OverWatch: A Cross-Plane DDoS Attack Defense Framework with Collaborative Intelligence in SDN

الملخص EN

Distributed Denial of Service (DDoS) attacks are one of the biggest concerns for security professionals.

Traditional middle-box based DDoS attack defense is lack of network-wide monitoring flexibility.

With the development of software-defined networking (SDN), it becomes prevalent to exploit centralized controllers to defend against DDoS attacks.

However, current solutions suffer with serious southbound communication overhead and detection delay.

In this paper, we propose a cross-plane DDoS attack defense framework in SDN, called OverWatch, which exploits collaborative intelligence between data plane and control plane with high defense efficiency.

Attack detection and reaction are two key procedures of the proposed framework.

We develop a collaborative DDoS attack detection mechanism, which consists of a coarse-grained flow monitoring algorithm on the data plane and a fine-grained machine learning based attack classification algorithm on the control plane.

We propose a novel defense strategy offloading mechanism to dynamically deploy defense applications across the controller and switches, by which rapid attack reaction and accurate botnet location can be achieved.

We conduct extensive experiments on a real-world SDN network.

Experimental results validate the efficiency of our proposed OverWatch framework with high detection accuracy and real-time DDoS attack reaction, as well as reduced communication overhead on SDN southbound interface.