SlideShare uma empresa Scribd logo
1 de 1
Time-based DDoS Detection and Mitigation for SDN Controller
I Gde Dharma N., M. Fiqri Muthohar, Alvin Prayuda J. D., Priagung K., Deokjai Choi
School of Electronics and Computer Engineering
Chonnam National University
Gwangju, South Korea
gdebig@gmail.com, fiqri.muthohar@gmail.com, alvinprayuda@gmail.com, priagung.123@gmail.com, dchoi@jnu.ac.kr
Introduction DDoS Attack Scenario
• Software Defined Network (SDN) is a new paradigm network
management that decouples control plane and data plan.
• The control plane is usually called as the controller. Controller in SDN
dictates the overall network behavior. Data plane is the network
devices that act as simple packet forwarder.
• From the security point of view, SDN introduces a new single point of
failure. Since the controller is the main brain in the network, the
performance of the network depends on it. If the controller is down
or unreachable, the overall networks will collapse.
• One of the attack methods that can be used to attack SDN controller
is DDoS attack. DDoS attack also has many methods to overwhelm
the resource of Controller.
• DDoS attack sends a large number of packets in a certain time. The
malicious packets that used for DDoS attack have the same
destination and port addresses.
• This packet also has a typical size that different with the legitimate
packet. This characteristic has been studied in many papers to
propose the detection and mitigation methods for DDoS attack.
• However, the time duration of DDoS attack is rarely used.
Research Objective
• First, learns the potential vulnerabilities of SDN Controller operation
that can be exploited for DDoS attack.
• Explore the time characteristic of DDoS attack for SDN Controller.
• Develop the method for DDoS attack detection and mitigation for
SDN Controller.
SDN Operation and DDoS Attack
• SDN Controller basic operation is shown in the figure 1.
• OpenFlow Protocol is widely used in current SDN. OpenFlow is
responsible for the communication between OpenFlow Controller
and OpenFlow Switch through the secure channel.
• DDoS Attack exploit the size limitation of flow tables in SDN
Controller.
• This attack needs time to achieve high rate malicious packet. DDoS
attacker also sometimes uses a periodic attack that held in certain
time. This time characteristic of DDoS attack can be used to in
detection method to increase the detection time before the DDoS
attack achieve its goal.
• Figure 2 shows the scenario of DDoS Attack that used in this
research.
Proposed DDoS Detect Method
• The objective of the method is to detect and mitigate DDoS attack on
SDN Controller.
• This method not only considers the destination address for detection
but also the time needed to achieve high rate traffic and time attack
pattern of DDoS attack.
• Time duration is used to detect the DDoS attack and time attack
pattern is used to prevent DDoS attack in the future.
• Assume 𝑃𝑛𝑣 is the number of non-valid packet that coming to flow
control, t is time window, R is the volume of non-valid packet per
time window, our method can be formulized as follow:
𝑅 = lim
∆𝑡→0
∆𝑃𝑛𝑣
∆𝑡
• The architecture of the proposed solution can be seen in figure 3.
Evaluation Design
• To evaluate our proposed method, we will investigate system
resource usage (CPU, the number of flow entries) in SDN Controller
and OpenFlow Switch.
• To measure the detection performance, we use Detection Rate
measurement (DR) and False Alarm rate (FA)
Conclusion and Future Work
This paper reports our ongoing effort on developing detection and
mitigation method of DDoS attack on SDN controller. We have described
the basic operation of SDN controller. We also have analyzed the
potential vulnerabilities in SDN controller that can be exploited for DDoS
attack. This method not only consider the malicious packet to detect
DDoS attack, also consider time characteristic of DDoS attack. We also
investigate the pattern of time DDoS attack for preventing DDoS attack in
the future. In this paper, we have described our experiment scenario and
also how to evaluate the performance of our method.
For future work, we will investigate the better threshold for DDoS attack
detection. We also will study deeper to cluster time pattern of DDoS
attack. The goal is to find the best algorithm for clusters the DDoS attack
time. Then, we will evaluate our proposed method in a simulation
environment to find out the performance of our method based on our
experimental plan.

