XGBoost Classifier for DDoS Attack Detection and Analysis in SDN-Based Cloud 论文

摘要

The marriage of cloud and software defined network (SDN) can work out the challenge which exist in the typical cloud platform such as the private cloud isolation of user, network flow control. But in SDN based cloud, the SDN controller which manages the whole system is vulnerable to distributed-denial-of-service (DDoS) attack, causing paralysis of the entire network. It is critical for SDN controller to be quick-speed, low false positive, and high precise against attack detection. In this paper, we use the extreme gradient boosting (XGBoost), as detection method in SDN based cloud. In addition, we use the POX as SDN controller, build SDN topology using Mininet and simulate real DDoS attack environment by attack tool Hyenae. The XGBoost classifier uses the flow packet data set collected by TcpDump for DDoS detection and compares it with other classifiers. The detection results validate that our method performs higher accuracy, lower false positive rate, fast-speed and has scalability.