Abstract
A software defined network (SDN) is an OpenFlow-based network that initiates innovative traffic engineering and also simplifies network maintenance. Network security is still as stringent as that of traditional networks. A denial of service (DoS) attack is a major security issue that makes an entire network’s resources unavailable to its intended users. Blocking the flows based on the number of flows per port threshold was the most common method employed in the past. At some occasions legitimate traffic also takes the huge flow will punish by default rules. In order to address this issue, I proposed a reinforcement learning-based DoS detection model that detects and mitigates huge flows without a decline in normal traffic. An agent periodically monitors and measures network performance. It also rewrites the flow rules dynamically in the case of rule violation.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Braga R, Mota E, Passito A (2010) Lightweight DDoS flooding attack detection using NOX/OpenFlow. In: Proceedings of the conference on local computer networks, LCN, pp 408–415 (2010). https://doi.org/10.1109/lcn.2010.5735752
Solnushkin KS (2013) Automated design of two-layer fat-tree networks
Cai Z, Cox A, Ng TSE (2011) Maestro: a system for scalable OpenFlow control. Rice University
Nayana Y, Tech JM, Girish L (2015) DDoS mitigation using software defined network. 24:258–264
Son NH (2016) A mechanism for early detecting DDOS attacks based on M/G/R PS queue. Int J Netw Secur Appl 8:17–24
Belyaev M, Gaivoronski S (2014) Towards load balancing in SDN-networks during DDoS-Attacks. In: SDN NFV next generation of computational infrastructure—2014 international science technology conference—modern networking technologies, MoNeTec. https://doi.org/10.1109/monetec.2014.6995578
Chin T, Mountrouidou X, Li X, Xiong K (2015) Selective packet inspection to detect DoS flooding using software defined networking (SDN). In: Proceedings of the 2015 IEEE 35th international conference on distributed computing systems workshops, ICDCSW 2015, pp 95–99. https://doi.org/10.1109/icdcsw.2015.27
Ambrosin M, Conti M, De Gaspari F, Poovendran R (2017) LineSwitch: tackling control plane saturation attacks in software-defined networking. IEEE/ACM Trans Netw 25:1206–1219
Shin S, Yegneswaran V, Porras P, Gu G (2013) AVANT-GUARD: scalable and vigilant switch flow management in software-defined networks. In: ACM SIGSAC conference on computer and communications security (CCS 2013), pp 413–424. https://doi.org/10.1145/2508859.2516684
Suh J et al (2010) Implementation of content-oriented networking architecture (CONA): a focus on DDoS countermeasure. In: 1st European NetFPGA developers workshop, pp 1–5
Chellani N, Tejpal P, Hari P (2016) Enhancing security in OpenFlow, pp 1–10
Dridi L, Zhani MF (2016) SDN-guard: DoS attacks mitigation in SDN networks. In: Proceedings of the 2016 5th IEEE international conference on cloud networking, CloudNet 2016, pp 212–217. https://doi.org/10.1109/cloudnet.2016.9
Li D, Hong X, Witt D (2013) ProtoGENI, a prototype GENI under security vulnerabilities : an experiment-based security study, pp 1–11
Porras P et al (2012) A security enforcement kernel for OpenFlow networks. In: Proceedings of the first Workshop on hot topics in software defined networking—HotSDN ’12, p 121. https://doi.org/10.1145/2342441.2342466
Shin S et al (2014) Rosemary: a robust, secure, and high-performance network operating system. In: Proceedings of the 2014 ACM SIGSAC conference on computer and communications security—CCS ’14, pp 78–89. https://doi.org/10.1145/2660267.2660353
Chandrasekaran B, Benson T (2014) Tolerating SDN application failures with LegoSDN. In: Proceedings of the third workshop on hot topics in software defined networking—HotSDN ’14, pp 235–236. https://doi.org/10.1145/2620728.2620781
Matsumoto S, Hitz S, Perrig A (2014) Fleet: defending SDNs from malicious administrators. In: Proceedings of the second ACM SIGCOMM workshop on hot topics in software defined networking—HotSDN ’14, pp 103–108. https://doi.org/10.1145/2620728.2620750
Systems BC (2009) Brocade sFlow for network traffic monitoring, p 12
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
VishnuPriya, A. (2019). Reinforcement Learning-Based DoS Mitigation in Software Defined Networks. In: Kumar, A., Mozar, S. (eds) ICCCE 2018. ICCCE 2018. Lecture Notes in Electrical Engineering, vol 500. Springer, Singapore. https://doi.org/10.1007/978-981-13-0212-1_41
Download citation
DOI: https://doi.org/10.1007/978-981-13-0212-1_41
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-0211-4
Online ISBN: 978-981-13-0212-1
eBook Packages: EngineeringEngineering (R0)