Yayınlanmış 1 Ocak 2024 | Sürüm v1
Dergi makalesi Açık

A novel Distributed Denial of Service attack defense scheme for Software-Defined Networking using Packet-In message and domain

  • 1. Ericsson Res, Istanbul, Turkiye
  • 2. Ericsson, Stockholm, Sweden

Açıklama

Software-Defined Networking (SDN) enhances network management by improving adaptability, flexibility, and scalability. However, its centralized controller is vulnerable to Distributed Denial of Service (DDoS) attacks that can disrupt network availability. This study introduces a novel real-time DDoS detection scheme integrated into the SDN controller. The scheme uses a twostep process to analyze Packet-In messages in both time and frequency domains. A time-series is generated by sampling the number of Packet-In messages at specific time intervals, which is compared against a predefined threshold. If exceeded, frequency domain analysis is applied to extract features, which are then used by Machine Learning (ML) algorithms to identify DDoS attacks. The scheme achieves 99.85% accuracy in distinguishing normal traffic from attack traffic, demonstrating its effectiveness in safeguarding SDN environments from DDoS threats.

Dosyalar

bib-cb191d35-8929-4062-86a8-a3ba0c48ccb7.txt

Dosyalar (242 Bytes)

Ad Boyut Hepisini indir
md5:341e68da6de357edddcca10379ceadc4
242 Bytes Ön İzleme İndir