DDoS detection and defense mechanism for SDN controllers with K-Means

Abstract

Software-defined networks (SDNs) are key parts of the next generation networks owing to their high programmability and agility that traditional networks lack. However, the SDN controller is vulnerable to Distributed Denial-of-Service (DDoS) attacks. Once the SDN controller was unavailable due to the DDoS attack, all real-time services will be down immediately. Since the advantage of SDN is to process massive network data much faster, we need a real-time detecting algorithm to reduce the impact caused by the attack. To ensure the security of both the users and the SDN, we proposed a detection and defense mechanism against DDoS attacks in Software-defined networking (SDN) environments. The implementation of detection was based on the unbalance in the traffic distribution. The traffic unbalance can be detected by a clustering algorithm such as the K-Means algorithm. Furthermore, we used a Packet_IN message register to filter malicious packets and experimentally evaluated the performance of our scheme in terms of detection accuracy, defense effect, communication delay, and packet loss rate. The results show that our detection method is adaptable to defend against attacks of different scales and types and ensures the least possible decline in the quality of services.