CATH: an effective method for detecting denial-of-service attacks in software defined networks

作     者：Yi GUO Fu MIAO Liancheng ZHANG Yu WANG 

作者机构：State Key Laboratory of Mathematical Engineering and Advanced Computing Institute for Network Science and Cyberspace Tsinghua University School of Computer Science Henan University of Engineering 

出 版 物：《Science China(Information Sciences)》 (中国科学:信息科学(英文版))

年 卷 期：2019年第62卷第3期

页      面：75-89页

核心收录：

学科分类：0839[工学-网络空间安全] 08[工学] 

基　　金：supported by National Natural Science Foundation of China (Grant Nos. 61402525, 61402526, 61502528) Key Scientific Research Projects of Henan Province Education Department (Grant No. 18A520004) Henan Province Science and Technology Projects (Grant No. 182102310925) 

主　　题：DoS attacks software defined network flow features cusp model equilibrium surface 

摘      要：Software defined networks(SDNs) are innovative network frameworks that have recently received wide attention. Their programming flexibility facilitates automatic network management and control, thus mitigating existing issues in the traditional network architecture. However, SDNs face several security risks,in particular denial-of-service(DoS) attacks, the most common and serious network attacks. To address such a threat, an SDN-DoS attack detection method is proposed based on fusing multiple flow features for describing the network catastrophe between the normal and the attack state. Several statistic attributes of SDN flow information are first chosen as detection features; subsequently, the cusp model is used to establish a catastrophe equilibrium surface for SDN states. After being trained, the cusp catastrophe model can be utilized to infer whether an SDN is under DoS attack. The experimental results demonstrate that the method can effectively and timely perceive SDN-DoS attacks, not only in simple networks but also in larger enterprise networks.