Detecting DDoS Attacks in Software De?ned Networks: An Experimental Study of Stream Sampling Methods

Author/Creator

Author/Creator ORCID

Date

2017-01-01

Type of Work

Department

Computer Science and Electrical Engineering

Program

Computer Science

Citation of Original Publication

Rights

This item may be protected under Title 17 of the U.S. Copyright Law. It is made available by UMBC for non-commercial research and education. For permission to publish or reproduce, please see http://aok.lib.umbc.edu/specoll/repro.php or contact Special Collections at speccoll(at)umbc.edu
Distribution Rights granted to UMBC by the author.

Abstract

I propose and experimentally evaluate a new sampling method for a streaming algorithm to improve Distributed Denial of Service (DDoS) detection in Software Defined Networks (SDNs). My method leverages the SDN architecture of OpenFlow and its novel capabilities to improve detection by analyzing traffic by flow. This approach can lower the cost of gathering data for analysis and improve the detection rate. Using the Mininet emulation environment, I compare the new sampling methods using my adaption of the hierarchical heavy hitter algorithm in a SDN environment and analyze the differences to a possible implementation on a legacy network. My work shows that clear differences can be detected by using per flow sampling to detect hierarchical heavy hitters from traffic that contains heavy flows.