Abstract
To analyze and evaluate the security of the latest network architectures like Software Defined Network (SDN) architectures is a significant step in protecting these against various security threats. The security of SDN assumes greater significance as this dynamic network paradigm, in addition to its great future potential, experiences various design complexities and common Open-flow shortcomings, such as the issues related to a centralized controller. There is no doubt that SDN has been perceived as a standout among the most common ideal models for the networks because of its property of isolation of control and information planes. However, various malicious activities have managed to affect the network performance. Distributed Denial of Service (DDoS) attack has been one of the most crucial issues as far as the dependability on the Internet is concerned. This attack makes the service of any host or hub connected to the network difficult due to a wide variety of its approaches by hampering the normal functioning of the network. The inherent simplicity of SDN makes it easily vulnerable to DDoS attacks. This paper presents the techniques to detect the presence of flooding DDoS attacks in SDN. Three types of techniques have been shown to be implemented for mitigation of these attacks in SDN. Besides, a comparison of the performance of traditional networks and SDN under this type of DDoS attack has been illustrated in terms of throughput and Round-Trip-Time. It has been shown through experimentation that performance of SDN’s degrades drastically as compared to that of traditional networks under DDoS attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
ONF, Software-defined networking: the new norm for networks, white paper. Available at https://www.opennetworking.org. Last accessed on 22 Dec 2018
Shenker S, Casado M, Koponen T (2011) The future of networking and the past of protocols. Open Networking Summit
Openflow Switch Specification v1.0–v1.4. Available at https://www.opennetworking.org/sdn-resources/onf-specifications. Last accessed on 22 Dec 2018
Open Networking Foundation, OpenFlow Switch Specification. Available at https://www.opennetworking.org/sdn-resources/onf-specifications/openflow. Last accessed on 22 Dec 2018
Gude N, Koponen T, Pettit J, Pfaff B, Casado M, McKeown N, Shenker S (2008) Threat analysis of software defined network, vol 38, no 3, pp 105–110
Sezer S, Scott-Hayward S, Chouhan P, Fraser B, Lake D, Finnegan J, Viljoen N, Miller M, Rao N (2013) Are we ready for SDN? Implementation challenges for software defined networks. Commun Mag IEEE 51(7):36–43
Mirkovic J, Reiher PL (2004) A taxonomy of DDoS Attack and DDoS defense mechanisms. Assoc Comput Mach 34(2):39–53
Kaufman C, Perlman R, Sommerfeld B (2003) DoS Protection for UDP-based protocols. In: Proceedings of the 10th association of computing machinery conference on computer and communication security—CCS’03, pp 2–7
Zargar ST, Joshi J, Tipper D, Member S (2013) A survey of defense mechanisms against distributed denial of service (DDoS). IEEE Commun Survey Tutorials 15(4):2046–2069
Shannon C, Moore D, Claffy KC (2002) Beyond folklore: observations on fragmented traffic. IEEE/ACM Trans Netw (TON) 10(6):709–720
Peng T, Leckie C, Ramamohanarao K (2007) Survey of network based defense mechanisms countering the DoS and DDoS problems. Assoc Comput Mach Comput Survey 39(1)
Czyz J, Kallitsis M, Papadopoulos C, Bailey M (2014) Taming the 800 pound gorilla: the rise and decline of NTP DDoS attacks. In: Proceedings of internet measurement conference, pp 435–448
Strayer WT, Lapsely D, Walsh R, Livadas C (2008) Botnet detection based on network behavior. In: Botnet detection, advances in information security, vol 36. Springer, pp 1–24
Giotis K, Argyropoulos C, Androulidakis G, Kalogeras D, Maglaris V (2014) Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments. Comput Netw 62:122–136
Wang R, Jia Z, Ju L (2015) An entropy-based distributed DDoS detection mechanism in software defined networking. In: Proceedings of IEEE Trustcom/BigDataSE/ISPA, pp 310–317
Mehdi S, Khalid J, Khayam S (2011) Revisiting traffic anomaly detection using software defined networking. In: Proceedings of 14th international conference on recent advances in intrusion detection, pp 161–180
Braga R, Mota E, Passito A (2010) Lightweight DDoS flooding attack detection using NO/Open Flow. In: Proceedings of the IEEE 35th conference on local computer networks. IEEE, Washington, pp 408–415
Dotcenko S, Vladyko A, Letenko I (2014) A fuzzy logic-based information security management for software defined networks. In: Proceedings of 16th international conference on advanced communication technology (ICACT). IEEE, pp 167–171
Chung CJ, Khatkar P, Xing T, Lee J, Huang D (2013) NICE: network intrusion detection and countermeasure. IEEE Trans Dependable Secure Comput 10(4):198–221
Dillon C, Berkelaar M (2014) OpenFlow (D) DoS mitigation. Technical Report. Available at http://www.delaat.net/rp/2013-2014/p42/report.pdf. Last accessed on 22 Dec 2018
Shin S, Porras P, Yegneswaran V, Fong M, Gu G, Tyson M, Texas A, Station C, Park M (2013) Fresco: modular composable security services for software defined networks. In: Proceedings of network and distributed System security symposium, pp 1–16
Jin R, Wang B (2013) Malware detection for mobile devices using software defined networking. In: Proceedings of GREE proceedings of second GENI research and educational experiment workshop. IEEE, Washington, pp 81–88
Schechter SE, Jung J, Berger AW (2004) Fast detection of scanning worm infections. In: Proceedings of international workshop on recent advances in intrusion detection. Springer, Berlin, Heidelberg
Chin T, Mountrouidou X, Li X, Xiong K (2015) Selective packet inspection to detect DoS flooding using software defined networking (SDN). In: Proceedings of IEEE 35th international conference on distributed computing systems workshops (ICDCSW). IEEE, pp 95–99
Xing T, Huang D, Xu L, Chung CJ, Khatkar P (2013) Snort-Flow: a OpenFlow-based intrusion prevention system in cloud environment. In: Proceedings of 2nd GENI research and educational experiment workshop, GREE 2013, pp 89–92
Piedrahita AFM, Rueda S, Mattos DMF, Duarte OCMB (2015) FlowFence: a denial of service defense system for software defined networking. In: Proceedings of global information infrastructure and networking symposium (GIIS), Guadalajara, pp 1–6
Spitzner L (2002) Honeypots, tracking hackers, 1st edn. Addison Wesley, Boston, MA, USA
Grizzard JB, Sharma V, Nunnery C, Kang BB, Dagon D (2007) Peer-to-peer Botnets: overview and case study. In: Proceedings of USENIX HotBots ’07, pp 04–03
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Samta, R., Sood, M. (2020). Analysis and Mitigation of DDoS Flooding Attacks in Software Defined Networks. In: Khanna, A., Gupta, D., Bhattacharyya, S., Snasel, V., Platos, J., Hassanien, A. (eds) International Conference on Innovative Computing and Communications. Advances in Intelligent Systems and Computing, vol 1059. Springer, Singapore. https://doi.org/10.1007/978-981-15-0324-5_30
Download citation
DOI: https://doi.org/10.1007/978-981-15-0324-5_30
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-0323-8
Online ISBN: 978-981-15-0324-5
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)