Abstract
Software-defined networks (SDNs) are key parts of the next generation networks owing to their high programmability and agility that traditional networks lack. However, the SDN controller is vulnerable to Distributed Denial-of-Service (DDoS) attacks. Once the SDN controller was unavailable due to the DDoS attack, all real-time services will be down immediately. Since the advantage of SDN is to process massive network data much faster, we need a real-time detecting algorithm to reduce the impact caused by the attack. To ensure the security of both the users and the SDN, we proposed a detection and defense mechanism against DDoS attacks in Software-defined networking (SDN) environments. The implementation of detection was based on the unbalance in the traffic distribution. The traffic unbalance can be detected by a clustering algorithm such as the K-Means algorithm. Furthermore, we used a Packet_IN message register to filter malicious packets and experimentally evaluated the performance of our scheme in terms of detection accuracy, defense effect, communication delay, and packet loss rate. The results show that our detection method is adaptable to defend against attacks of different scales and types and ensures the least possible decline in the quality of services.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.