Advertisement

Cog-SDN: Mitigation Mechanism for Distributed Denial of Service Attacks in Software Defined Networks

  • P. Mohana PriyaEmail author
  • K. R. Manjula
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1116)

Abstract

Software Defined Network is a novel network paradigm that decouples forwarding devices from the controller. Distributed Denial of Service attack is the most common threat found in which an attacker floods request messages to the victim. These attacks saturate control plane and degrade the service for legitimate traffic flows. In this research work, Cognitive-Software Defined Network is proposed which uses an unsupervised Deep Belief Network algorithm to defend against attacks. Deep Belief Network self-learns the flow payload details and detects flooding attacks when the counter exceeds the threshold value. The proposed mitigation method is deployed in the SDN controller which monitors the incoming traffic flows and blocks the malicious hosts. The experimental results show that Cognitive Software Defined Network outperforms in terms of bandwidth consumption, installation of flow entries with attack detection time when compared with SLICOTS.

Keywords

Software Defined Networks Cognition Distributed Denial of Service Attack Self-learning Deep Belief Network 

References

  1. 1.
    Jammal, M., Singh, T., Shami, A.: Software defined networking: state of art and research challenges. Comput. Netw. 72, 74–98 (2014).  https://doi.org/10.1016/j.comnet.2014.07.004CrossRefGoogle Scholar
  2. 2.
    Nunes, B.A.A., Mendonca, M., Nguyen, X.: A survey of software-defined networking: past, present and future of programmable networks. IEEE Commun. Surv. Tutor. 16(3), 1617–1634 (2014).  https://doi.org/10.1109/SURV.2014.012214.00180CrossRefGoogle Scholar
  3. 3.
    Li, W., Meng, W., Kwok, L.F.: A survey on OpenFlow-based software defined networks: security challenges and counter-measures. J. Netw. Comput. Appl. 68, 126–139 (2016).  https://doi.org/10.1016/j.jnca.2016.04.011CrossRefGoogle Scholar
  4. 4.
    Kim, H., Feamster, N.: Improving network management with software defined networking. IEEE Commun. Mag. 51, 114–119 (2013).  https://doi.org/10.1109/MCOM.2013.6461195CrossRefGoogle Scholar
  5. 5.
    Savas, S.S., Tomatore, M., Habib, M.F.: Disaster-resilient control plane design and mapping in software-defined networks. In: Proceedings of IEEE International Conference on High Performance Switching and Routing, Budapest, Hungary, pp. 1–6 (2016).  https://doi.org/10.1109/HPSR.2015.7483086
  6. 6.
    Karakus, M., Duressi, A.: A survey: control plane scalability issues and approaches in software defined networking. Comput. Netw. 112, 279–293 (2016).  https://doi.org/10.1016/j.comnet.2016.11.017 CrossRefGoogle Scholar
  7. 7.
    Scott-Hayward, S., Natarajan, S., Sezer, S.: A survey of security in software defined networks. IEEE Commun. Surv. Tutor. 18(1), 623–654 (2016).  https://doi.org/10.1109/COMST.2015.2453114CrossRefGoogle Scholar
  8. 8.
    Brooks, M., Yang, B.: Man in the middle attack against OpenDayLight SDN controller. In: Proceedings of ACM Conference on Research in Information Technology, New York, USA, October, pp. 45–49 (2015).  https://doi.org/10.1145/2808062.2808073
  9. 9.
    Chen, P.J., Chen, Y.W.: Implementation of SDN based network intrusion detection and prevention system. In: Proceedings of Carnahan Conference on Security Technology, Taipei, Taiwan, January, pp. 141–146 (2016).  https://doi.org/10.1109/CCST.2015.7389672
  10. 10.
    Niyaz, Q., Sun, W., Javaid, A.Y.: A Deep Learning Based DDoS Detection System in Software-Defined Networking. arXiv preprint arXiv:1611.07400 (2016).  https://doi.org/10.4108/eai.28-12-2017.153515CrossRefGoogle Scholar
  11. 11.
    Wang, H., Xu, L., Gu, G.: Floodguard: a DoS attack prevention extension in software-defined networks. In: Proceedings of IEEE International Conference on Dependable Systems and Networks, Riode Janeiro, Brazil, September, pp. 239–250 (2015).  https://doi.org/10.1109/DSN.2015.27
