Leveraging SDN for Efficient Anomaly Detection and Mitigation on Legacy Networks

security

Giotis K , Androulidakis G , Maglaris V . Leveraging SDN for Efficient Anomaly Detection and Mitigation on Legacy Networks[C]// Third European Workshop on Software Defined Networks. IEEE Computer Society, 2014.

本文主要提出一种架构：利用SDN中的Controller改进现有的网络体系中进行Anomaly Detection(AD)

Introduction

DDoS的危害，以前的解决办法（文献较老）会使受害主要的良性流和恶性流量均不通过，本文的架构可改善这种状况。

Motivation and related word

讲述相关工作，但并未提及本文与之不同之处。（估记就是找几个不好的讲了一讲）

Design Principles and Overall Architecture

本文提出的架构如图：

A. Design pricinple

• 以流为粒度
• data gathering,AD,mitigation function decoupling
• Dynamic triggering of the RTBH mechanism,remote and automatic configuation trigger device
• scalable traffic statistics collection using packet sampling techniques,achived by sFlow

B. overflow Architecture

见图1
有三个功能：

• Anomaly Detection/Identification
  two modules:
  first,statistics Collection,monitoring harvesting from the edge router,export them to the next module inline
  second,AD ,detect potential attck,identifies the victim,intructs the RTBH trigger device propagate static route
• RTBH Component
  match victim IP and redirect to OF switch propagate route to entir network
• Anomaly Mitigation
  identification malicious,segregate malicious and benign traffic,drop malicious traffic,fowarding benign traffic to inport.

RTBH and anomaly detection empowered by the openflow protocol and sFlow capabilities

A. Victim Identification Mechanism

compute the average counter value and corresponding deviation,compare the value with particular IP

B. Using RTBH to redirect and filter network tarffic.

(1) 以前的RTBH,会导致victim的benign traffic也不c通
(2) forward packets to OF-enable switch,drop only malicious traffic,enpowered the ADI with remotely configuring the RTBH trigger device

C. Anomaly Mitigation

forward packets back inport of the OF,Drop malicious traffic.