A. Sangodoyin, Bashir Mohammed, S. Moyo, I. Awan, Jules Pagna Disso
{"title":"A Framework for Distributed Denial of Service Attack Detection and Reactive Countermeasure in Software Defined Network","authors":"A. Sangodoyin, Bashir Mohammed, S. Moyo, I. Awan, Jules Pagna Disso","doi":"10.1109/FiCloud.2019.00019","DOIUrl":null,"url":null,"abstract":"Software Defined Network is an evolving and promising architecture which allows greater control over network entities by centralising the control plane. Although on the surface SDN provides a simple framework for network programmability and monitoring, few has been said about security measures to make it more robust to hitherto security flaws. Among the identified security flaws, DDoS flooding attack continue to be one of the major security concerns as attack volumes are increasing year on year. In this paper, we developed and implement the feasibility of spoofing and flooding DDoS attack on data plane devices using Mininet emulator, floodlight and network performance testing tools. We further developed a mitigation mechanism to counter these attacks by pushing reactive flow through the controller to the attacking switch port. Our result shows that pushing flows through the controller mitigates the flooding attack with low performance overheads, and requires no change to the controllers mode of operation for deployment, which indicates a good performance of our model.","PeriodicalId":268882,"journal":{"name":"2019 7th International Conference on Future Internet of Things and Cloud (FiCloud)","volume":"46 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 7th International Conference on Future Internet of Things and Cloud (FiCloud)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/FiCloud.2019.00019","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 4
Abstract
Software Defined Network is an evolving and promising architecture which allows greater control over network entities by centralising the control plane. Although on the surface SDN provides a simple framework for network programmability and monitoring, few has been said about security measures to make it more robust to hitherto security flaws. Among the identified security flaws, DDoS flooding attack continue to be one of the major security concerns as attack volumes are increasing year on year. In this paper, we developed and implement the feasibility of spoofing and flooding DDoS attack on data plane devices using Mininet emulator, floodlight and network performance testing tools. We further developed a mitigation mechanism to counter these attacks by pushing reactive flow through the controller to the attacking switch port. Our result shows that pushing flows through the controller mitigates the flooding attack with low performance overheads, and requires no change to the controllers mode of operation for deployment, which indicates a good performance of our model.