PeakSAX: Real-Time Monitoring and Mitigation System for LDoS Attack in SDN

Abstract

Software-Defined Networking (SDN) is a new paradigm that facilitates network management by enabling programmability and disassociating the control plane from the data plane. SDN places the control plane into one or more controllers that take charge of the entire network. However, the logically centralized controller of SDN makes it subject to some security issues. Denial-of-Service (DoS) attacks are the main threat to SDN that can lead to impaired performance of the entire network. Low-rate Denial-of-Service (LDoS) attack is a variant of DoS attacks with a lower average attack rate and high concealability which is difficult to identify with traditional DDoS/DoS attack detection mechanisms. Additionally, existing LDoS attack detection and defense mechanisms often have weak real-time performance. To address this issue, we propose in this paper PeakSAX, a novel framework that can protect SDN against LDoS attacks in real-time by (1) Attack monitoring, (2) Traffic symbolization, (3) Malicious traffic identifying, (4) Attacker location, and (5) Mitigation strategy deployment. Simulation results show that PeakSAX can quickly identify and mitigate the impact of LDoS attacks about 4s, which improves over 70% compared to existing solutions.