ADVICE: Towards adaptive scheduling for data collection and DDoS detection in SDN

Abstract

Distributed Denial of Service (DDoS) is one of the most rampant attacks which threaten network security. To overcome DDoS in Software-Defined Networking (SDN), many DDoS detection methods have been presented, among which periodic detection approaches with a specific interval are widely utilized. However, periodic data collection and DDoS detection may result in high network load occupancy between SDN controller and switches, high overhead of SDN controller, and long response time to DDoS attacks. Hence, in order to address those issues above, an ADaptiVe schedulIng for data Collection and DDoS dEtection (ADVICE) mechanism is proposed in this work, to flexibly adjust the data collection and detection interval and decrease the workload of the SDN controller. Instead of detects all flow entries at one period, ADVICE collects the flow statistic information with dynamic intervals and finely-grained initiate DDoS detection for each flow entry. Based on the survival time and credence degree of each flow entry, ADVICE can reduce the network load occupancy and assure the rapid detection of DDoS. Experimental results indicate that ADVICE can effectively minimize the controller's workload and optimize the usage of the limited switch-controller connection bandwidth, shorten the response time of DDoS attacks compared with state-of-the-art methods, and thus protect the network from various DDoS attacks.