Abstract
HyperText Transfer Protocol (HTTP) Flood Distributed Denial-of-Service attacks use a set of infected nodes in a botnet to overload a web server. This article proposes a protection system against these attacks based on Software Defined Networking (SDN). Our system provides a simple challenge to detect attackers. When a request arrives for a given application, our system sends an HTTP redirection message to the client. This message instructs the client to use the actual Web application’s IP address. Hence, assuming that botnet nodes do not implement the complete HTTP protocol, they will not follow this redirection. As requests from botnets will not reach the application, only legitimate clients will access the protected server. This approach allows the system to differentiate attackers’ IP addresses from legitimate clients’ IPs. Consequently, the system inserts SDN flow rules to block future requests from attackers. Our proposal reduces the load of an attacked Autonomous System (AS) using the collaboration of other ASes. The idea is that when the application is under attack, the system redirects the requests to the Collaborating ASes. Hence, legitimate clients follow the redirection and access the web application through the collaborating AS. We evaluate the system using Mininet. The results show that the attacked AS’s SDN Controller can reduce its CPU consumption by 65.32% when six collaborating ASes are used. Also, when under attack, the system reduces the latency perceived by the clients from 6 s to approximately 0.4 s.
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10922-022-09704-1/MediaObjects/10922_2022_9704_Fig1_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10922-022-09704-1/MediaObjects/10922_2022_9704_Fig2_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10922-022-09704-1/MediaObjects/10922_2022_9704_Fig3_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10922-022-09704-1/MediaObjects/10922_2022_9704_Fig4_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10922-022-09704-1/MediaObjects/10922_2022_9704_Fig5_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10922-022-09704-1/MediaObjects/10922_2022_9704_Fig6_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10922-022-09704-1/MediaObjects/10922_2022_9704_Fig7_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10922-022-09704-1/MediaObjects/10922_2022_9704_Fig8_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10922-022-09704-1/MediaObjects/10922_2022_9704_Fig9_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10922-022-09704-1/MediaObjects/10922_2022_9704_Fig10_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10922-022-09704-1/MediaObjects/10922_2022_9704_Fig11_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10922-022-09704-1/MediaObjects/10922_2022_9704_Fig12_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10922-022-09704-1/MediaObjects/10922_2022_9704_Fig13_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10922-022-09704-1/MediaObjects/10922_2022_9704_Fig14_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10922-022-09704-1/MediaObjects/10922_2022_9704_Fig15_HTML.png)
Similar content being viewed by others
Data Availability
Our system implementation code is available at https://github.com/dstelman/sistema.git.
Notes
Part of this work is based on our paper published in Portuguese in the Proceedings of the XXV Workshop de Gerência e Operação de Redes e Serviços (WGRS) available at https://sol.sbc.org.br/index.php/wgrs/article/view/12449/12314. This utilization is permitted by the Brazilian publisher, as seen in https://sol.sbc.org.br/index.php/indice/conduta.
The code is available at https://github.com/dstelman/sistema.git
References
Al-Hammouri, A.T., Al-Ali, Z., Al-Duwairi, B.: Recap: a distributed CAPTCHA service at the edge of the network to handle server overload. Trans. Emerg. Telecommun. Technol. 29(4), E3187 (2017)
Aljuhani, A.: Machine learning approaches for combating distributed denial of service attacks in modern networking environments. IEEE Access 9, 42236–42264 (2021). https://doi.org/10.1109/ACCESS.2021.3062909
Amazon Web Services, I.: What is redis? https://aws.amazon.com/pt/elasticache/what-is-redis/ (2020)
Antonakakis, M., April, T., Bailey, M., Bernhard, M., Bursztein, E., Cochran, J., Durumeric, Z., Halderman, J.A., Invernizzi, L., Kallitsis, M., et al.: Understanding the mirai botnet. In: Proceedings of the 26th USENIX security symposium (USENIX Security 17), pp. 1093–1110 (2017)
Bonesi: Bonesi. https://github.com/Markus-Go/bonesi (2022)
Dao, N.N., Park, J., Park, M., Cho, S.: A feasible method to combat against DDoS attack in SDN network. In: Proceedings of the IEEE International Conference on Information Networking (ICOIN), pp. 309–311 (2015)
