A Framework for Distributed Denial of Service Attack Detection and Reactive Countermeasure in Software Defined Network

A. Sangodoyin, Bashir Mohammed, S. Moyo, I. Awan, Jules Pagna Disso
{"title":"A Framework for Distributed Denial of Service Attack Detection and Reactive Countermeasure in Software Defined Network","authors":"A. Sangodoyin, Bashir Mohammed, S. Moyo, I. Awan, Jules Pagna Disso","doi":"10.1109/FiCloud.2019.00019","DOIUrl":null,"url":null,"abstract":"Software Defined Network is an evolving and promising architecture which allows greater control over network entities by centralising the control plane. Although on the surface SDN provides a simple framework for network programmability and monitoring, few has been said about security measures to make it more robust to hitherto security flaws. Among the identified security flaws, DDoS flooding attack continue to be one of the major security concerns as attack volumes are increasing year on year. In this paper, we developed and implement the feasibility of spoofing and flooding DDoS attack on data plane devices using Mininet emulator, floodlight and network performance testing tools. We further developed a mitigation mechanism to counter these attacks by pushing reactive flow through the controller to the attacking switch port. Our result shows that pushing flows through the controller mitigates the flooding attack with low performance overheads, and requires no change to the controllers mode of operation for deployment, which indicates a good performance of our model.","PeriodicalId":268882,"journal":{"name":"2019 7th International Conference on Future Internet of Things and Cloud (FiCloud)","volume":"46 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 7th International Conference on Future Internet of Things and Cloud (FiCloud)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/FiCloud.2019.00019","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 4

Abstract

Software Defined Network is an evolving and promising architecture which allows greater control over network entities by centralising the control plane. Although on the surface SDN provides a simple framework for network programmability and monitoring, few has been said about security measures to make it more robust to hitherto security flaws. Among the identified security flaws, DDoS flooding attack continue to be one of the major security concerns as attack volumes are increasing year on year. In this paper, we developed and implement the feasibility of spoofing and flooding DDoS attack on data plane devices using Mininet emulator, floodlight and network performance testing tools. We further developed a mitigation mechanism to counter these attacks by pushing reactive flow through the controller to the attacking switch port. Our result shows that pushing flows through the controller mitigates the flooding attack with low performance overheads, and requires no change to the controllers mode of operation for deployment, which indicates a good performance of our model.
软件定义网络中分布式拒绝服务攻击检测与响应对策框架
软件定义网络是一个不断发展和有前途的体系结构,它允许通过集中控制平面对网络实体进行更好的控制。尽管表面上SDN为网络可编程性和监控提供了一个简单的框架,但很少有人说要采取安全措施使其更健壮,以应对迄今为止的安全漏洞。在已发现的安全漏洞中,DDoS洪水攻击仍然是主要的安全问题之一,因为攻击量逐年增加。在本文中,我们利用Mininet仿真器、泛光灯和网络性能测试工具开发并实现了对数据平面设备进行欺骗和泛洪DDoS攻击的可行性。我们进一步开发了一种缓解机制,通过将反应流从控制器推送到攻击交换机端口来对抗这些攻击。我们的结果表明,通过控制器推送流以较低的性能开销减轻了洪水攻击,并且不需要改变控制器的部署操作模式,这表明我们的模型具有良好的性能。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信