Detecting distributed cyber attacks in SDN based on automatic thresholding

Ryousuke Komiya, Yaokai Feng, Kouichi Sakurai

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

Distributed Cyber Attack launched from many hosts simultaneously has become one of the most sophisticated and the most dangerous attacks in the cyber world including the traditional Internet and the SDN (Software Defined Networking) environments. As a kind of centralized network environment, the SDN has been greatly developed and popularized in recent years, especially in cloud systems. Thus, how to efficiently detect distributed attacks in SDN environments has attracted great attentions in academia and industry and various researches have been done to counter such attacks. The latest related researches made attempts to exploit the information of the PacketIn packets collected in the SDN controller and those methods proved efficient for detecting distributed cyber attacks in SDN environments. However, such methods adopted a threshold for distinguishing between attacks and normal situations. The threshold must be properly determined manually in advance, which is not easy in many applications even for experts. In this study, we try to automatically extract a proper threshold from the historical data of the monitored SDN environment so that the difficult parameter-tuning (determination of the threshold) process can be removed. In addition, because the extracted threshold can well reflect the actual situations of the monitored environment, a better detection performance than the existing approaches can be expected. The detection performance of our proposal is also tested using real traffic data.

Original languageEnglish
Title of host publicationProceedings - 2018 6th International Symposium on Computing and Networking Workshops, CANDARW 2018
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages417-423
Number of pages7
ISBN (Electronic)9781538691847
DOIs
Publication statusPublished - Dec 26 2018
Event6th International Symposium on Computing and Networking Workshops, CANDARW 2018 - Takayama, Japan
Duration: Nov 27 2018Nov 30 2018

Publication series

NameProceedings - 2018 6th International Symposium on Computing and Networking Workshops, CANDARW 2018

Conference

Conference6th International Symposium on Computing and Networking Workshops, CANDARW 2018
CountryJapan
CityTakayama
Period11/27/1811/30/18

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Hardware and Architecture
  • Statistics, Probability and Uncertainty
  • Computer Science Applications

Fingerprint Dive into the research topics of 'Detecting distributed cyber attacks in SDN based on automatic thresholding'. Together they form a unique fingerprint.

Cite this