Dynamic threshold-based DDoS flood attack detection in software defined networking
摘要
SDN is now widely used in many applications, and its centralized control and programmability make the network more exposed to DDoS flood attacks. These attacks are hard to detect and countermeasures in real-time because the legitimate traffic looks like the malicious traffic because SDNs are dynamic and it is hard to define a constant pattern of baseline traffic to be used in identifying anomalies. The work proposes a dynamic threshold-based DDoS flood attack detection (DTD-FAD) method, which is directly focused at the real-time prevention and detection of DDoS flood attacks in SDNs. DTD-FAD is a trade off between false alarms and accuracy of detection by learning dynamic detection thresholds based on real-time traffic patterns. The algorithm is fine in identifying anomalies of different forms of DDoS attacks like the TCP SYN floods, UDP floods and ICMP floods, which are identified by statistical traffic analysis and anomaly detection tools. According to the results provided by the simulations, DTD-FAD is more effective and efficient than the methods used currently in terms of detection accuracy, false positive, and mitigation latency, throughput and proportion of packet loss, and this proves that it is effective and reliable in the prevention of SDN flood attack. Dynamical adaptation to traffic variations and the appropriate distinction between legitimate and malicious flows makes DTD-FAD one of the powerful solutions to the stability of network performance and security in the modern SDN context.