GASF-IPP: Detection and Mitigation of LDoS Attack in SDN

Abstract

Software defined networking (SDN), a highly regarded architecture, enhances the programmability and manageability of the network by decoupling the data plane and the control plane. It has emerged to bring more possibilities to the Internet, but at the same time, its inherent shortcomings have become a pool for malicious attackers. Low-rate denial of service (LDoS) attacks, a variant of denial of service attacks, also pose a threat to the SDN architecture. In this paper, we replicate LDoS attacks for the SDN data plane and propose a detection and mitigation framework called GASF-IPP based on multiple traffic and IP-port data by analyzing the network anomalies. By leveraging the OpenFlow protocol, the traffic of switches is monitored. We use Gramian angular summation field (GASF) transformation based on timing analysis to analyze the traffic and combine it with other features to determine whether an attack has occurred. By locating the attacker and the victim, flow rules can be constructed for mitigation. Experiments prove that our proposed framework is correct and effective, the detection and mitigation module can perform real-time work with a low false positive rate (FPR) and respond in average 6.77 s.