Abstract
In the traditional distributed control network, due to the difficulty in detection and the ambiguous defense responsibility, it is not efficient and effective to detect Distributed Denial of Service (DDoS) attacks in the network where they are launched, which is so-called source-based defense mechanism. Moreover, with the development of cloud computing, Internet of Things (IoT), and mobile Internet, the number of terminals and the communication bandwidth in a single autonomous domain have increased significantly, providing much more easy conditions for organizing large-scale botnets to launch a threatening DDoS attack. Therefore, there is an urgent need for source-based defense against DDoS attacks. The emerging Software-Defined Networking (SDN) provides some new ideas and advantages to solve this problem, such as centralized control and network programmability. In this paper, we proposed a defense method based on sFlow and improved Self-Organizing Map (SOM) model in SDN. This method consists of an sFlow-based macro-detection, which could cover the entire network to perceive DDoS attacks, a SOM-based micro-detection, which is used to recognize the attack traffic, and a response strategy based on the global view given by the controller. The experimental results under open data and simulated attack scenarios have proved the effectiveness of the proposed method, and it also has better overall detection performance than k-means and k-medoids.
Highlights
Most of today’s DDoS attacks achieve the malicious purpose through exhausting the limited resources to disrupt the connection or service of normal users
According to the classification of defense mechanisms based on their deployment locations, it is called source-based defense mechanism and is deployed at the source to prevent the network from generating DDoS attacks
The traffic data used in the experiment includes two parts: the traffic captured from the campus network and the ISCX-IDS2012 traffic data [43], which are labeled as D1 and D2
Summary
Most of today’s DDoS attacks achieve the malicious purpose through exhausting the limited resources to disrupt the connection or service of normal users. An ideal defense is to detect and filter the attack traffic at the network as close to the source as possible. According to the classification of defense mechanisms based on their deployment locations, it is called source-based defense mechanism and is deployed at the source to prevent the network from generating DDoS attacks. The other two mechanisms are called network-based and destination-based respectively [2] It is not an efficient and effective way to deploy source-based defense in the traditional distributed control network. The edge-based deployment only aims to detect the attack that passes through the protection perimeter. It usually only defends against external attacks, but can not perceive the inner attack that targets intra-domain systems, which is ignored and passed to downstream autonomous domains.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
