A lightweight DDoS detection scheme under SDN context

Abstract Software-defined networking (SDN), a novel network paradigm, separates the control plane and data into different equipment to realize flexible of traffic. Its excellent programmability global view present many new opportunities. DDoS detection under SDN context is an important challenging research field. Some previous works attempted collect analyze statistics related flows, usually recorded in switches, address threats. In contrast, other applied machine learning-based solutions identify achieved promising results. Generally, most need periodically request flow rules or packets obtain features detect stealthy exceptions. Nevertheless, for very time-consuming CPU-consuming; moreover may congest communication channel between controller switches. Therefore, we FORT, lightweight scheme, which spreads rule-based algorithm at edge switches determines whether start it by retrieving ports state. A time-series algorithm, ARIMA, utilized determine port adaptively, SVM attack does occur. Representative experiments demonstrate that FORT can significantly reduce load provide reliable accuracy. Referring false alarm rate 1.24% comparison this scheme only 0.039%, reduces probability alarm. Besides, introducing mechanism, southbound more than 60% normal