Detection of LDoS System Based on Periodic Comparison and CNN

Software-Defined Networking (SDN) is a network architecture approach that separates the control plane from the data plane, enabling centralized management and configuration of network infrastructure. However, the centralized control and Programmable characteristic features of SDN also come with potential risks. Low-Rate Denial of Service (LDoS) attacks aim to deplete the computational resources of SDN controllers, rendering them incapable of properly handling network traffic and control messages, thereby paralyzing the entire network. Due to the low-rate characteristics and persistence of LDoS attacks, traditional DDoS detection systems struggle to identify them. In this context, this paper proposes an online real-time detection system (CDDT) combining CNN (Convolutional Neural Network) and DTW (Dynamic Time Warping) algorithms. The CNN integrates and classifies traffic features from OpenFlow flow tables, while the DTW compares aggregated flow sequences from switches with periodic template sequences to determine the attack cycles. Experimental results demonstrate that the CDDT system can accurately detect and identify LDoS attacks while reducing false positives and false negatives.