A DDoS attack detection and defense scheme using time-series analysis for SDN

Software defined networking (SDN) has emerged as the integral part of cloud services since it provides flexible management capabilities to monitor and to analyze the network traffic with the help of programmable entities. Although, such functionalities play a significant role in terms of protecting the availability of cloud services against the security threats, SDN still has some vulnerabilities such as the distributed denial of service (DDoS) attacks. The DDoS attackers use spurious packets similar to normal ones and endanger the service continuity of SDN. Although conventional packet-based intrusion detection systems have broad databases to detect DDoS attacks, they are impotent of detection when the attack traffic is sheltered by the normal network traffic. The idea is therefore, to come up with a new countermeasure by observing and distinguishing the instant changes in network. In this work, we propose a DDoS attack detection and defense scheme using time-series analysis for SDN. The proposed scheme employs a model based on the upcoming traffic feature forecasting and the chaos theory together with the exponential filter and the dynamic threshold method to detect instant changes in the network. The experimental result shows that our algorithm has high detection rate and low false alarm.