Jasa translate jurnal / text Bahasa Inggris - Bahasa Indonesia atau sebaliknya.
Software Defined Networking (SDN) provides separation of data plane and control plane. The controller has centralized control of the entire network. SDN offers the ability to program the network and allows dynamic creation of flow policies. The controller is vulnerable to Distributed Denial of Service (DDoS) attacks that leads to resource exhaustion which causes non-reach ability of services given by the controller. The detection of DDoS requires adaptive and accurate classifier that does decision making from uncertain information. It is critical to detect the attack in the controller at earlier stage. SVM is widely used classifier with high accuracy and less false positive rate. We analyze the SVM classifier and compare it with other classifiers for DDoS detection. The experiments show that SVM performs accurate classification than others.
Software Defined Networking is a promising solution for addressing challenges of future networks. Despite its advantages such as flexibility, simplification and low costs, it has several drawbacks that are largely induced by the centralized control paradigm. Security is one of the most significant challenges related to centralization. In that regard, Distributed Denial of Service (DDoS) attacks pose crucial security questions in software-defined networks. In SDN architecture, switches send all packets to the controller if they do not have any applicable rules in their flow tables. Basically, controller is the key place that can take initiative in decisions. However, this characteristic results in large communication overhead and delay until a DDoS attack is detected and appropriate action is activated against attack packets. Therefore, in this work we propose a hybrid mechanism, namely SDNScore, where switches are not simply data forwarders. Instead, they can collect statistics and can decide if DDoS attack is in action. Then they coordinate with the controller and decide on attack packets in cooperation. SDNScore is a statistical and packet-based defense mechanism against DDoS attacks in SDN environment. Since it has a statistical scoring method, it can detect not only known but also unknown attacks. In addition, it does not drop all packets in a flow which includes both attack and legal packets, but rather acts on attack packets using packet-based analysis.