• KSII Transactions on Internet and Information Systems
    Monthly Online Journal (eISSN: 1976-7277)

A Moving Window Principal Components Analysis Based Anomaly Detection and Mitigation Approach in SDN Network

Vol. 12, No. 8, August 30, 2018
10.3837/tiis.2018.08.022 , Download Paper (Free):

Abstract

Network anomaly detection in Software Defined Networking, especially the detection of DDoS attack, has been given great attention in recent years. It is convenient to build the Traffic Matrix from a global view in SDN. However, the monitoring and management of high-volume feature-rich traffic in large networks brings significant challenges. In this paper, we propose a moving window Principal Components Analysis based anomaly detection and mitigation approach to map data onto a low-dimensional subspace and keep monitoring the network state in real-time. Once the anomaly is detected, the controller will install the defense flow table rules onto the corresponding data plane switches to mitigate the attack. Furthermore, we evaluate our approach with experiments. The Receiver Operating Characteristic curves show that our approach performs well in both detection probability and false alarm probability compared with the entropy-based approach. In addition, the mitigation effect is impressive that our approach can prevent most of the attacking traffic. At last, we evaluate the overhead of the system, including the detection delay and utilization of CPU, which is not excessive. Our anomaly detection approach is lightweight and effective.


Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2015)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article

[IEEE Style]
M. Wang, H. Zhou and J. Chen, "A Moving Window Principal Components Analysis Based Anomaly Detection and Mitigation Approach in SDN Network," KSII Transactions on Internet and Information Systems, vol. 12, no. 8, pp. 3946-3965, 2018. DOI: 10.3837/tiis.2018.08.022 .

[ACM Style]
Mingxin Wang, Huachun Zhou, and Jia Chen. 2018. A Moving Window Principal Components Analysis Based Anomaly Detection and Mitigation Approach in SDN Network. KSII Transactions on Internet and Information Systems, 12, 8, (2018), 3946-3965. DOI: 10.3837/tiis.2018.08.022 .