STDC: A SDN-Oriented Two-Stage DDoS Detection and Defence System Based on Clustering

摘要

DDoS has now become the most severe security problem of the Internet. Without in time report, DDoS attack can knock down the victim in no time by exhausting the victim's computing and communicating resources. In this paper we propose STDC-a DDoS defense system. STDC is a two-stage system based on clustering. In the first stage STDC leverage the benefit of SDN and NFV to apply flow-based detection method. STDC use the flow information gathered to do clustering. Since we use cluster analysis as the basic detection algorithm, STDC can separate the DDoS attacks from the legitimate flush crowd easily. In the second stage, we extract attack traffic pattern from the clustering result of the first stage to make blocking rules and use the structure of SDN to quickly dispatch them to achieve effictive and efficient DDoS mitigation. We test STDC using public DDoS dataset and the traffic captured through the gateway. Both of the experiments achieve good detection percision and high filtering ratio.