Title :
Lightweight DDoS flooding attack detection using NOX/OpenFlow
Author :
Braga, Rodrigo ; Mota, Edjard ; Passito, Alexandre
Author_Institution :
Dept. de Cienc. da Comput., Univ. Fed. do Amazonas, Brazil
Abstract :
Distributed denial-of-service (DDoS) attacks became one of the main Internet security problems over the last decade, threatening public web servers in particular. Although the DDoS mechanism is widely understood, its detection is a very hard task because of the similarities between normal traffic and useless packets, sent by compromised hosts to their victims. This work presents a lightweight method for DDoS attack detection based on traffic flow features, in which the extraction of such information is made with a very low overhead compared to traditional approaches. This is possible due to the use of the NOX platform which provides a programmatic interface to facilitate the handling of switch information. Other major contributions include the high rate of detection and very low rate of false alarms obtained by flow analysis using Self Organizing Maps.
Keywords :
Internet; computer network security; file servers; self-organising feature maps; telecommunication traffic; Internet security problem; NOX platform; OpenFlow; distributed denial-of-service flooding attack detection; flow analysis; programmatic interface; public Web server; self-organizing map; switch information handling; traffic flow feature; Computer crime; Feature extraction; IP networks; Neurons; Protocols; Switches; Artificial Neural Networks; Network Security; Programmable Networks;
Conference_Titel :
Local Computer Networks (LCN), 2010 IEEE 35th Conference on
Conference_Location :
Denver, CO
Print_ISBN :
978-1-4244-8387-7
DOI :
10.1109/LCN.2010.5735752
