Detecting DDoS Attacks in Software De?ned Networks: An Experimental Study of Stream Sampling Methods

Thumbnail
Files
Permanent Link
http://hdl.handle.net/11603/15504
Collections
Metadata
Show full item record
Author/Creator
Unknown author
Date
2017-01-01
Type of Work
Text
thesis
Department
Computer Science and Electrical Engineering
Program
Computer Science
Rights
This item may be protected under Title 17 of the U.S. Copyright Law. It is made available by UMBC for non-commercial research and education. For permission to publish or reproduce, please see http://aok.lib.umbc.edu/specoll/repro.php or contact Special Collections at speccoll(at)umbc.edu
Distribution Rights granted to UMBC by the author.
Subjects
DDos
SDN
Abstract
I propose and experimentally evaluate a new sampling method for a streaming algorithm to improve Distributed Denial of Service (DDoS) detection in Software De?ned Networks (SDNs). My method leverages the SDN architecture of OpenFlow and its novel capabilities to improve detection by analyzing traf?c by ?ow. This approach can lower the cost of gathering data for analysis and improve the detection rate. Using the Mininet emulation environment, I compare the new sampling methods using my adaption of the hierarchical heavy hitter algorithm in a SDN environment and analyze the differences to a possible implementation on a legacy network. My work shows that clear differences can be detected by using per ?ow sampling to detect hierarchical heavy hitters from traf?c that contains heavy ?ows.