LSAV:SDN 中的轻量级源地址验证,抵御基于 IP 欺骗的 DDoS 攻击

IF 1.2 4区 计算机科学 Q4 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE
Ali Karakoç, Fati̇h Alagöz
{"title":"LSAV:SDN 中的轻量级源地址验证,抵御基于 IP 欺骗的 DDoS 攻击","authors":"Ali Karakoç, Fati̇h Alagöz","doi":"10.55730/1300-0632.4042","DOIUrl":null,"url":null,"abstract":": In this paper, we propose a design to detect and prevent IP spoofing-based distributed denial of service (DDoS) attacks on software-defined networks (SDNs). DDoS attacks are still one of the significant problems for internet service providers (ISPs) and individual users. These attacks can disrupt customer services by targeting the availability of the system, and in some cases, they can completely shut down the target infrastructure. Protecting the system against DDoS attacks is therefore crucial for ensuring the reliability and availability of internet services. To address this problem, we propose a lightweight source address validation (LSAV) framework that leverages the flexibility of SDN architecture in ISP networks and employs a lightweight filtering mechanism that considers the cost of operation to maintain high performance. Our setup for the proposed mechanism reflects client–server communication through an ISP SDN, and we use the entry points to eliminate malicious user requests targeting the systems. We then propose a novel algorithm on top of this setup to introduce a new and more efficient approach to existing mitigation methodologies. In addition to filtering the traffic against IP spoofing-based DDoS attacks, LSAV also prioritizes low resource consumption and high performance in terms of delay and bandwidth. With this approach, we believe that ISPs can effectively defend against IP spoofing-based DDoS attacks while still preserving low resource consumption for the infrastructure and high-quality internet services for their customers.","PeriodicalId":49410,"journal":{"name":"Turkish Journal of Electrical Engineering and Computer Sciences","volume":"23 1","pages":""},"PeriodicalIF":1.2000,"publicationDate":"2023-11-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"LSAV: Lightweight source address validation in SDN to counteract IP spoofing-based DDoS attacks\",\"authors\":\"Ali Karakoç, Fati̇h Alagöz\",\"doi\":\"10.55730/1300-0632.4042\",\"DOIUrl\":null,\"url\":null,\"abstract\":\": In this paper, we propose a design to detect and prevent IP spoofing-based distributed denial of service (DDoS) attacks on software-defined networks (SDNs). DDoS attacks are still one of the significant problems for internet service providers (ISPs) and individual users. These attacks can disrupt customer services by targeting the availability of the system, and in some cases, they can completely shut down the target infrastructure. Protecting the system against DDoS attacks is therefore crucial for ensuring the reliability and availability of internet services. To address this problem, we propose a lightweight source address validation (LSAV) framework that leverages the flexibility of SDN architecture in ISP networks and employs a lightweight filtering mechanism that considers the cost of operation to maintain high performance. Our setup for the proposed mechanism reflects client–server communication through an ISP SDN, and we use the entry points to eliminate malicious user requests targeting the systems. We then propose a novel algorithm on top of this setup to introduce a new and more efficient approach to existing mitigation methodologies. In addition to filtering the traffic against IP spoofing-based DDoS attacks, LSAV also prioritizes low resource consumption and high performance in terms of delay and bandwidth. With this approach, we believe that ISPs can effectively defend against IP spoofing-based DDoS attacks while still preserving low resource consumption for the infrastructure and high-quality internet services for their customers.\",\"PeriodicalId\":49410,\"journal\":{\"name\":\"Turkish Journal of Electrical Engineering and Computer Sciences\",\"volume\":\"23 1\",\"pages\":\"\"},\"PeriodicalIF\":1.2000,\"publicationDate\":\"2023-11-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Turkish Journal of Electrical Engineering and Computer Sciences\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.55730/1300-0632.4042\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Turkish Journal of Electrical Engineering and Computer Sciences","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.55730/1300-0632.4042","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}
引用次数: 0

摘要

:在本文中,我们提出了一种设计方案,用于检测和预防软件定义网络(SDN)上基于 IP 欺骗的分布式拒绝服务(DDoS)攻击。DDoS 攻击仍然是互联网服务提供商(ISP)和个人用户面临的重大问题之一。这些攻击会破坏系统的可用性,从而中断客户服务,有时甚至会完全关闭目标基础设施。因此,保护系统免受 DDoS 攻击对于确保互联网服务的可靠性和可用性至关重要。为解决这一问题,我们提出了一种轻量级源地址验证(LSAV)框架,该框架充分利用了互联网服务提供商网络中 SDN 架构的灵活性,并采用了一种轻量级过滤机制,在保持高性能的同时考虑了运行成本。我们提出的机制设置反映了通过 ISP SDN 进行的客户端-服务器通信,我们利用入口点来消除针对系统的恶意用户请求。然后,我们在此基础上提出了一种新算法,为现有的缓解方法引入了一种更高效的新方法。除了过滤流量以抵御基于IP欺骗的DDoS攻击外,LSAV还优先考虑低资源消耗和高性能(延迟和带宽)。通过这种方法,我们相信互联网服务提供商可以有效抵御基于IP欺骗的DDoS攻击,同时还能为基础设施保留低资源消耗,为客户提供高质量的互联网服务。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
LSAV: Lightweight source address validation in SDN to counteract IP spoofing-based DDoS attacks
: In this paper, we propose a design to detect and prevent IP spoofing-based distributed denial of service (DDoS) attacks on software-defined networks (SDNs). DDoS attacks are still one of the significant problems for internet service providers (ISPs) and individual users. These attacks can disrupt customer services by targeting the availability of the system, and in some cases, they can completely shut down the target infrastructure. Protecting the system against DDoS attacks is therefore crucial for ensuring the reliability and availability of internet services. To address this problem, we propose a lightweight source address validation (LSAV) framework that leverages the flexibility of SDN architecture in ISP networks and employs a lightweight filtering mechanism that considers the cost of operation to maintain high performance. Our setup for the proposed mechanism reflects client–server communication through an ISP SDN, and we use the entry points to eliminate malicious user requests targeting the systems. We then propose a novel algorithm on top of this setup to introduce a new and more efficient approach to existing mitigation methodologies. In addition to filtering the traffic against IP spoofing-based DDoS attacks, LSAV also prioritizes low resource consumption and high performance in terms of delay and bandwidth. With this approach, we believe that ISPs can effectively defend against IP spoofing-based DDoS attacks while still preserving low resource consumption for the infrastructure and high-quality internet services for their customers.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Turkish Journal of Electrical Engineering and Computer Sciences
Turkish Journal of Electrical Engineering and Computer Sciences COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE-ENGINEERING, ELECTRICAL & ELECTRONIC
CiteScore
2.90
自引率
9.10%
发文量
95
审稿时长
6.9 months
期刊介绍: The Turkish Journal of Electrical Engineering & Computer Sciences is published electronically 6 times a year by the Scientific and Technological Research Council of Turkey (TÜBİTAK) Accepts English-language manuscripts in the areas of power and energy, environmental sustainability and energy efficiency, electronics, industry applications, control systems, information and systems, applied electromagnetics, communications, signal and image processing, tomographic image reconstruction, face recognition, biometrics, speech processing, video processing and analysis, object recognition, classification, feature extraction, parallel and distributed computing, cognitive systems, interaction, robotics, digital libraries and content, personalized healthcare, ICT for mobility, sensors, and artificial intelligence. Contribution is open to researchers of all nationalities.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信