Improving the Two-stage Detection of Cyberattacks in SDN Environment Using Dynamic Thresholding

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In recent years, the DDoS (Distributed Denial of Service) attack continues to be one of the most dangerous threats even in the SDN (Software Defined Networking) environment. Many approaches have been proposed to deal with the DDoS attacks in the SDN environment. Among those approaches, the two-step detection, in which a trigger mechanism is added before the detection algorithm is called, is gaining more and more attention. In other words, it is the trigger, not the resource-consuming detection algorithm, that constantly monitors network traffic. Thus, the detection algorithm is only called when it is triggered. However, in the existing two-step methods, the trigger uses a static threshold to determine whether or not to start the detection process. In practice, it is difficult to determine an appropriate threshold, and the threshold has a decisive effect on the frequency of the detection process being called and ultimately, it impacts detection performance. In this paper, we propose a self-feedback dynamic thresholding system in which the threshold used in the trigger is dynamically adjusted based on the previous results of trigger and detection. Experimental results and our discussion show that our proposal significantly reduces the number of calls to the resource-consuming detection algorithm with no sacrifice of detection result.

Original languageEnglish
Title of host publicationProceedings of the 2021 15th International Conference on Ubiquitous Information Management and Communication, IMCOM 2021
EditorsSukhan Lee, Hyunseung Choo, Roslan Ismail
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9780738105086
DOIs
Publication statusPublished - Jan 4 2021
Event15th International Conference on Ubiquitous Information Management and Communication, IMCOM 2021 - Seoul, Korea, Republic of
Duration: Jan 4 2021Jan 6 2021

Publication series

NameProceedings of the 2021 15th International Conference on Ubiquitous Information Management and Communication, IMCOM 2021

Conference

Conference15th International Conference on Ubiquitous Information Management and Communication, IMCOM 2021
CountryKorea, Republic of
CitySeoul
Period1/4/211/6/21

All Science Journal Classification (ASJC) codes

  • Artificial Intelligence
  • Computer Networks and Communications
  • Computer Science Applications
  • Information Systems
  • Information Systems and Management
  • Health Informatics

Fingerprint Dive into the research topics of 'Improving the Two-stage Detection of Cyberattacks in SDN Environment Using Dynamic Thresholding'. Together they form a unique fingerprint.

Cite this