A Dynamic DDoS Protection Mechanism for WLAN based on SDS Architecture

Zhenyu Wang, Heng He, Yan Hu, Ji Zhang, Wei Xia

Abstract

The impact of distributed denial of service (DDoS) attacks has become more and more serious and widespread in wireless local area network (WLAN). Traditional DDoS protection mechanisms become less reliable and cannot easily adapt to the diverse types of DDoS attacks. Meanwhile, the emergence of software defined networking (SDN) has provided a new solution to solve the security problem in WLAN. In this paper, we propose a dynamic DDoS protection mechanism for WLAN based on software defined security, which is a branch of SDN architecture in the network security. When outer-net data flow streams into the network, the mechanism can judge the credibility of the flow by its self-detection function, and then it will deploy different security strategies to handle the data flow according to the credibility before server responds to it. The analysis and experiment show that compared with traditional DDoS protection mechanisms, the proposed mechanism is a priori detection method, and is more flexible and efficient.

References

  1. Lee, K., Kim, J., Kwon, K., Han, Y., Kim, S., 2008. DDoS attack detection method using cluster analysis. Expert Systems with Applications, 34(3), pp. 1659- 1665.
  2. Lei, B., 2013. Deciphering SDN: Core Techniques and Practical Guide. Publishing House of Electronics Industry. Beijing.
  3. Park, K., 2003. Scalable DDoS protection using routebased filtering. In Proceedings of DARPA Information Survivability Conference and Exposition, pp. 97-97. IEEE Computer Society: Washington, DC.
  4. Pelechrinis, K., Iliofotou, M., Krishnamurthy, S., V., 2011. Denial of service attacks in wireless networks: The case of jammers. Communications Surveys & Tutorials, 13(2), pp. 245-257. IEEE.
  5. Ramos, E., Chae, S., Kim, M., Choi, M., 2008. The optimistic schemes of cluster analysis and k-NN classifier method in detecting and counteracting learned DDoS attack. In Proceedings of New Technologies, Mobility and Security, pp. 1-5. IEEE Computer Society: Tangier.
  6. Thatte, G., Mitra, U., Heidemann, J., 2011. Parametric methods for anomaly detection in aggregate traffic. IEEE/ACM Transactions on Networking, 19(2), pp.512-525.
  7. Thomas, D., Ken, G., 2014. SDN: Software Defined Networks. People's Posts and Telecommunications Press. Beijing.
  8. Tupakula, U., Varadharajan, V., Vuppala, S., K., 2011. Counteracting DDoS attacks in WLAN. In Proceedings of the 4th International Conference on Security of Information and Networks, pp. 119-126. ACM.
  9. Xiang, Y., Lin, Y., Lei, W., Huang, S., 2004. Detecting DDoS attack based on network self-similarity. IEE Proceeding on Communications, 151(3), pp. 292-295.
  10. Zhang, Y., Wan, Z., Wu, M., 2009. An active DDoS defence model based on packet marking. In Proceedings of the 2nd International Workshop on Computer Science and Engineering, pp. 435-438. IEEE Computer Society.
Download


Paper Citation


in Harvard Style

Wang Z., He H., Hu Y., Zhang J. and Xia W. (2016). A Dynamic DDoS Protection Mechanism for WLAN based on SDS Architecture . In ISME 2016 - Information Science and Management Engineering IV - Volume 1: ISME, ISBN 978-989-758-208-0, pages 41-47. DOI: 10.5220/0006443400410047


in Bibtex Style

@conference{isme16,
author={Zhenyu Wang and Heng He and Yan Hu and Ji Zhang and Wei Xia},
title={A Dynamic DDoS Protection Mechanism for WLAN based on SDS Architecture},
booktitle={ISME 2016 - Information Science and Management Engineering IV - Volume 1: ISME,},
year={2016},
pages={41-47},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006443400410047},
isbn={978-989-758-208-0},
}


in EndNote Style

TY - CONF
JO - ISME 2016 - Information Science and Management Engineering IV - Volume 1: ISME,
TI - A Dynamic DDoS Protection Mechanism for WLAN based on SDS Architecture
SN - 978-989-758-208-0
AU - Wang Z.
AU - He H.
AU - Hu Y.
AU - Zhang J.
AU - Xia W.
PY - 2016
SP - 41
EP - 47
DO - 10.5220/0006443400410047