Packet in Message Based DDoS Attack Detection in SDN Network Using OpenFlow

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

Using the OpenFlow protocol, the virtual network technology SDN (Software Defined Network) is now widely used. In recent years, the number of DDoS attacks has been increasing year by year. To detect DDoS attacks in SDN, data recorded in the flow table in OpenFlow switch is analyzed and various detection methods are submitted. However, SDN centrally manages communication within the network, when detecting DDoS (Distributed Denial of Service) attacks. This creates a heavy processing load, and the processing load of the OpenFlow controller must be considered. In this paper, in order to reduce the processing load of the controller, we do not collect data of the flow table, extract three features from the Packet In message for communication between the controller and the switch, and perform real-time attack detection. Furthermore, to avoid stringent detection time intervals, triggers will be added before detection to realize light and dynamic DDoS attacks detection.

Original languageEnglish
Title of host publicationProceedings - 2017 5th International Symposium on Computing and Networking, CANDAR 2017
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages522-528
Number of pages7
Volume2018-January
ISBN (Electronic)9781538620878
DOIs
Publication statusPublished - Apr 23 2018
Event5th International Symposium on Computing and Networking, CANDAR 2017 - Aomori, Japan
Duration: Nov 19 2017Nov 22 2017

Other

Other5th International Symposium on Computing and Networking, CANDAR 2017
CountryJapan
CityAomori
Period11/19/1711/22/17

Fingerprint

Computer networks
Controllers
Processing
Switches
Communication
Network protocols
Denial-of-service attack

All Science Journal Classification (ASJC) codes

  • Artificial Intelligence
  • Computer Networks and Communications
  • Hardware and Architecture

Cite this

You, X., Feng, Y., & Sakurai, K. (2018). Packet in Message Based DDoS Attack Detection in SDN Network Using OpenFlow. In Proceedings - 2017 5th International Symposium on Computing and Networking, CANDAR 2017 (Vol. 2018-January, pp. 522-528). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CANDAR.2017.93

Packet in Message Based DDoS Attack Detection in SDN Network Using OpenFlow. / You, Xiang; Feng, Yaokai; Sakurai, Kouichi.

Proceedings - 2017 5th International Symposium on Computing and Networking, CANDAR 2017. Vol. 2018-January Institute of Electrical and Electronics Engineers Inc., 2018. p. 522-528.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

You, X, Feng, Y & Sakurai, K 2018, Packet in Message Based DDoS Attack Detection in SDN Network Using OpenFlow. in Proceedings - 2017 5th International Symposium on Computing and Networking, CANDAR 2017. vol. 2018-January, Institute of Electrical and Electronics Engineers Inc., pp. 522-528, 5th International Symposium on Computing and Networking, CANDAR 2017, Aomori, Japan, 11/19/17. https://doi.org/10.1109/CANDAR.2017.93
You X, Feng Y, Sakurai K. Packet in Message Based DDoS Attack Detection in SDN Network Using OpenFlow. In Proceedings - 2017 5th International Symposium on Computing and Networking, CANDAR 2017. Vol. 2018-January. Institute of Electrical and Electronics Engineers Inc. 2018. p. 522-528 https://doi.org/10.1109/CANDAR.2017.93
You, Xiang ; Feng, Yaokai ; Sakurai, Kouichi. / Packet in Message Based DDoS Attack Detection in SDN Network Using OpenFlow. Proceedings - 2017 5th International Symposium on Computing and Networking, CANDAR 2017. Vol. 2018-January Institute of Electrical and Electronics Engineers Inc., 2018. pp. 522-528
@inproceedings{ab741be6627240ea8c68218c3419aaec,
title = "Packet in Message Based DDoS Attack Detection in SDN Network Using OpenFlow",
abstract = "Using the OpenFlow protocol, the virtual network technology SDN (Software Defined Network) is now widely used. In recent years, the number of DDoS attacks has been increasing year by year. To detect DDoS attacks in SDN, data recorded in the flow table in OpenFlow switch is analyzed and various detection methods are submitted. However, SDN centrally manages communication within the network, when detecting DDoS (Distributed Denial of Service) attacks. This creates a heavy processing load, and the processing load of the OpenFlow controller must be considered. In this paper, in order to reduce the processing load of the controller, we do not collect data of the flow table, extract three features from the Packet In message for communication between the controller and the switch, and perform real-time attack detection. Furthermore, to avoid stringent detection time intervals, triggers will be added before detection to realize light and dynamic DDoS attacks detection.",
author = "Xiang You and Yaokai Feng and Kouichi Sakurai",
year = "2018",
month = "4",
day = "23",
doi = "10.1109/CANDAR.2017.93",
language = "English",
volume = "2018-January",
pages = "522--528",
booktitle = "Proceedings - 2017 5th International Symposium on Computing and Networking, CANDAR 2017",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
address = "United States",

}

TY - GEN

T1 - Packet in Message Based DDoS Attack Detection in SDN Network Using OpenFlow

AU - You, Xiang

AU - Feng, Yaokai

AU - Sakurai, Kouichi

PY - 2018/4/23

Y1 - 2018/4/23

N2 - Using the OpenFlow protocol, the virtual network technology SDN (Software Defined Network) is now widely used. In recent years, the number of DDoS attacks has been increasing year by year. To detect DDoS attacks in SDN, data recorded in the flow table in OpenFlow switch is analyzed and various detection methods are submitted. However, SDN centrally manages communication within the network, when detecting DDoS (Distributed Denial of Service) attacks. This creates a heavy processing load, and the processing load of the OpenFlow controller must be considered. In this paper, in order to reduce the processing load of the controller, we do not collect data of the flow table, extract three features from the Packet In message for communication between the controller and the switch, and perform real-time attack detection. Furthermore, to avoid stringent detection time intervals, triggers will be added before detection to realize light and dynamic DDoS attacks detection.

AB - Using the OpenFlow protocol, the virtual network technology SDN (Software Defined Network) is now widely used. In recent years, the number of DDoS attacks has been increasing year by year. To detect DDoS attacks in SDN, data recorded in the flow table in OpenFlow switch is analyzed and various detection methods are submitted. However, SDN centrally manages communication within the network, when detecting DDoS (Distributed Denial of Service) attacks. This creates a heavy processing load, and the processing load of the OpenFlow controller must be considered. In this paper, in order to reduce the processing load of the controller, we do not collect data of the flow table, extract three features from the Packet In message for communication between the controller and the switch, and perform real-time attack detection. Furthermore, to avoid stringent detection time intervals, triggers will be added before detection to realize light and dynamic DDoS attacks detection.

UR - http://www.scopus.com/inward/record.url?scp=85050362132&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85050362132&partnerID=8YFLogxK

U2 - 10.1109/CANDAR.2017.93

DO - 10.1109/CANDAR.2017.93

M3 - Conference contribution

AN - SCOPUS:85050362132

VL - 2018-January

SP - 522

EP - 528

BT - Proceedings - 2017 5th International Symposium on Computing and Networking, CANDAR 2017

PB - Institute of Electrical and Electronics Engineers Inc.

ER -