A traffic anomaly detection scheme for non-directional denial of service attacks in software-defined optical network

Abstract

As a promising centralized control architecture, software-defined network (SDN) has been widely used and developed in the field of optical access network. Though, its centralized control architecture has many advantages, it is also hindered by various security threats. Among all the threats, the attack, Denial-of-Service (DoS) is the most severe attack into the software defined optical network (SDON). In spite of, so many developments in tools and technology, there are few effective schemes to detect denial of service attacks in SDON. In our research work, we proposed a traffic anomaly detection scheme by analyzing and defining the specific security threat non-directional denial of service attack (ND-DoS) faced by the SDON. In this scheme, we first designed the function construction of the controller and the extension of the OpenFlow protocol, and then used the adaptive threshold detection algorithm based on time sliding window (TSW-ATD) and the repeated flow detection algorithm (RFD) to complete the first detection and re-detection detection of abnormal traffic, and finally designed a general formulaic measurement method. The proposed scheme is verified by simulation experiments. The experimental results show that compared with the existing related solutions, the forwarding success rate of this scheme is increased by about 29.4%, the data processing rate in the unit window is increased by about 39.3%, and the CPU occupancy rate is reduced by about 17.5%. Therefore, this scheme can effectively deal with DoS attacks in SDON with a higher detection rate and lower resource overhead.