Abstract
The LDoS (Low rate Denial of Service) attack that aims at exhausting the limited SDN switch buffer resource is hard to detect and degrade network performance seriously. To solve such a problem, this paper proposes an SDN LDoS detection and defense mechanism ADAR (Attack-flow Detection and Attack-port Recognition), which can detect the attack flows based on the collected statistical data, and identify and suppress these attack flows. The experimental results show that ADAR can effectively detect the SDN switch buffer overflow LDoS attacks, and mitigate their impact by using the attack port suppression method. Meanwhile, it can also effectively alleviate the problem of switch buffer overflow caused by the normal traffic burst in the network.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Richmond, R.: Firms join forces against hackers. Wall Street J. 28March (2005)
Wu, Z., Pan, Q., Yue, M., et al.: Sequence alignment detection of TCP-targeted synchronous low-rate DoS attacks. Comput. Netw. 152, 64–77 (2019)
Luo, J., Yang, X., Wang, J., et al.: On a mathematical model for low-rate shrew DDoS[J]. IEEE Trans. Inf. Forensics Secur. 9(7), 1069–1083 (2014)
Rabie, R., Drissi, M.: Applying sigmoid filter for detecting the low-rate denial of service attacks. In: 2018 IEEE 8th Annual Computing and Communication Workshop and Conference (CCWC), pp. 450–456. IEEE (2018)
Cotae, P., Rabie, R.: On a game theoretic approach to detect the low-rate denial of service attacks. In: 2018 International Conference on Communications (COMM), pp. 19–26. IEEE (2018)
McKeown, N.: INFOCOM keynote talk. Softw.-Defined Netw. 17(2), 30–32 (2009)
Jain, S., Kumar, A., Mandal, S., et al.: B4: Experience with a globally-deployed software defined WAN. ACM SIGCOMM Comput. Commun. Rev. ACM 43(4), 3–14 (2013)
Hong, K., Kim, Y., Choi, H., et al.: SDN-assisted slow HTTP DDoS attack defense method. IEEE Commun. Lett. 22(4), 688–691 (2017)
Lukaseder, T., Maile, L., Erb, B., Kargl, F.: SDN-assisted network-based mitigation of slow DDoS attacks. In: Beyah, R., Chang, B., Li, Y., Zhu, S. (eds.) SecureComm 2018. LNICST, vol. 255, pp. 102–121. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-01704-0_6
Cao, J., Li, Q., Xie, R., et al.: The crosspath attack: disrupting the {SDN} control channel via shared links. In: Usenix security symposium, pp. 19–36 (2019)
Cao, J., Xu, M., Li, Q., Sun, N., Yang, Y., Zheng, J.: Disrupting SDN via the data plane: a low-rate flow table overflow attack. In: Lin, X., Ghorbani, A., Ren, K., Zhu, S., Zhang, A. (eds.) SecureComm 2017. LNICST, vol. 238, pp. 356–376. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78813-5_18
Kang, M.S., Gligor, V.D., Sekar, V.: SPIFFY: inducing cost-detectability tradeoffs for persistent link-flooding attacks. In: NDSS (2016)
Kang, M.S., Lee, S.B., Gligor, V.D.: The crossfire attack. In: 2013 IEEE Symposium on Security and Privacy. IEEE, pp. 127–141 (2013)
Marin, E., Bucciol, N., Conti, M., et al.: An in-depth look into SDN topology discovery mechanisms: novel attacks and practical countermeasures. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1101–1114 (2019)
Magoni, D.: Nem: a software for network topology analysis and modeling. In: Proceedings. 10th IEEE International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunications Systems, pp. 364–371 (2002)
Nguyen, T.H., Yoo, M.: Analysis of link discovery service attacks in SDN controller. In: 2017 International Conference on Information Networking (ICOIN). IEEE, pp. 259–261 (2017)
Acknowledgments
This research was supported by a research grant from the National Basic Research Program of China (973 Program) under Grant No. 2012CB315806, the China Postdoctoral Science Foundation under Grant No. 2017M610286, and the National Natural Science Foundation of China under Grant No. 61103225, 61379149, 61772271.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Xie, S., Xing, C., Zhang, G., Wei, X., Hu, G. (2020). Research on LDoS Attack Detection and Defense Mechanism in Software Defined Networks. In: Xiang, Y., Liu, Z., Li, J. (eds) Security and Privacy in Social Networks and Big Data. SocialSec 2020. Communications in Computer and Information Science, vol 1298. Springer, Singapore. https://doi.org/10.1007/978-981-15-9031-3_8
Download citation
DOI: https://doi.org/10.1007/978-981-15-9031-3_8
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-9030-6
Online ISBN: 978-981-15-9031-3
eBook Packages: Computer ScienceComputer Science (R0)