Research on LDoS Attack Detection and Defense Mechanism in Software Defined Networks

The LDoS (Low rate Denial of Service) attack that aims at exhausting the limited SDN switch buffer resource is hard to detect and degrade network performance seriously. To solve such a problem, this paper proposes an SDN LDoS detection and defense mechanism ADAR (Attack-flow Detection and Attack-port Recognition), which can detect the attack flows based on the collected statistical data, and identify and suppress these attack flows. The experimental results show that ADAR can effectively detect the SDN switch buffer overflow LDoS attacks, and mitigate their impact by using the attack port suppression method. Meanwhile, it can also effectively alleviate the problem of switch buffer overflow caused by the normal traffic burst in the network.