Distributed are common threats in many networks, where attackers attempt to make victim servers unavailable to other users by flooding them with worthless requests. These attacks cannot be easily stopped by firewalls, since they forge lots of connections to victims with various IP addresses. The paper aims to exploit the software‐defined networking (SDN) technique to defend against DDoS attacks. However, the controller has to handle lots of connections launched by DDoS attacks, which burdens it with a heavy load and degrades SDN's performance. Therefore, the paper proposes an efficient and low‐cost DDoS defense (ELD) mechanism for SDN. It adopts a nested reverse‐exponential data storage scheme to help the controller efficiently record the information of packets in the limited memory. Once there are many packets with high IP variability sent to a certain server and this situation lasts for a while, then a DDoS attack is likely happening. In this case, the controller asks switches to block malicious connections by installing flow rules. Experimental results verify that the ELD mechanism rapidly recognizes protocol‐based DDoS attacks and stops them in time, including TCP SYN flood, UDP flood, and ICMP flood, and also greatly reduces the overhead for the controller to defend against attacks. Moreover, ELD can distinguish DDoS flows from legitimate ones with similar features such as elephant flows and impulse flows, thereby eliminating false alarms.

中文翻译：

---

在基于SDN的网络中高效，低成本地防御分布式拒绝服务攻击

在许多网络中，分布式威胁是常见的威胁，攻击者试图通过向受害者发送毫无价值的请求，使受害者服务器对其他用户不可用。防火墙无法轻松阻止这些攻击，因为它们与具有不同IP地址的受害者建立了许多连接。本文旨在利用软件定义网络（SDN）技术防御DDoS攻击。但是，该控制器必须处理由DDoS攻击发起的许多连接，这使其负担沉重，并降低SDN的性能。因此，本文提出了一种高效且低成本的DDoS防御（ELD）机制用于SDN。它采用嵌套的反向指数数据存储方案，以帮助控制器有效地将数据包信息记录在有限的内存中。一旦有许多具有高IP可变性的数据包发送到某个服务器，并且这种情况持续了一段时间，则可能会发生DDoS攻击。在这种情况下，控制器会要求交换机通过安装流规则来阻止恶意连接。实验结果证明，ELD机制可以快速识别基于协议的DDoS攻击并及时阻止它们，包括TCP SYN泛洪，UDP泛洪和ICMP泛洪，还可以大大减少控制器防御攻击的开销。此外，ELD可以将DDoS流​​与具有类似特征（例如大象流和脉冲流）的合法流区分开来，从而消除了虚假警报。