Detecting DDoS Attacks in Software De?ned Networks: An Experimental Study of Stream Sampling Methods
Author/Creator
Unknown authorDate
2017-01-01Type of Work
Textthesis
Department
Computer Science and Electrical EngineeringProgram
Computer ScienceRights
This item may be protected under Title 17 of the U.S. Copyright Law. It is made available by UMBC for non-commercial research and education. For permission to publish or reproduce, please see http://aok.lib.umbc.edu/specoll/repro.php or contact Special Collections at speccoll(at)umbc.eduDistribution Rights granted to UMBC by the author.
Abstract
I propose and experimentally evaluate a new sampling method for a streaming algorithm to improve Distributed Denial of Service (DDoS) detection in Software De?ned Networks (SDNs). My method leverages the SDN architecture of OpenFlow and its novel capabilities to improve detection by analyzing traf?c by ?ow. This approach can lower the cost of gathering data for analysis and improve the detection rate. Using the Mininet emulation environment, I compare the new sampling methods using my adaption of the hierarchical heavy hitter algorithm in a SDN environment and analyze the differences to a possible implementation on a legacy network. My work shows that clear differences can be detected by using per ?ow sampling to detect hierarchical heavy hitters from traf?c that contains heavy ?ows.