Skip to main content
SpringerLink
Log in

A Protection System Against HTTP Flood Attacks Using Software Defined Networking

  • Published:
Journal of Network and Systems Management Aims and scope Submit manuscript

Abstract

HyperText Transfer Protocol (HTTP) Flood Distributed Denial-of-Service attacks use a set of infected nodes in a botnet to overload a web server. This article proposes a protection system against these attacks based on Software Defined Networking (SDN). Our system provides a simple challenge to detect attackers. When a request arrives for a given application, our system sends an HTTP redirection message to the client. This message instructs the client to use the actual Web application’s IP address. Hence, assuming that botnet nodes do not implement the complete HTTP protocol, they will not follow this redirection. As requests from botnets will not reach the application, only legitimate clients will access the protected server. This approach allows the system to differentiate attackers’ IP addresses from legitimate clients’ IPs. Consequently, the system inserts SDN flow rules to block future requests from attackers. Our proposal reduces the load of an attacked Autonomous System (AS) using the collaboration of other ASes. The idea is that when the application is under attack, the system redirects the requests to the Collaborating ASes. Hence, legitimate clients follow the redirection and access the web application through the collaborating AS. We evaluate the system using Mininet. The results show that the attacked AS’s SDN Controller can reduce its CPU consumption by 65.32% when six collaborating ASes are used. Also, when under attack, the system reduces the latency perceived by the clients from 6 s to approximately 0.4 s.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15

Similar content being viewed by others

Data Availability

Our system implementation code is available at https://github.com/dstelman/sistema.git.

Notes

  1. Part of this work is based on our paper published in Portuguese in the Proceedings of the XXV Workshop de Gerência e Operação de Redes e Serviços (WGRS) available at https://sol.sbc.org.br/index.php/wgrs/article/view/12449/12314. This utilization is permitted by the Brazilian publisher, as seen in https://sol.sbc.org.br/index.php/indice/conduta.

  2. The code is available at https://github.com/dstelman/sistema.git

References

  1. Al-Hammouri, A.T., Al-Ali, Z., Al-Duwairi, B.: Recap: a distributed CAPTCHA service at the edge of the network to handle server overload. Trans. Emerg. Telecommun. Technol. 29(4), E3187 (2017)

    Article  Google Scholar 

  2. Aljuhani, A.: Machine learning approaches for combating distributed denial of service attacks in modern networking environments. IEEE Access 9, 42236–42264 (2021). https://doi.org/10.1109/ACCESS.2021.3062909

    Article  Google Scholar 

  3. Amazon Web Services, I.: What is redis? https://aws.amazon.com/pt/elasticache/what-is-redis/ (2020)

  4. Antonakakis, M., April, T., Bailey, M., Bernhard, M., Bursztein, E., Cochran, J., Durumeric, Z., Halderman, J.A., Invernizzi, L., Kallitsis, M., et al.: Understanding the mirai botnet. In: Proceedings of the 26th USENIX security symposium (USENIX Security 17), pp. 1093–1110 (2017)

  5. Bonesi: Bonesi. https://github.com/Markus-Go/bonesi (2022)

  6. Dao, N.N., Park, J., Park, M., Cho, S.: A feasible method to combat against DDoS attack in SDN network. In: Proceedings of the IEEE International Conference on Information Networking (ICOIN), pp. 309–311 (2015)

  7. Dridi, L., Zhani, M.F.: SDN-guard: DoS attacks mitigation in SDN networks. In: Proceedings of the IEEE Cloud Networking (Cloudnet), pp. 212–217 (2016)

  8. Flask: Flask. https://flask.palletsprojects.com (2022)

  9. Gunicorn: Gunicorn - Python WSGI HTTP Server for UNIX. https://gunicorn.org (2022)

  10. Hajizadeh, M., Afraz, N., Ruffini, M., Bauschert, T.: Collaborative cyber attack defense in SDN networks using blockchain technology. In: Proceedings of the International Workshop on Cyber-Security Threats, Trust and Privacy Management in Software-defined and Virtualized Infrastructures, pp. 487–492 (2020)

  11. Hameed, S., Khan, H.A.: Leveraging SDN for collaborative DDoS mitigation. In: IEEE Networked Systems (NetSys), pp. 1–6 (2017)

  12. Institute, P.: The Cost of Denial-of-Services Attacks. Tech. rep, Ponemon Institute LLC (2015)

  13. Khondoker, R., Zaalouk, A., Marx, R., Bayarou, K.: Feature-based comparison and selection of Software Defined Networking (SDN) controllers. In: Proceedings of the IEEE World Congress on Computer Applications and Information Systems (WCCAIS), pp. 1–7 (2014)

  14. Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: DDoS in the IoT: Mirai and other botnets. Computer 50(7), 80–84 (2017)

