Lightweight DDoS flooding attack detection using NOX/OpenFlow

Author

Braga, Rodrigo ; Mota, Edjard ; Passito, Alexandre

Author_Institution

Dept. de Cienc. da Comput., Univ. Fed. do Amazonas, Brazil

fYear

2010

fDate

10-14 Oct. 2010

Firstpage

408

Lastpage

415

Abstract

Distributed denial-of-service (DDoS) attacks became one of the main Internet security problems over the last decade, threatening public web servers in particular. Although the DDoS mechanism is widely understood, its detection is a very hard task because of the similarities between normal traffic and useless packets, sent by compromised hosts to their victims. This work presents a lightweight method for DDoS attack detection based on traffic flow features, in which the extraction of such information is made with a very low overhead compared to traditional approaches. This is possible due to the use of the NOX platform which provides a programmatic interface to facilitate the handling of switch information. Other major contributions include the high rate of detection and very low rate of false alarms obtained by flow analysis using Self Organizing Maps.

Keywords

Internet; computer network security; file servers; self-organising feature maps; telecommunication traffic; Internet security problem; NOX platform; OpenFlow; distributed denial-of-service flooding attack detection; flow analysis; programmatic interface; public Web server; self-organizing map; switch information handling; traffic flow feature; Computer crime; Feature extraction; IP networks; Neurons; Protocols; Switches; Artificial Neural Networks; Network Security; Programmable Networks;

fLanguage

English

Publisher

ieee

Conference_Titel

Local Computer Networks (LCN), 2010 IEEE 35th Conference on

Conference_Location

Denver, CO

ISSN

0742-1303

Print_ISBN

978-1-4244-8387-7

Type

conf

DOI

10.1109/LCN.2010.5735752

Filename

5735752