DDoS attack have always been a popular topic in the field of network security. As an emerging networking paradigm, SDN’s characteristics such as centralized control and management and monitoring flow-based traffic make it an ideal platform to detect DDoS attacks. NFV can reduce equipment costs, simplify operation complexity, and improve operation performance, which provides a major opportunity for effective DDoS detection. Thus, with the help of SDN/NFV technology, this paper proposes a parallel path selection method to detect various types of DDoS attacks. This article virtualizes detection methods as service functions, and combines different service functions to form sequential paths. We first propose a HABS method to parallelize the service functions and construct a parallel path set. Then, we propose a PPCP method to reduce the delay between parallel branches. Next, the parallel path selection problem is formulated as a MDP. Then, we propose a QLBP method to choose the optimal path that balance detection performance, delay and load. Finally, the proposed QLBP method is deployed in a prototype system. We validate the performance of the QLBP method under various DDoS attack scenarios. Besides, we compare the path performance before and after applying the QLBP method. The experimental results indicate that this method can provide optimal parallel path against different attack types.

中文翻译：

---

DDoS攻击检测的并行路径选择机制


DDoS攻击一直是网络安全领域的热门话题。 SDN作为一种新兴的网络范式，其集中控制管理、基于流的流量监控等特点使其成为检测DDoS攻击的理想平台。 NFV可以降低设备成本、简化运营复杂性、提高运营性能，这为有效的DDoS检测提供了重大机会。因此，本文借助SDN/NFV技术，提出一种并行路径选择方法来检测各类DDoS攻击。本文将检测方法虚拟为服务功能，并将不同的服务功能组合起来形成顺序路径。我们首先提出一种HABS方法来并行化服务功能并构造并行路径集。然后，我们提出了一种PPCP方法来减少并行分支之间的延迟。接下来，并行路径选择问题被表述为 MDP。然后，我们提出了一种 QLBP 方法来选择平衡检测性能、延迟和负载的最佳路径。最后，所提出的 QLBP 方法被部署在原型系统中。我们验证了 QLBP 方法在各种 DDoS 攻击场景下的性能。此外，我们还比较了应用 QLBP 方法之前和之后的路径性能。实验结果表明，该方法能够针对不同的攻击类型提供最优的并行路径。