A Framework for Distributed Denial of Service Attack Detection and Reactive Countermeasure in Software Defined Network

2019 7th International Conference on Future Internet of Things and Cloud (FiCloud) Pub Date : 2019-08-01 DOI:10.1109/FiCloud.2019.00019

A. Sangodoyin, Bashir Mohammed, S. Moyo, I. Awan, Jules Pagna Disso

{"title":"A Framework for Distributed Denial of Service Attack Detection and Reactive Countermeasure in Software Defined Network","authors":"A. Sangodoyin, Bashir Mohammed, S. Moyo, I. Awan, Jules Pagna Disso","doi":"10.1109/FiCloud.2019.00019","DOIUrl":null,"url":null,"abstract":"Software Defined Network is an evolving and promising architecture which allows greater control over network entities by centralising the control plane. Although on the surface SDN provides a simple framework for network programmability and monitoring, few has been said about security measures to make it more robust to hitherto security flaws. Among the identified security flaws, DDoS flooding attack continue to be one of the major security concerns as attack volumes are increasing year on year. In this paper, we developed and implement the feasibility of spoofing and flooding DDoS attack on data plane devices using Mininet emulator, floodlight and network performance testing tools. We further developed a mitigation mechanism to counter these attacks by pushing reactive flow through the controller to the attacking switch port. Our result shows that pushing flows through the controller mitigates the flooding attack with low performance overheads, and requires no change to the controllers mode of operation for deployment, which indicates a good performance of our model.","PeriodicalId":268882,"journal":{"name":"2019 7th International Conference on Future Internet of Things and Cloud (FiCloud)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2019-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 7th International Conference on Future Internet of Things and Cloud (FiCloud)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/FiCloud.2019.00019","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

Software Defined Network is an evolving and promising architecture which allows greater control over network entities by centralising the control plane. Although on the surface SDN provides a simple framework for network programmability and monitoring, few has been said about security measures to make it more robust to hitherto security flaws. Among the identified security flaws, DDoS flooding attack continue to be one of the major security concerns as attack volumes are increasing year on year. In this paper, we developed and implement the feasibility of spoofing and flooding DDoS attack on data plane devices using Mininet emulator, floodlight and network performance testing tools. We further developed a mitigation mechanism to counter these attacks by pushing reactive flow through the controller to the attacking switch port. Our result shows that pushing flows through the controller mitigates the flooding attack with low performance overheads, and requires no change to the controllers mode of operation for deployment, which indicates a good performance of our model.

查看原文本刊更多论文

软件定义网络中分布式拒绝服务攻击检测与响应对策框架

软件定义网络是一个不断发展和有前途的体系结构，它允许通过集中控制平面对网络实体进行更好的控制。尽管表面上SDN为网络可编程性和监控提供了一个简单的框架，但很少有人说要采取安全措施使其更健壮，以应对迄今为止的安全漏洞。在已发现的安全漏洞中，DDoS洪水攻击仍然是主要的安全问题之一，因为攻击量逐年增加。在本文中，我们利用Mininet仿真器、泛光灯和网络性能测试工具开发并实现了对数据平面设备进行欺骗和泛洪DDoS攻击的可行性。我们进一步开发了一种缓解机制，通过将反应流从控制器推送到攻击交换机端口来对抗这些攻击。我们的结果表明，通过控制器推送流以较低的性能开销减轻了洪水攻击，并且不需要改变控制器的部署操作模式，这表明我们的模型具有良好的性能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2019 7th International Conference on Future Internet of Things and Cloud (FiCloud)

自引率

0.00%

发文量