    Article  Google Scholar 

  15. Krishna, V.R., Subhashini, R.: Detecting HTTP based mimicking attacks at HTTP server. In. J. Eng. Technol. (IJET) 9(4), 3041–3049 (2017)

    Google Scholar 

  16. Lim, S., Ha, J., Kim, H., Kim, Y., Yang, S.: A SDN-oriented DDoS blocking scheme for botnet-based attacks. In: Proceedings of the IEEE International Conference on Ubiquitous and Future Networks (ICUFN), pp. 63–68 (2014)

  17. Mininet: Mininet. http://mininet.org (2022)

  18. NNGroup: Powers of 10: Time scales in user experience.https://www.nngroup.com/articles/powers-of-10-time-scales-in-ux (2009)

  19. Pajila, P.J.B., Julie, E.G.: Detection of DDoS attack using SDN in IoT: A survey. In: Proceedings of the Intelligent Communication Technologies and Virtual Mobile Networks (ICICV), pp. 438–452 (2019)

  20. Park, S., Kim, Y., Choi, H., Kyung, Y., Park, J.: HTTP DDoS flooding attack mitigation in Software-Defined Networking. IEICE Trans. Inf. Syst. E104.D(9), 1496–1499 (2021)

    Article  Google Scholar 

  21. Radware: DDoS attack definitions - DDoSPedia. https://security.radware.com/ddos-knowledge-center/ddospedia/http-challenge/ (2020)

  22. Redis: Redis. https://redis.io/ (2022)

  23. Ryu: Ryu. https://github.com/faucetsdn/ryu (2022)

  24. Sanjeetha, R., Shastry, K.N.A., Chetan, H.R., Kanavalli, A.: Mitigating HTTP get flood DDoS attack using an SDN controller. In: Proceedings of the International Conference on Recent Trends on Electronics, Information, Communication & Technology (RTEICT), pp. 6–10 (2020)

  25. Singh, J., Behal, S.: Detection and mitigation of DDoS attacks in SDN: a comprehensive review, research challenges and future directions. Comput. Sci. Rev. 37, 100279 (2020)

    Article  MATH  Google Scholar 

  26. Singh, M.P., Bhandari, A.: New-flow based DDoS attacks in SDN: taxonomy, rationales, and research challenges. Comput. Commun. 154, 509–527 (2020)

    Article  Google Scholar 

  27. VirtualBox: Virtualbox. https://www.virtualbox.org (2022)

  28. vSwitch, O.: Open vSwitch. https://www.openvswitch.org (2022)

  29. Wang, H., Xu, L., Gu, G.: Floodguard: A DoS attack prevention extension in software-defined networks. In: Proceedings of the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 239–250 (2015)

  30. Zhipeng, Z., Chandel, S., Jingyao, S., Shilin, Y., Yunnan, Y., Jingji, Z.: VPN: a boon or trap?: A comparative study of MPLS, IPSec, and SSL virtual private networks. In: Proceedings of the 2018 Second International Conference on Computing Methodologies and Communication (ICCMC), pp. 510–515 (2018)

Download references

Funding

This study was financed in part by the Coordenação de Aperfeiçoamento de Pessoal de Nível Superior - Brasil (CAPES) - Finance Code 001. It was also supported by CNPq, FAPERJ, and FAPESP Grant 15/24494-8.

Author information

Authors and Affiliations

  1. Grupo Globo, Rio de Janeiro, RJ, 22640100, Brazil

    Diego S. M. Gonçalves

  2. FEN/DETEL/PEL, Universidade do Estado do Rio de Janeiro, Rio de Janeiro, 20550013, RJ, Brazil

    Diego S. M. Gonçalves & Marcelo G. Rubinstein

  3. COPPE/PEE/GTA, Universidade Federal do Rio de Janeiro, Rio de Janeiro, 21941972, RJ, Brazil

    Rodrigo S. Couto

Authors
  1. Diego S. M. Gonçalves
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rodrigo S. Couto
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Marcelo G. Rubinstein
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

All authors have contributed to the study conception and design. Material preparation, data collection, and analysis have been performed by DSMG. The first draft of the manuscript has been written by RSC and MGR and all authors have commented on previous versions of the manuscript. All authors have read and approved the final manuscript.

Corresponding author

Correspondence to Rodrigo S. Couto.

Ethics declarations

Competing Interests

The authors have no relevant financial or non-financial interests to disclose.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Gonçalves, D.S.M., Couto, R.S. & Rubinstein, M.G. A Protection System Against HTTP Flood Attacks Using Software Defined Networking. J Netw Syst Manage 31, 16 (2023). https://doi.org/10.1007/s10922-022-09704-1

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10922-022-09704-1

Keywords

Search

Navigation