Probabilistic Transition-Based Approach for Detecting Application-Layer DDoS Attacks in Encrypted Software-Defined Networks
Ivannikova, E., Zolotukhin, M., & Hämäläinen, T. (2017). Probabilistic Transition-Based Approach for Detecting Application-Layer DDoS Attacks in Encrypted Software-Defined Networks. In Z. Yan, R. Molva, W. Mazurczyk, & R. Kantola (Eds.), Network and System Security : 11th International Conference, NSS 2017 Helsinki, Finland, August 21–23, 2017, Proceedings (pp. 531-543). Lecture Notes in Computer Science, 10394. Springer. doi:10.1007/978-3-319-64701-2_40
Published inLecture Notes in Computer Science;10394
© Springer International Publishing AG 2017. This is a final draft version of an article whose final and definitive form has been published by Springer. Published in this repository with the kind permission of the publisher.
With the emergence of cloud computing, many attacks, including Distributed Denial-of-Service (DDoS) attacks, have changed their direction towards cloud environment. In particular, DDoS attacks have changed in scale, methods, and targets and become more complex by using advantages provided by cloud computing. Modern cloud computing environments can benefit from moving towards Software-Defined Networking (SDN) technology, which allows network engineers and administrators to respond quickly to the changing business requirements. In this paper, we propose an approach for detecting application-layer DDoS attacks in cloud environment with SDN. The algorithm is applied to statistics extracted from network flows and, therefore, is suitable for detecting attacks that utilize encrypted protocols. The proposed detection approach is comprised of the extraction of normal user behavior patterns and detection of anomalies that significantly deviate from these patterns. The algorithm is evaluated using DDoS detection system prototype. Simulation results show that intermediate application-layer DDoS attacks can be properly detected, while the number of false alarms remains low. ...