An early detection of low rate DDoS attack to SDN based data center networks using information distance metrics

Sahoo, KS; Puthal, D; Tiwary, M; Rodrigues, JJPC; Sahoo, B; Dash, R

An early detection of low rate DDoS attack to SDN based data center networks using information distance metrics

Sahoo, KS Puthal, D

Tiwary, M Rodrigues, JJPC Sahoo, B Dash, R

Permalink

Publication Type:: Journal Article
Citation:: Future Generation Computer Systems, 2018, 89 pp. 685 - 697
Issue Date:: 2018-12-01

Closed Access

	Filename	Description	Size
	1-s2.0-S0167739X18309543-main.pdf	Published Version	2.25 MB	Adobe PDF	View/Open

Copyright Clearance Process

Recently Added
In Progress
Closed Access

This item is closed access and not available.

Full metadata record

Field	Value	Language
dc.contributor.author	Sahoo, KS	en_US
dc.contributor.author	Puthal, D https://orcid.org/0000-0002-8332-278X	en_US
dc.contributor.author	Tiwary, M	en_US
dc.contributor.author	Rodrigues, JJPC	en_US
dc.contributor.author	Sahoo, B	en_US
dc.contributor.author	Dash, R	en_US
dc.date.issued	2018-12-01	en_US
dc.identifier.citation	Future Generation Computer Systems, 2018, 89 pp. 685 - 697	en_US
dc.identifier.issn	0167-739X	en_US
dc.identifier.uri	http://hdl.handle.net/10453/129737
dc.description.abstract	© 2018 The primary innovations behind Software Defined Networks (SDN) are the decoupling of the control plane from the data plane and centralizing the network management through a specialized application running on the controller. In spite of many advantages, SDN based data centers’ security issues is still a matter of concern among the research communities. Although SDN becomes a valuable tool to defeat attackers, at the same time SDN itself becomes a victim of Distributed Denial-of-Service (DDoS) attacks due to the potential vulnerabilities exist across various SDN layer. The logically centralized controller is always an attractive target for DDoS attack. Hence, it is important to have a fast as well as accurate detection model to detect the control layer attack traffic at an early stage. We have employed information distance (ID) as a metric to detect the attack traffic at the controller. The ID metric can quantify the deviations of network traffic with different probability distributions. In this paper, taking the advantages of flow based nature of SDN, we proposed a Generalized Entropy (GE) based metric to detect the low rate DDoS attack to the control layer. The experimental results show that our detection mechanism improves the detection accuracy as compared to Shannon entropy and other statistical information distance metrics.	en_US
dc.relation.ispartof	Future Generation Computer Systems	en_US
dc.relation.isbasedon	10.1016/j.future.2018.07.017	en_US
dc.rights	info:eu-repo/semantics/closedAccess
dc.subject.classification	Distributed Computing	en_US
dc.title	An early detection of low rate DDoS attack to SDN based data center networks using information distance metrics	en_US
dc.type	Journal Article
utslib.citation.volume	89	en_US
utslib.for	0805 Distributed Computing	en_US
utslib.for	0806 Information Systems	en_US
utslib.for	0803 Computer Software	en_US
pubs.embargo.period	Not known	en_US
pubs.organisational-group	/University of Technology Sydney
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology
pubs.organisational-group	/University of Technology Sydney/Faculty of Engineering and Information Technology/School of Information, Systems and Modelling
utslib.copyright.status	closed_access	*
pubs.publication-status	Published	en_US
pubs.volume	89	en_US

Abstract:

© 2018 The primary innovations behind Software Defined Networks (SDN) are the decoupling of the control plane from the data plane and centralizing the network management through a specialized application running on the controller. In spite of many advantages, SDN based data centers’ security issues is still a matter of concern among the research communities. Although SDN becomes a valuable tool to defeat attackers, at the same time SDN itself becomes a victim of Distributed Denial-of-Service (DDoS) attacks due to the potential vulnerabilities exist across various SDN layer. The logically centralized controller is always an attractive target for DDoS attack. Hence, it is important to have a fast as well as accurate detection model to detect the control layer attack traffic at an early stage. We have employed information distance (ID) as a metric to detect the attack traffic at the controller. The ID metric can quantify the deviations of network traffic with different probability distributions. In this paper, taking the advantages of flow based nature of SDN, we proposed a Generalized Entropy (GE) based metric to detect the low rate DDoS attack to the control layer. The experimental results show that our detection mechanism improves the detection accuracy as compared to Shannon entropy and other statistical information distance metrics.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/129737