CATH: an effective method for detecting denial-of-service attacks in software defined networks

Software defined networks (SDNs) are innovative network frameworks that have recently received wide attention. Their programming flexibility facilitates automatic network management and control, thus mitigating existing issues in the traditional network architecture. However, SDNs face several security risks, in particular denial-of-service (DoS) attacks, the most common and serious network attacks. To address such a threat, an SDN-DoS attack detection method is proposed based on fusing multiple flow features for describing the network catastrophe between the normal and the attack state. Several statistic attributes of SDN flow information are first chosen as detection features; subsequently, the cusp model is used to establish a catastrophe equilibrium surface for SDN states. After being trained, the cusp catastrophe model can be utilized to infer whether an SDN is under DoS attack. The experimental results demonstrate that the method can effectively and timely perceive SDN-DoS attacks, not only in simple networks but also in larger enterprise networks.