Mais conteúdo relacionado

Mais procurados

Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
 Distributed denial-of-service (DDoS) attack ||  Seminar Report @ gestyy.com/... Distributed denial-of-service (DDoS) attack ||  Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...Suhail Khan
 
Entropy and denial of service attacks
Entropy and denial of service attacksEntropy and denial of service attacks
Entropy and denial of service attackschris zlatis
 
Type of DDoS attacks with hping3 example
Type of DDoS attacks with hping3 exampleType of DDoS attacks with hping3 example
Type of DDoS attacks with hping3 exampleHimani Singh
 
10 DDoS Mitigation Techniques
10 DDoS Mitigation Techniques10 DDoS Mitigation Techniques
10 DDoS Mitigation TechniquesIntruGuard
 
DDoS Attack and Mitigation
DDoS Attack and MitigationDDoS Attack and Mitigation
DDoS Attack and MitigationDevang Badrakiya
 
Ddos and mitigation methods.pptx
Ddos and mitigation methods.pptxDdos and mitigation methods.pptx
Ddos and mitigation methods.pptxOzkan E
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackAhmed Ghazey
 
DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-do...
DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-do...DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-do...
DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-do...ShortestPathFirst
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackKaustubh Padwad
 
Defense mechanism for d do s attack through machine learning
Defense mechanism for d do s attack through machine learningDefense mechanism for d do s attack through machine learning
Defense mechanism for d do s attack through machine learningeSAT Publishing House
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionAPNIC
 
Ddos- distributed denial of service
Ddos- distributed denial of service Ddos- distributed denial of service
Ddos- distributed denial of service laxmi chandolia
 
DDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT DevicesDDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT DevicesSeungjoo Kim
 
Rise of Dr Dos DDoS Attacks - Infographic
Rise of Dr Dos DDoS Attacks - InfographicRise of Dr Dos DDoS Attacks - Infographic
Rise of Dr Dos DDoS Attacks - InfographicState of the Internet
 
Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...
Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...
Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...APNIC
 

Mais procurados (20)

Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
 Distributed denial-of-service (DDoS) attack ||  Seminar Report @ gestyy.com/... Distributed denial-of-service (DDoS) attack ||  Seminar Report @ gestyy.com/...
Distributed denial-of-service (DDoS) attack || Seminar Report @ gestyy.com/...
 
DDoS ATTACKS
DDoS ATTACKSDDoS ATTACKS
DDoS ATTACKS
 
Entropy and denial of service attacks
Entropy and denial of service attacksEntropy and denial of service attacks
Entropy and denial of service attacks
 
1766 1770
1766 17701766 1770
1766 1770
 
Type of DDoS attacks with hping3 example
Type of DDoS attacks with hping3 exampleType of DDoS attacks with hping3 example
Type of DDoS attacks with hping3 example
 
10 DDoS Mitigation Techniques
10 DDoS Mitigation Techniques10 DDoS Mitigation Techniques
10 DDoS Mitigation Techniques
 
DDoS Attack and Mitigation
DDoS Attack and MitigationDDoS Attack and Mitigation
DDoS Attack and Mitigation
 
Ddos and mitigation methods.pptx
Ddos and mitigation methods.pptxDdos and mitigation methods.pptx
Ddos and mitigation methods.pptx
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
 
DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-do...
DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-do...DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-do...
DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-do...
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS Attacks
 
Defense mechanism for d do s attack through machine learning
Defense mechanism for d do s attack through machine learningDefense mechanism for d do s attack through machine learning
Defense mechanism for d do s attack through machine learning
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack Prevention
 
Ddos- distributed denial of service
Ddos- distributed denial of service Ddos- distributed denial of service
Ddos- distributed denial of service
 
DDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT DevicesDDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT Devices
 
DDOS ATTACKS
DDOS ATTACKSDDOS ATTACKS
DDOS ATTACKS
 
Rise of Dr Dos DDoS Attacks - Infographic
Rise of Dr Dos DDoS Attacks - InfographicRise of Dr Dos DDoS Attacks - Infographic
Rise of Dr Dos DDoS Attacks - Infographic
 
Aw36294299
Aw36294299Aw36294299
Aw36294299
 
Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...
Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...
Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...
 

