identification result. The experiment is conducted using KDD99 dataset. The experiment results show the effectiveness of the DDoS attack identification method.
AB - SDN (Software Defined Network) has attracted great interests as a new paradigm in the network. Thus, the security of SDN is important. Distributed Denial Service (DDoS) attack has been the plague of the Internet. Now, it is a threat in some SDN applied scenarios, such as the campus network. In order to alleviate the DDoS attack in the campus network, we propose an SDN framework to identify and defend DDoS attacks based on machine learning. This framework consists of 3 parts which are traffic collection module, DDoS attack identification module and flow table delivery module. Traffic collection module extracts traffic characteristics to prepare for traffic identification. Utilizing the flexible and multi-dimensional features of SDN network architecture in deploying DDoS attack detection system, the controller extracts the network traffic characteristics through statistical flow table information and uses the support vector machines (SVM) method to identify the attack traffic. Then the flow table delivery module dynamically adjusts the forwarding policy to resist DDoS attacks according to the traffic identification result. The experiment is conducted using KDD99 dataset. The experiment results show the effectiveness of the DDoS attack identification method.
KW - Distributed Denial of Service (DDoS)
KW - Machine Learning (ML)
KW - Security
KW - Software Defined Network (SDN)
KW - Support Vector Machines (SVM)
UR - https://www.scopus.com/pages/publications/85063694474
U2 - 10.1109/I-SPAN.2018.00036
DO - 10.1109/I-SPAN.2018.00036
M3 - 会议稿件
AN - SCOPUS:85063694474
T3 - Proceedings - 2018 15th International Symposium on Pervasive Systems, Algorithms and Networks, I-SPAN 2018
SP - 174
EP - 178
BT - Proceedings - 2018 15th International Symposium on Pervasive Systems, Algorithms and Networks, I-SPAN 2018
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 15th International Symposium on Pervasive Systems, Algorithms and Networks, I-SPAN 2018
Y2 - 16 October 2018 through 18 October 2018
ER -