Privacy-Preserving DDoS Attack Detection Using Cross-Domain Traffic in Software Defined Networks

TL;DR

This paper introduces Predis, a privacy-preserving cross-domain attack detection scheme for SDNs that combines encryption techniques with an efficient kNN algorithm, achieving high accuracy and privacy protection.

Contribution

Predis is the first scheme to effectively combine perturbation and data encryption with an improved kNN for privacy-preserving cross-domain DDoS detection in SDNs.

Findings

Predis achieves high detection accuracy with privacy guarantees.

The scheme demonstrates efficiency in theoretical analysis and simulations.

Predis secures sensitive domain information during attack detection.

Abstract

Existing distributed denial-of-service attack detection in software defined networks (SDNs) typically perform detection in a single domain. In reality, abnormal traffic usually affects multiple network domains. Thus, a cross-domain attack detection has been proposed to improve detection performance. However, when participating in detection, the domain of each SDN needs to provide a large amount of real traffic data, from which private information may be leaked. Existing multiparty privacy protection schemes often achieve privacy guarantees by sacrificing accuracy or increasing the time cost. Achieving both high accuracy and reasonable time consumption is a challenging task. In this paper, we propose Predis, which is a privacypreserving cross-domain attack detection scheme for SDNs. Predis combines perturbation encryption and data encryption to protect privacy and employs a computationally simple and efficient algorithm k-Nearest Neighbors (kNN) as its detection algorithm. We also improve kNN to achieve better efficiency. Via theoretical analysis and extensive simulations, we demonstrate that Predis is capable of achieving efficient and accurate attack detection while securing sensitive information of each domain.