| Distributed Denial of Service(DDoS)attacks are one of the biggest concerns for security professionals.Traditional middle-box based DDoS attack defense is lack of network-wide monitoring flexibility.With the development of software defined networking(SDN),it becomes prevalent to exploit centralized controllers to defend against DDoS attacks.However,current SDN controller based solutions suffer with serious southbound communication overhead and detection delay.In this paper,we propose a cross-plane DDoS attack defense framework in SDN,called OverWatch,which exploits collaborative intelligence between data plane and control plane with high defense efficiency.Attack detection and attack reaction are two key procedure of the proposed defense framework.We develop a collaborative DDoS attack detection mechanism,which consists of a coarse-grained flow monitoring algorithm on the data plane and a fine-grained machine learning based attack classification algorithm on the control plane.We propose a novel defense strategy offloading mechanism to dynamically deploy defense applications across the controller and switches,by which rapid attack reaction and accurate botnet location can be achieved.We conduct extensive experiments on a real-world network with a FPGA-based OpenFlow switch prototype,a Ryu controller and laptops generating DDoS attack traffics.Experimental results validate the efficiency of our proposed OverWatch framework with high detection accuracy and real-time DDoS attack reaction,as well as reduced communication overhead on SDN southbound interface. |
PDF Full Text Request