Abstract:
Flooding attack is a network attack that sends a large amount of traffic to the
victim networks or services with the aim of causing denial-of-service. In SoftwareDefined Networking (SDN) environment, this attack might not only breach the hosts
and services but also the SDN controller. Besides, it will also cause disconnection of
links between the controller and the switches. Thus, an effective detection and
mitigation technique of flooding attack is required. Statistical analysis techniques are
widely used for detection and mitigation of flooding attack. However, the
effectiveness of these techniques strongly depends on the defined threshold. Defining
the static threshold is a tedious job and most of the time produces a high false positive
alarm. In this system, we proposed the dynamic threshold which is calculated using
Modified Adaptive Threshold Algorithm (MATA). The original Adaptive Threshold
Algorithm (ATA) is based on the Exponential Weighted Moving Average (EWMA)
formula which produces high number of false alarms. To reduce the false alarms, the
alarm signal will only be generated after a minimum number of consecutive violations
of the threshold. This however has increased the false negative rate when the network
is under attack. In order to reduce this false negative rate, MATA adapted the baseline
traffic information of the network infrastructure. The comparative analysis of MATA
and ATA is performed through the measurement of false negative rate, and accuracy
of detection rate. The experimental results show that MATA is able to reduce false
negative rate up to 17.74% and increase the detection accuracy of 16.11% over the
various types of flooding attacks at the transport layer.
