Abstract

Software-Defined Networking (SDN) is a new paradigm that facilitates network management by enabling programmability and disassociating the control plane from the data plane. SDN places the control plane into one or more controllers that take charge of the entire network. However, the logically centralized controller of SDN makes it subject to some security issues. Denial-of-Service (DoS) attacks are the main threat to SDN that can lead to impaired performance of the entire network. Low-rate Denial-of-Service (LDoS) attack is a variant of DoS attacks with a lower average attack rate and high concealability which is difficult to identify with traditional DDoS/DoS attack detection mechanisms. Additionally, existing LDoS attack detection and defense mechanisms often have weak real-time performance. To address this issue, we propose in this paper PeakSAX, a novel framework that can protect SDN against LDoS attacks in real-time by (1) Attack monitoring, (2) Traffic symbolization, (3) Malicious traffic identifying, (4) Attacker location, and (5) Mitigation strategy deployment. Simulation results show that PeakSAX can quickly identify and mitigate the impact of LDoS attacks about 4s, which improves over 70% compared to existing solutions.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.