Using IP variability to efficiently detect elephant flows and defend DDoS attacks in SDN-based networks

• Main Authors: Yi-Chuan Wang, 王顗權
• Other Authors: You-Chiun Wang
• Format: Others
• Language: zh-TW
• Published: 2018
• Online Access: http://ndltd.ncl.edu.tw/handle/eau452

碩士 === 國立中山大學 === 資訊工程學系研究所 === 106 === Distributed denial-of-service attack (DDoS attack) is a common threat in the Internet. It uses multiple zombie computers to send a large number of requests to the same victim host to prevent the victim from providing normal services. Traditional methods usually block the DDoS attack through a firewall, but the performance is not good. On the other hand, a software-defined network (SDN) is also threatened by DDoS attacks, because the controller will be paralyzed by numerous spam packets. In the past SDN solutions, a lot of feature information is recorded to identify DDoS attacks. However, they may burden the controller with a heavy load and waste its computational resource. Besides, these methods could also cause false alarms on normal services, for example, elephant flows, as such flows also produce a large amount of data in a short period. Since DDoS attacks usually multiple random IP source addresses, this thesis proposes a DDoS defense mechanism based on IP variability. When an potential attack occurs, our mechanism will record necessary packet information on an efficient manner. Then, the controller will check if the IP variability of stored packet exceeds a threshold. If so, the controller will adaptively install flow rules in switches to discard DDoS packets. After the attack, these flow rules will be discarded accordingly, in this way, we can prevent DDoS packets from attacking the network. Through simulations, we show that our proposed mechanism can efficiently detect and defend DDoS attacks (including TCP SYN flood, UPP flood, and ICMP flood), and also identity elephant flows.