Software-defined networking (SDN) was devised to simplify network management and automate infrastructure sharing in wired networks. These benefits motivated the application of SDN in wireless sensor networks to leverage solutions for complex applications. However, some of the core SDN traits turn the networks prone to denial of service attacks (DoS). There are proposals in the literature to detect DoS in wireless SDN networks, however, not without shortcomings: there is little focus on resource constraints, high detection rates have been reported only for small networks, and the detection is disengaged from the identification of the type of the attack or the attacker. Our work targets these shortcomings by introducing a lightweight, online change point detector to monitor performance metrics that are impacted when the network is under attack. A key novelty is that the proposed detector is able to operate in either centralized or distributed mode. The centralized detector has very high detection rates and can further distinguish the type of the attack (from a list of known attacks). On the other hand, the distributed detector provides information that allows to identify the nodes launching the attack. Our proposal is tested over IEEE 802.15.4 networks. The results show detection rates exceeding $96\%$ in networks of 36 and 100 nodes and identification of the type of the attack with a probability exceeding $0.89$ when using the centralized approach. Additionally, for some types of attack it was possible to pinpoint the attackers with an identification probability over $0.93$ when using distributed detectors.

翻译：设计了由软件定义的网络(SDN),以简化网络管理并在有线网络中共享基础设施;这些好处促使SDN在无线传感器网络中应用SDN,以利用复杂应用的解决方案;然而,一些SDN核心特征使网络容易被拒绝服务攻击(DoS)。文献中有些提议在无线SDN网络中检测DoS,但并非没有缺陷:很少关注资源限制,只报告小型网络的检测率高,而且检测率从识别袭击或袭击者的类型中分离出来。我们的工作目标是通过引入一个轻量的在线变换点探测器来监测在网络受到攻击时受到影响的性能指标。一个关键的新颖之处是,拟议的探测器能够以集中或分散的方式运作。中央探测器的检测率非常高,可以进一步区分袭击的类型(从已知袭击清单中)。另一方面,分布式探测器提供能够识别发起袭击的节点的信息。我们的建议是用IEEEE801.154 测试这些缺陷,以监测网络受到攻击时的性标值为802.54美元。