标题：A novel OpenFlow-based DDoS flooding attack detection and response mechanism in Software-Defined Networking
作者：Wang, Rui ;Zhang, Zhiyong ;Ju, Lei ;Jia, Zhiping
作者机构：[Wang, Rui ;Zhang, Zhiyong ;Ju, Lei ;Jia, Zhiping ] Shandong University, Jinan, China
来源：International Journal of Information Security and Privacy
关键词：Anomaly detection and response; DDoS flooding attack; DPM; Entropy; IP traceback; OpenFlow; SDN; Source filtering
摘要：Software-Defined Networking (SDN) and OpenFlow have brought a promising architecture for the future networks. However, there are still a lot of security challenges to SDN. To protect SDN from the Distributed denial-of-service (DDoS) flooding attack, this paper extends the flow entry counters and adds a mark action of OpenFlow, then proposes an entropy-based distributed attack detection model, a novel IP traceback and source filtering response mechanism in SDN with OpenFlow-based Deterministic Packet Marking. It achieves detecting the attack at the destination and filtering the malicious traffic at the source and can be easily implemented in SDN controller program, software or programmable switch, such as Open vSwitch and NetFPGA. The experimental results show that this scheme can detect the attack quickly, achieve a high detection accuracy with a low false positive rate, shield the victim from attack traffic and also avoid the attacker consuming resource and bandwidth on the intermediate links. © Copyright 2015, IGI Global.