Detecting DDoS Attacks in Software De?ned Networks: An Experimental Study of Stream Sampling Methods
Loading...
Links to Files
Permanent Link
Collections
Author/Creator
Author/Creator ORCID
Date
2017-01-01
Department
Computer Science and Electrical Engineering
Program
Computer Science
Citation of Original Publication
Rights
This item may be protected under Title 17 of the U.S. Copyright Law. It is made available by UMBC for non-commercial research and education. For permission to publish or reproduce, please see http://aok.lib.umbc.edu/specoll/repro.php or contact Special Collections at speccoll(at)umbc.edu
Distribution Rights granted to UMBC by the author.
Distribution Rights granted to UMBC by the author.
Abstract
I propose and experimentally evaluate a new sampling method for a streaming algorithm to improve Distributed Denial of Service (DDoS) detection in Software Defined Networks (SDNs). My method leverages the SDN architecture of OpenFlow and its novel capabilities to improve detection by analyzing traffic by flow. This approach can lower the cost of gathering data for analysis and improve the detection rate. Using the Mininet emulation environment, I compare the new sampling methods using my adaption of the hierarchical heavy hitter algorithm in a SDN environment and analyze the differences to a possible implementation on a legacy network. My work shows that clear differences can be detected by using per flow sampling to detect hierarchical heavy hitters from traffic that contains heavy flows.