Semelhante a Time-based DDoS Detection and Mitigation for SDN Controller

cybersecuritydosattackUsingNS2[111].pptx
cybersecuritydosattackUsingNS2[111].pptxcybersecuritydosattackUsingNS2[111].pptx
cybersecuritydosattackUsingNS2[111].pptxharisbs369
 
DDOS ATTACKS DETECTION USING DYNAMIC ENTROPY INSOFTWARE-DEFINED NETWORK PRACT...
DDOS ATTACKS DETECTION USING DYNAMIC ENTROPY INSOFTWARE-DEFINED NETWORK PRACT...DDOS ATTACKS DETECTION USING DYNAMIC ENTROPY INSOFTWARE-DEFINED NETWORK PRACT...
DDOS ATTACKS DETECTION USING DYNAMIC ENTROPY INSOFTWARE-DEFINED NETWORK PRACT...IJCNCJournal
 
DDoS Attacks Detection using Dynamic Entropy in Software-Defined Network Prac...
DDoS Attacks Detection using Dynamic Entropy in Software-Defined Network Prac...DDoS Attacks Detection using Dynamic Entropy in Software-Defined Network Prac...
DDoS Attacks Detection using Dynamic Entropy in Software-Defined Network Prac...IJCNCJournal
 
An intelligent system to detect slow denial of service attacks in software-de...
An intelligent system to detect slow denial of service attacks in software-de...An intelligent system to detect slow denial of service attacks in software-de...
An intelligent system to detect slow denial of service attacks in software-de...IJECEIAES
 
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUEA MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUEIJNSA Journal
 
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUEA MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUEIJNSA Journal
 
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUEA MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUEIJNSA Journal
 
IRJET- HHH- A Hyped-up Handling of Hadoop based SAMR-MST for DDOS Attacks...
IRJET-  	  HHH- A Hyped-up Handling of Hadoop based SAMR-MST for DDOS Attacks...IRJET-  	  HHH- A Hyped-up Handling of Hadoop based SAMR-MST for DDOS Attacks...
IRJET- HHH- A Hyped-up Handling of Hadoop based SAMR-MST for DDOS Attacks...IRJET Journal
 
IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...
IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...
IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...IRJET Journal
 
DETECTION OF APPLICATION LAYER DDOS ATTACKS USING INFORMATION THEORY BASED ME...
DETECTION OF APPLICATION LAYER DDOS ATTACKS USING INFORMATION THEORY BASED ME...DETECTION OF APPLICATION LAYER DDOS ATTACKS USING INFORMATION THEORY BASED ME...
DETECTION OF APPLICATION LAYER DDOS ATTACKS USING INFORMATION THEORY BASED ME...cscpconf
 
APPLICATION-LAYER DDOS DETECTION BASED ON A ONE-CLASS SUPPORT VECTOR MACHINE
APPLICATION-LAYER DDOS DETECTION BASED ON A ONE-CLASS SUPPORT VECTOR MACHINEAPPLICATION-LAYER DDOS DETECTION BASED ON A ONE-CLASS SUPPORT VECTOR MACHINE
APPLICATION-LAYER DDOS DETECTION BASED ON A ONE-CLASS SUPPORT VECTOR MACHINEIJNSA Journal
 
Efficient ddos attacks security scheme using asvs
Efficient ddos attacks security scheme using asvsEfficient ddos attacks security scheme using asvs
Efficient ddos attacks security scheme using asvseSAT Journals
 
Efficient ddos attacks security scheme using asvs
Efficient ddos attacks security scheme using asvsEfficient ddos attacks security scheme using asvs
Efficient ddos attacks security scheme using asvseSAT Publishing House
 
