Software-defined networks (SDN) are an emerging architecture that provides promising amends to put an end to current infrastructure constraints by optimized bandwidth utilization, flexibility in network management and configuration, and pulling down operating costs in traditional network structures. Despite the advantages of this architecture, SDNs may become the victim of a distributed denial of service (DDOS) attacks as the result of potential vulnerabilities in various layers. Therefore, the rapid detection of attack traffic in the early stages is very important. In this paper, we have proposed statistical solution to detect and to mitigate distributed denial of service attack in software-defined networks utilizing the unique capabilities of the SDN architecture. Here, the exponential weighted moving average protection mechanism (EWMA) in statistical distances is exploited. The simulation results of our extensive experiments showed that our mechanism is able to quick detection of attack traffics and take amendatory actions. Moreover, the evaluations show the superiority of the proposed algorithm with respect to other statistical methods.

中文翻译：

---

使用优化的统计距离来应对软件定义网络中的分布式拒绝服务攻击

软件定义网络（SDN）是一种新兴的体系结构，通过优化的带宽利用率，网络管理和配置的灵活性以及降低传统网络结构的运营成本，提供了有希望的修正，以消除当前的基础架构约束。尽管此体系结构具有优势，但由于各个层中潜在的漏洞，SDN可能成为分布式拒绝服务（DDOS）攻击的受害者。因此，在早期阶段快速检测攻击流量非常重要。在本文中，我们提出了一种统计解决方案，利用SDN架构的独特功能来检测和缓解软件定义网络中的分布式拒绝服务攻击。这里，利用统计距离内的指数加权移动平均保护机制（EWMA）。大量实验的仿真结果表明，我们的机制能够快速检测攻击流量并采取修正措施。此外，评估结果表明了该算法相对于其他统计方法的优越性。