TDDAD: Time-based detection and defense scheme against DDoS attack on SDN controller

Abstract

Software defined network (SDN) is the key part of the next generation networks. Its central controller enables the high programmability and flexibility. However, SDN can be easily disrupted by a new DDoS attack which triggers enormous Packet_IN messages. Since the existing solutions focus on checking current network states with content feature to detect the attack, they can possibly be misled. In this paper, we propose a detection and defense scheme against the DDoS attack based on the time feature. Specifically, the time feature is the hit rate gradient of the flow table. We first extract the temporal behavior of an attack. A back propagation neural network is trained to extract an attack pattern and used to recognize an attack. Then either a defense or recovery action will be taken. We test our scheme with the DARPA 1999 intrusion detection data set and compare our scheme with another method using sequential probability ratio test (SPRT). The experiment and evaluation show that our scheme enables the real-time detection, effective defense and quick recovery from DDoS attacks.