Preemptive modelling towards classifying vulnerability of DDoS attack in SDN ...
Preemptive modelling towards classifying vulnerability of DDoS attack in SDN ...Preemptive modelling towards classifying vulnerability of DDoS attack in SDN ...
Preemptive modelling towards classifying vulnerability of DDoS attack in SDN ...IJECEIAES
 
IRJET- SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...
IRJET-  	  SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...IRJET-  	  SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...
IRJET- SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...IRJET Journal
 
network attacks
network attacks network attacks
network attacks MuskanSony
 
Study of flooding based ddos attacks and their effect using deter testbed
Study of flooding based ddos attacks and their effect using deter testbedStudy of flooding based ddos attacks and their effect using deter testbed
Study of flooding based ddos attacks and their effect using deter testbedeSAT Journals
 
Study of flooding based d do s attacks and their effect using deter testbed
Study of flooding based d do s attacks and their effect using deter testbedStudy of flooding based d do s attacks and their effect using deter testbed
Study of flooding based d do s attacks and their effect using deter testbedeSAT Publishing House
 
A SYSTEM FOR VALIDATING AND COMPARING HOST-BASED DDOS DETECTION MECHANISMS
A SYSTEM FOR VALIDATING AND COMPARING HOST-BASED DDOS DETECTION MECHANISMSA SYSTEM FOR VALIDATING AND COMPARING HOST-BASED DDOS DETECTION MECHANISMS
A SYSTEM FOR VALIDATING AND COMPARING HOST-BASED DDOS DETECTION MECHANISMSIJNSA Journal
 
A SYSTEM FOR VALIDATING AND COMPARING HOST-BASED DDOS DETECTION MECHANISMS
A SYSTEM FOR VALIDATING AND COMPARING HOST-BASED DDOS DETECTION MECHANISMSA SYSTEM FOR VALIDATING AND COMPARING HOST-BASED DDOS DETECTION MECHANISMS
A SYSTEM FOR VALIDATING AND COMPARING HOST-BASED DDOS DETECTION MECHANISMSIJNSA Journal
 

Semelhante a Time-based DDoS Detection and Mitigation for SDN Controller (20)

cybersecuritydosattackUsingNS2[111].pptx
cybersecuritydosattackUsingNS2[111].pptxcybersecuritydosattackUsingNS2[111].pptx
cybersecuritydosattackUsingNS2[111].pptx
 
DDOS ATTACKS DETECTION USING DYNAMIC ENTROPY INSOFTWARE-DEFINED NETWORK PRACT...
DDOS ATTACKS DETECTION USING DYNAMIC ENTROPY INSOFTWARE-DEFINED NETWORK PRACT...DDOS ATTACKS DETECTION USING DYNAMIC ENTROPY INSOFTWARE-DEFINED NETWORK PRACT...
DDOS ATTACKS DETECTION USING DYNAMIC ENTROPY INSOFTWARE-DEFINED NETWORK PRACT...
 
DDoS Attacks Detection using Dynamic Entropy in Software-Defined Network Prac...
DDoS Attacks Detection using Dynamic Entropy in Software-Defined Network Prac...DDoS Attacks Detection using Dynamic Entropy in Software-Defined Network Prac...
DDoS Attacks Detection using Dynamic Entropy in Software-Defined Network Prac...
 
An intelligent system to detect slow denial of service attacks in software-de...
An intelligent system to detect slow denial of service attacks in software-de...An intelligent system to detect slow denial of service attacks in software-de...
An intelligent system to detect slow denial of service attacks in software-de...
 
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUEA MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE
 
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUEA MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE
 
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUEA MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE
A MECHANISM FOR EARLY DETECTING DDOS ATTACKS BASED ON M/G/R PS QUEUE
 
IRJET- HHH- A Hyped-up Handling of Hadoop based SAMR-MST for DDOS Attacks...
IRJET-  	  HHH- A Hyped-up Handling of Hadoop based SAMR-MST for DDOS Attacks...IRJET-  	  HHH- A Hyped-up Handling of Hadoop based SAMR-MST for DDOS Attacks...
IRJET- HHH- A Hyped-up Handling of Hadoop based SAMR-MST for DDOS Attacks...
 
IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...
IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...
IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...
 
DETECTION OF APPLICATION LAYER DDOS ATTACKS USING INFORMATION THEORY BASED ME...
DETECTION OF APPLICATION LAYER DDOS ATTACKS USING INFORMATION THEORY BASED ME...DETECTION OF APPLICATION LAYER DDOS ATTACKS USING INFORMATION THEORY BASED ME...
DETECTION OF APPLICATION LAYER DDOS ATTACKS USING INFORMATION THEORY BASED ME...
 
APPLICATION-LAYER DDOS DETECTION BASED ON A ONE-CLASS SUPPORT VECTOR MACHINE
APPLICATION-LAYER DDOS DETECTION BASED ON A ONE-CLASS SUPPORT VECTOR MACHINEAPPLICATION-LAYER DDOS DETECTION BASED ON A ONE-CLASS SUPPORT VECTOR MACHINE
APPLICATION-LAYER DDOS DETECTION BASED ON A ONE-CLASS SUPPORT VECTOR MACHINE
 
Efficient ddos attacks security scheme using asvs
Efficient ddos attacks security scheme using asvsEfficient ddos attacks security scheme using asvs
Efficient ddos attacks security scheme using asvs
 
Efficient ddos attacks security scheme using asvs
Efficient ddos attacks security scheme using asvsEfficient ddos attacks security scheme using asvs
Efficient ddos attacks security scheme using asvs
 
Preemptive modelling towards classifying vulnerability of DDoS attack in SDN ...
Preemptive modelling towards classifying vulnerability of DDoS attack in SDN ...Preemptive modelling towards classifying vulnerability of DDoS attack in SDN ...
Preemptive modelling towards classifying vulnerability of DDoS attack in SDN ...
 
IRJET- SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...
IRJET-  	  SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...IRJET-  	  SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...
IRJET- SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...
 
network attacks
network attacks network attacks
network attacks
 
Study of flooding based ddos attacks and their effect using deter testbed
Study of flooding based ddos attacks and their effect using deter testbedStudy of flooding based ddos attacks and their effect using deter testbed
Study of flooding based ddos attacks and their effect using deter testbed
 
Study of flooding based d do s attacks and their effect using deter testbed
Study of flooding based d do s attacks and their effect using deter testbedStudy of flooding based d do s attacks and their effect using deter testbed
Study of flooding based d do s attacks and their effect using deter testbed
 
A SYSTEM FOR VALIDATING AND COMPARING HOST-BASED DDOS DETECTION MECHANISMS
A SYSTEM FOR VALIDATING AND COMPARING HOST-BASED DDOS DETECTION MECHANISMSA SYSTEM FOR VALIDATING AND COMPARING HOST-BASED DDOS DETECTION MECHANISMS
A SYSTEM FOR VALIDATING AND COMPARING HOST-BASED DDOS DETECTION MECHANISMS
 
A SYSTEM FOR VALIDATING AND COMPARING HOST-BASED DDOS DETECTION MECHANISMS
A SYSTEM FOR VALIDATING AND COMPARING HOST-BASED DDOS DETECTION MECHANISMSA SYSTEM FOR VALIDATING AND COMPARING HOST-BASED DDOS DETECTION MECHANISMS
A SYSTEM FOR VALIDATING AND COMPARING HOST-BASED DDOS DETECTION MECHANISMS
 

Mais de Lippo Group Digital

Behavior-Based Authentication System Based on Smartphone Life-Logs Data
Behavior-Based Authentication System Based on Smartphone Life-Logs DataBehavior-Based Authentication System Based on Smartphone Life-Logs Data
Behavior-Based Authentication System Based on Smartphone Life-Logs DataLippo Group Digital
 
A web based iptv content syndication system for personalized content guide
A web based iptv content syndication system for personalized content guideA web based iptv content syndication system for personalized content guide
A web based iptv content syndication system for personalized content guideLippo Group Digital
 