  12. 12.
    Chin, T., Mountrouidou, X., Li, X.: Selective packet inspection to detect DoS flooding using software defined networking. In: Proceedings of International Conference on Computing Systems Workshops, Columbus, OH, USA, July, pp. 95–99 (2015).  https://doi.org/10.1109/ICDCSW.2015.27
  13. 13.
    Dhawan, M., Poddar, R., Mahajan, K.: SPHINX: detecting security attacks in software-defined networks. In: Network and Distributed System Security (2015).  https://doi.org/10.14722/ndss.2015.23064
  14. 14.
    Shin, S., Yegneswaran, V., Porras, P.: Avant-guard: scalable and vigilant switch flow management in software defined networks. In: Proceedings of ACM SIGSAC Conference on Computer and Communications Security, November, pp. 413–424 (2013).  https://doi.org/10.1145/2508859.2516684
  15. 15.
    Ambrosin, M., Conti, M., De Gaspari, F.: Lineswitch: efficiently managing switch flow in software defined networking while effectively tackling DoS attacks. In: Proceedings of ACM Symposium on Information, Computer and Communications Security, pp. 639–644 (2015).  https://doi.org/10.1145/2714576.2714612
  16. 16.
    Wei, L., Fung, C.: FlowRanger: a request prioritizing algorithm for controller DoS attacks in software defined networks. In: Proceedings of IEEE International Conference on Communications, London, UK, September, pp. 639–644 (2015).  https://doi.org/10.1109/ICC.2015.7249158
  17. 17.
    Haopei, W., Lei, X., Guofei, G.: OF-GUARD: a DoS attack prevention extension in software defined networks. In: Open Network Summit (2014)Google Scholar
  18. 18.
    Nugraha, M., Paramita, I., Musa, A.: Utilizing OpenFlow and sFlow to detect and mitigate SYN flooding attack, pp. 988–994 (2014).  https://doi.org/10.9717/kmms.2014.17.8.988CrossRefGoogle Scholar
  19. 19.
    Amokrane, A., Langar, R., Boutaba, R.: Flow-based management for energy efficient campus networks. IEEE Trans. Netw. Serv. Manage. 12(4), 565–579 (2015).  https://doi.org/10.1109/TNSM.2015.2501398CrossRefGoogle Scholar
  20. 20.
    Mohana Priya, P., Shalinie, S.M., Pandey, T.: Restricted Boltzmann machine based energy efficient cognitive network. In: Snášel, V., Abraham, A., Krömer, P., Pant, M., Muda, A.K. (eds.) Innovations in Bio-Inspired Computing and Applications. AISC, vol. 424, pp. 463–472. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-28031-8_40CrossRefGoogle Scholar
  21. 21.
    Berman, M., Chase, J.S., Landweber, L.: GENI: a federated testbed for innovative network experiments. Comput. Netw. 61, 5–23 (2014).  https://doi.org/10.1016/j.bjp.2013.12.037CrossRefGoogle Scholar
  22. 22.
    Imran, M., Durad, M.H., Khan, F.A., Derhab, A.: Toward an optimal solution against denial of service attacks in software defined networks. Future Gener. Comput. Syst. 92, 444–453 (2019).  https://doi.org/10.1016/j.future.2018.09.022CrossRefGoogle Scholar
  23. 23.
    Mohana Priya, P., Shalinie, S.M.: Restricted Boltzmann machine based detection system for DDoS attack in software defined networks. In: Fourth International Conference on Signal Processing, Communication and Networking, pp. 1–6 (2017).  https://doi.org/10.1109/ICSCN.2017.8085731
  24. 24.
    Bawany, N.Z., Shamsi, J.A.: SEAL: SDN based secure and agile framework for protecting smart city applications from DDoS attacks. J. Netw. Comput. Appl. (2019).  https://doi.org/10.1016/j.jnca.2019.06.001CrossRefGoogle Scholar
  25. 25.
    Saraswat, S., Agarwal, V., Gupta, H.P., Mishra, R., Gupta, A., Dutta, T.: Challenges and solutions in software defined networking: a survey. J. Netw. Comput. Appl. 141, 23–58 (2019).  https://doi.org/10.1016/j.jnca.2019.04.020CrossRefGoogle Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  1. 1.School of ComputingSASTRA Deemed UniversityThanjavurIndia

Personalised recommendations