{"title":"SDN控制器中DoS攻击的早期检测与缓解","authors":"Saritakumar N, A. V.","doi":"10.1109/ICIIET55458.2022.9967650","DOIUrl":null,"url":null,"abstract":"Software-Defined Networks (SDN), a single authority-managed network, vulnerable to various attacks, demands high security to its Controller. The Denial of Service (DoS) attack deactivates the network controller by flooding packets. Hence, two solutions are proposed for the early detection of DoS attacks: the Congestion control-based algorithm with a rate-limited queue mechanism and the Entropy-based algorithm with adaptive threshold estimation. The first proposal involves the pre-detection of DoS attacks at the early stages in SDN layers to prevent network congestion. The continuous monitoring of SDN switch ports identifies the repeated request of an IP/MAC address beyond a specified threshold, estimated through the CPU utilization factor. For the confirmed attack, the threat packets are queued separately and rate-limited. The second proposal detects low-level attacks by computing entropy and adaptive threshold estimation. The mitigation process either blocks or redirects the packets to the virtual host. The performance of the proposed algorithms in POX-SDN controllers is analyzed using Mininet.","PeriodicalId":341904,"journal":{"name":"2022 International Conference on Intelligent Innovations in Engineering and Technology (ICIIET)","volume":"113 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-09-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Early Detection and Mitigation of DoS Attacks in SDN Controller\",\"authors\":\"Saritakumar N, A. V.\",\"doi\":\"10.1109/ICIIET55458.2022.9967650\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Software-Defined Networks (SDN), a single authority-managed network, vulnerable to various attacks, demands high security to its Controller. The Denial of Service (DoS) attack deactivates the network controller by flooding packets. Hence, two solutions are proposed for the early detection of DoS attacks: the Congestion control-based algorithm with a rate-limited queue mechanism and the Entropy-based algorithm with adaptive threshold estimation. The first proposal involves the pre-detection of DoS attacks at the early stages in SDN layers to prevent network congestion. The continuous monitoring of SDN switch ports identifies the repeated request of an IP/MAC address beyond a specified threshold, estimated through the CPU utilization factor. For the confirmed attack, the threat packets are queued separately and rate-limited. The second proposal detects low-level attacks by computing entropy and adaptive threshold estimation. The mitigation process either blocks or redirects the packets to the virtual host. The performance of the proposed algorithms in POX-SDN controllers is analyzed using Mininet.\",\"PeriodicalId\":341904,\"journal\":{\"name\":\"2022 International Conference on Intelligent Innovations in Engineering and Technology (ICIIET)\",\"volume\":\"113 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-09-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 International Conference on Intelligent Innovations in Engineering and Technology (ICIIET)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICIIET55458.2022.9967650\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 International Conference on Intelligent Innovations in Engineering and Technology (ICIIET)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICIIET55458.2022.9967650","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
摘要
软件定义网络(SDN)是一个单一的授权管理网络,容易受到各种攻击,对其控制器的安全性要求很高。DoS (Denial of Service)攻击是一种通过泛洪攻击使网络控制器失效的攻击方式。为此,提出了两种早期检测DoS攻击的解决方案:基于拥塞控制的限速队列机制算法和基于熵的自适应阈值估计算法。第一种方案是在SDN层的早期阶段对DoS攻击进行预检测,以防止网络拥塞。通过对SDN交换机端口的持续监控,可以通过CPU利用率估算出某个IP/MAC地址超过一定阈值的重复请求。对于已确认的攻击,将对威胁报文进行单独排队并限速。第二种方案通过计算熵和自适应阈值估计来检测低级攻击。缓解过程阻止或将数据包重定向到虚拟主机。利用Mininet分析了所提算法在POX-SDN控制器中的性能。
Early Detection and Mitigation of DoS Attacks in SDN Controller
Software-Defined Networks (SDN), a single authority-managed network, vulnerable to various attacks, demands high security to its Controller. The Denial of Service (DoS) attack deactivates the network controller by flooding packets. Hence, two solutions are proposed for the early detection of DoS attacks: the Congestion control-based algorithm with a rate-limited queue mechanism and the Entropy-based algorithm with adaptive threshold estimation. The first proposal involves the pre-detection of DoS attacks at the early stages in SDN layers to prevent network congestion. The continuous monitoring of SDN switch ports identifies the repeated request of an IP/MAC address beyond a specified threshold, estimated through the CPU utilization factor. For the confirmed attack, the threat packets are queued separately and rate-limited. The second proposal detects low-level attacks by computing entropy and adaptive threshold estimation. The mitigation process either blocks or redirects the packets to the virtual host. The performance of the proposed algorithms in POX-SDN controllers is analyzed using Mininet.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
