Improving DDoS Detection Accuracy Using Six-Sigma in SDN Environment
| Main Authors: | Hakim, Achmad Khalif; Telkom Indonesia Corp., Abdurohman, Maman; Telkom University, Yulianto, Fazmah Arif; Telkom University |
|---|---|
| Other Authors: | Telkom University |
| Format: | Article info application/pdf eJournal |
| Bahasa: | eng |
| Terbitan: |
International Journal on Advanced Science, Engineering and Information Technology
, 2018
|
| Subjects: | |
| Online Access: |
http://insightsociety.org/ojaseit/index.php/ijaseit/article/view/5036 http://insightsociety.org/ojaseit/index.php/ijaseit/article/view/5036/pdf_669 |
Daftar Isi:
- This paper proposes the new method for improving the accuracy of detection of DDoS attacks on the SDN by utilizing control plane using Six-Sigma method. Software-Defined Networking (SDN) is a centralized network control system. This system offers flexibility on receiving, processing and forwarding packets between subnetworks. The centralized system of SDN, which separates control plane and data plan, has an immense number of advantages, but it also has the risk of becoming a single point of network failure. Distributed Denial of Service (DDoS) attack is the major issues faced in the security aspect of SDN. This attack can make network resources unreachable by the real packets. The widely known method has been implemented on SDN for avoiding a DDoS attack is Three-Sigma method. Three-Sigma method uses a threshold value to determine the existence of a DDoS attack. However, this method has drawbacks regarding accuracy in determining the DDoS attack. The main contribution of this paper is utilizing central control plane of SDN for improving accuracy on detecting the DDoS attack. Several experiments performed for proving the concept. The result shows the new method can improve the accuracy of detection of a DDoS attack, either in constant or fluctuating traffic, by reducing the false positive. The performance is about 50% more accurate than the previous method.