Dridi, L., Zhani, M.F.: SDN-guard: DoS attacks mitigation in SDN networks. In: Proceedings of the IEEE Cloud Networking (Cloudnet), pp. 212–217 (2016)
Flask: Flask. https://flask.palletsprojects.com (2022)
Gunicorn: Gunicorn - Python WSGI HTTP Server for UNIX. https://gunicorn.org (2022)
Hajizadeh, M., Afraz, N., Ruffini, M., Bauschert, T.: Collaborative cyber attack defense in SDN networks using blockchain technology. In: Proceedings of the International Workshop on Cyber-Security Threats, Trust and Privacy Management in Software-defined and Virtualized Infrastructures, pp. 487–492 (2020)
Hameed, S., Khan, H.A.: Leveraging SDN for collaborative DDoS mitigation. In: IEEE Networked Systems (NetSys), pp. 1–6 (2017)
Institute, P.: The Cost of Denial-of-Services Attacks. Tech. rep, Ponemon Institute LLC (2015)
Khondoker, R., Zaalouk, A., Marx, R., Bayarou, K.: Feature-based comparison and selection of Software Defined Networking (SDN) controllers. In: Proceedings of the IEEE World Congress on Computer Applications and Information Systems (WCCAIS), pp. 1–7 (2014)
Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: DDoS in the IoT: Mirai and other botnets. Computer 50(7), 80–84 (2017)
Krishna, V.R., Subhashini, R.: Detecting HTTP based mimicking attacks at HTTP server. In. J. Eng. Technol. (IJET) 9(4), 3041–3049 (2017)
Lim, S., Ha, J., Kim, H., Kim, Y., Yang, S.: A SDN-oriented DDoS blocking scheme for botnet-based attacks. In: Proceedings of the IEEE International Conference on Ubiquitous and Future Networks (ICUFN), pp. 63–68 (2014)
Mininet: Mininet. http://mininet.org (2022)
NNGroup: Powers of 10: Time scales in user experience.https://www.nngroup.com/articles/powers-of-10-time-scales-in-ux (2009)
Pajila, P.J.B., Julie, E.G.: Detection of DDoS attack using SDN in IoT: A survey. In: Proceedings of the Intelligent Communication Technologies and Virtual Mobile Networks (ICICV), pp. 438–452 (2019)
Park, S., Kim, Y., Choi, H., Kyung, Y., Park, J.: HTTP DDoS flooding attack mitigation in Software-Defined Networking. IEICE Trans. Inf. Syst. E104.D(9), 1496–1499 (2021)
Radware: DDoS attack definitions - DDoSPedia. https://security.radware.com/ddos-knowledge-center/ddospedia/http-challenge/ (2020)
Redis: Redis. https://redis.io/ (2022)
Ryu: Ryu. https://github.com/faucetsdn/ryu (2022)
Sanjeetha, R., Shastry, K.N.A., Chetan, H.R., Kanavalli, A.: Mitigating HTTP get flood DDoS attack using an SDN controller. In: Proceedings of the International Conference on Recent Trends on Electronics, Information, Communication & Technology (RTEICT), pp. 6–10 (2020)
Singh, J., Behal, S.: Detection and mitigation of DDoS attacks in SDN: a comprehensive review, research challenges and future directions. Comput. Sci. Rev. 37, 100279 (2020)
Singh, M.P., Bhandari, A.: New-flow based DDoS attacks in SDN: taxonomy, rationales, and research challenges. Comput. Commun. 154, 509–527 (2020)
VirtualBox: Virtualbox. https://www.virtualbox.org (2022)
vSwitch, O.: Open vSwitch. https://www.openvswitch.org (2022)
Wang, H., Xu, L., Gu, G.: Floodguard: A DoS attack prevention extension in software-defined networks. In: Proceedings of the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 239–250 (2015)
Zhipeng, Z., Chandel, S., Jingyao, S., Shilin, Y., Yunnan, Y., Jingji, Z.: VPN: a boon or trap?: A comparative study of MPLS, IPSec, and SSL virtual private networks. In: Proceedings of the 2018 Second International Conference on Computing Methodologies and Communication (ICCMC), pp. 510–515 (2018)
Funding
This study was financed in part by the Coordenação de Aperfeiçoamento de Pessoal de Nível Superior - Brasil (CAPES) - Finance Code 001. It was also supported by CNPq, FAPERJ, and FAPESP Grant 15/24494-8.
Author information
Authors and Affiliations
Contributions
All authors have contributed to the study conception and design. Material preparation, data collection, and analysis have been performed by DSMG. The first draft of the manuscript has been written by RSC and MGR and all authors have commented on previous versions of the manuscript. All authors have read and approved the final manuscript.
Corresponding author
Ethics declarations
Competing Interests
The authors have no relevant financial or non-financial interests to disclose.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Gonçalves, D.S.M., Couto, R.S. & Rubinstein, M.G. A Protection System Against HTTP Flood Attacks Using Software Defined Networking. J Netw Syst Manage 31, 16 (2023). https://doi.org/10.1007/s10922-022-09704-1
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10922-022-09704-1