Caching in Information Centric Network (ICN)
Caching in Information Centric Network (ICN)Caching in Information Centric Network (ICN)
Caching in Information Centric Network (ICN)Lippo Group Digital
 
Profiler for Smartphone Users Interests Using Modified Hierarchical Agglomera...
Profiler for Smartphone Users Interests Using Modified Hierarchical Agglomera...Profiler for Smartphone Users Interests Using Modified Hierarchical Agglomera...
Profiler for Smartphone Users Interests Using Modified Hierarchical Agglomera...Lippo Group Digital
 
Analisis performa kecepatan mapreduce pada hadoop menggunakan tcp packet flow...
Analisis performa kecepatan mapreduce pada hadoop menggunakan tcp packet flow...Analisis performa kecepatan mapreduce pada hadoop menggunakan tcp packet flow...
Analisis performa kecepatan mapreduce pada hadoop menggunakan tcp packet flow...Lippo Group Digital
 
Analisa pengaruh block size pada hdfs terhadap kecepatan
Analisa pengaruh block size pada hdfs terhadap kecepatanAnalisa pengaruh block size pada hdfs terhadap kecepatan
Analisa pengaruh block size pada hdfs terhadap kecepatanLippo Group Digital
 

Mais de Lippo Group Digital (13)

Behavior-Based Authentication System Based on Smartphone Life-Logs Data
Behavior-Based Authentication System Based on Smartphone Life-Logs DataBehavior-Based Authentication System Based on Smartphone Life-Logs Data
Behavior-Based Authentication System Based on Smartphone Life-Logs Data
 
Domain specific IoT
Domain specific IoTDomain specific IoT
Domain specific IoT
 
Feature Selection
Feature Selection Feature Selection
Feature Selection
 
Fall detection
Fall detectionFall detection
Fall detection
 
The Cognitive Net is Coming
The Cognitive Net is ComingThe Cognitive Net is Coming
The Cognitive Net is Coming
 
The future internet web 3.0
The future internet  web 3.0The future internet  web 3.0
The future internet web 3.0
 
A web based iptv content syndication system for personalized content guide
A web based iptv content syndication system for personalized content guideA web based iptv content syndication system for personalized content guide
A web based iptv content syndication system for personalized content guide
 
Distance function
Distance functionDistance function
Distance function
 
Caching in Information Centric Network (ICN)
Caching in Information Centric Network (ICN)Caching in Information Centric Network (ICN)
Caching in Information Centric Network (ICN)
 
Decision tree and random forest
Decision tree and random forestDecision tree and random forest
Decision tree and random forest
 
Profiler for Smartphone Users Interests Using Modified Hierarchical Agglomera...
Profiler for Smartphone Users Interests Using Modified Hierarchical Agglomera...Profiler for Smartphone Users Interests Using Modified Hierarchical Agglomera...
Profiler for Smartphone Users Interests Using Modified Hierarchical Agglomera...
 
Analisis performa kecepatan mapreduce pada hadoop menggunakan tcp packet flow...
Analisis performa kecepatan mapreduce pada hadoop menggunakan tcp packet flow...Analisis performa kecepatan mapreduce pada hadoop menggunakan tcp packet flow...
Analisis performa kecepatan mapreduce pada hadoop menggunakan tcp packet flow...
 
Analisa pengaruh block size pada hdfs terhadap kecepatan
Analisa pengaruh block size pada hdfs terhadap kecepatanAnalisa pengaruh block size pada hdfs terhadap kecepatan
Analisa pengaruh block size pada hdfs terhadap kecepatan
 

Último

UNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular ConduitsUNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular Conduitsrknatarajan
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdfKamal Acharya
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations120cr0395
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...ranjana rawat
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxupamatechverse
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)simmis5
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Dr.Costas Sachpazis
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...ranjana rawat
 
Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdfKamal Acharya
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...ranjana rawat
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxupamatechverse
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSSIVASHANKAR N
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escortsranjana rawat
 

Último (20)

UNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular ConduitsUNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular Conduits
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdf
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations
 
Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024
 
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptx
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
 
Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdf
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptx
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 

Time-based DDoS Detection and Mitigation for SDN Controller

  • 1. Time-based DDoS Detection and Mitigation for SDN Controller I Gde Dharma N., M. Fiqri Muthohar, Alvin Prayuda J. D., Priagung K., Deokjai Choi School of Electronics and Computer Engineering Chonnam National University Gwangju, South Korea gdebig@gmail.com, fiqri.muthohar@gmail.com, alvinprayuda@gmail.com, priagung.123@gmail.com, dchoi@jnu.ac.kr Introduction DDoS Attack Scenario • Software Defined Network (SDN) is a new paradigm network management that decouples control plane and data plan. • The control plane is usually called as the controller. Controller in SDN dictates the overall network behavior. Data plane is the network devices that act as simple packet forwarder. • From the security point of view, SDN introduces a new single point of failure. Since the controller is the main brain in the network, the performance of the network depends on it. If the controller is down or unreachable, the overall networks will collapse. • One of the attack methods that can be used to attack SDN controller is DDoS attack. DDoS attack also has many methods to overwhelm the resource of Controller. • DDoS attack sends a large number of packets in a certain time. The malicious packets that used for DDoS attack have the same destination and port addresses. • This packet also has a typical size that different with the legitimate packet. This characteristic has been studied in many papers to propose the detection and mitigation methods for DDoS attack. • However, the time duration of DDoS attack is rarely used. Research Objective • First, learns the potential vulnerabilities of SDN Controller operation that can be exploited for DDoS attack. • Explore the time characteristic of DDoS attack for SDN Controller. • Develop the method for DDoS attack detection and mitigation for SDN Controller. SDN Operation and DDoS Attack • SDN Controller basic operation is shown in the figure 1. • OpenFlow Protocol is widely used in current SDN. OpenFlow is responsible for the communication between OpenFlow Controller and OpenFlow Switch through the secure channel. • DDoS Attack exploit the size limitation of flow tables in SDN Controller. • This attack needs time to achieve high rate malicious packet. DDoS attacker also sometimes uses a periodic attack that held in certain time. This time characteristic of DDoS attack can be used to in detection method to increase the detection time before the DDoS attack achieve its goal. • Figure 2 shows the scenario of DDoS Attack that used in this research. Proposed DDoS Detect Method • The objective of the method is to detect and mitigate DDoS attack on SDN Controller. • This method not only considers the destination address for detection but also the time needed to achieve high rate traffic and time attack pattern of DDoS attack. • Time duration is used to detect the DDoS attack and time attack pattern is used to prevent DDoS attack in the future. • Assume 𝑃𝑛𝑣 is the number of non-valid packet that coming to flow control, t is time window, R is the volume of non-valid packet per time window, our method can be formulized as follow: 𝑅 = lim ∆𝑡→0 ∆𝑃𝑛𝑣 ∆𝑡 • The architecture of the proposed solution can be seen in figure 3. Evaluation Design • To evaluate our proposed method, we will investigate system resource usage (CPU, the number of flow entries) in SDN Controller and OpenFlow Switch. • To measure the detection performance, we use Detection Rate measurement (DR) and False Alarm rate (FA) Conclusion and Future Work This paper reports our ongoing effort on developing detection and mitigation method of DDoS attack on SDN controller. We have described the basic operation of SDN controller. We also have analyzed the potential vulnerabilities in SDN controller that can be exploited for DDoS attack. This method not only consider the malicious packet to detect DDoS attack, also consider time characteristic of DDoS attack. We also investigate the pattern of time DDoS attack for preventing DDoS attack in the future. In this paper, we have described our experiment scenario and also how to evaluate the performance of our method. For future work, we will investigate the better threshold for DDoS attack detection. We also will study deeper to cluster time pattern of DDoS attack. The goal is to find the best algorithm for clusters the DDoS attack time. Then, we will evaluate our proposed method in a simulation environment to find out the performance of our method based on our experimental plan.