The software-defined network (SDN) enabled internet of things (IoT) architecture is deployed in many industrial systems. The ability of SDN to intelligently route traffic and use underutilised network resources, enables IoT networks to cope with data onslaught smoothly. SDN also eliminates bottlenecks and helps to process IoT data efficiently without placing a larger strain on the network. The SDN-based IoT network is vulnerable to DDoS attack in a sophisticated usage environment. The SDN-based IoT network behaviours are different from traditional networks, which makes the detection of low-traffic DDoS attacks more difficult. In this paper, we propose a learning-based detection approach that deploys learning algorithms and utilizes stateful and stateless features from Openflow packages to identify attack traffics in SDN control and data planes. Our prototype approach and experiment results show that our system identified the low-rate DDoS attack traffic accurately with relatively low system performance overheads.
Read full abstract