With the popularity of the Internet, modern people increasingly rely on the Internet to complete a large amount of work, making the security of the Internet more and more important. Among many threats to network security, Distributed Denial-of-Service (DDoS) attacks have always been a problem that researchers want to solve. With the introduction of software-defined networking (SDN), more and more detection methods have been proposed. In this paper, we design a sketch-based method of data collection in the P4-based data plane, which sends less data to controller than the Openflow-based data plane with limited data size. Furthermore, our method collects data of both attackers and victims by asymmetric characteristics of data flows, which contributes to the mitigation of DDoS attacks by inserting rate-limited rules on the data plane. In experiments, our data collection structure can reach the 0.9 or more F1 score, and the number of entries is appropriate, while attack intensities are between 0Mbps to 500Mbps. In the evaluation section, we also present the result of labeling data by the K-means algorithm on the control plane.
All Science Journal Classification (ASJC) codes