Top

Journal of Network and Systems Management

Published in:

01-04-2021

An SDN-Assisted Defense Mechanism for the Shrew DDoS Attack in a Cloud Computing Environment

Authors: Neha Agrawal, Shashikala Tapaswi

Published in: Journal of Network and Systems Management | Issue 2/2021

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

The integration of cloud computing with Software Defined Networking (SDN) addresses several challenges of a typical cloud infrastructure such as complex inter-networking, data collection, fast response, etc. Though SDN-based cloud opens new opportunities, the SDN controller may itself become vulnerable to several attacks. The unique features of SDN are used by the attackers to implement the severe Distributed Denial of Service (DDoS) attacks. Several approaches are available in literature to defend against the traditional DDoS flooding attacks in SDN-cloud. To elude the detection systems, attackers try to employ the cultivated attack strategies. Such sophisticated DDoS attack strategies are implemented by generating low-rate attack traffic. The most common type of Low-Rate DDoS (LR-DDoS) attack is the Shrew attack. The existing approaches are not capable to detect, mitigate, and traceback such attacks. Thus, this work discusses a new mechanism which not only detects and mitigates the shrew attack but traces back the location of the attack sources as well. The attack is detected using the information entropy variations, and the attack sources are traced-back using the deterministic packet marking scheme. The experiments are performed in a real SDN-cloud scenario, and the experimental results show that the approach requires 1 packet and 8.27 packets on an average to locate the bots and attackers respectively. The approach detects and traces back the attack sources in between 14.45 ms to 10.02 s and provides 97.6% accuracy.

previous article Reliability and Survivability Analysis of Long-Term Evolution Vehicular Ad-Hoc Networks: An Analytical Approach

next article Peripheral Diagnosis for Propagated Network Faults

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Agrawal, N., Tapaswi, S.: A proactive defense method for the stealthy EDoS attacks in a cloud environment. Int. J. Netw. Manag. 30, e2094 (2020). https://doi.org/10.1002/nem.2094CrossRef

Jabbarifar, M., Shameli-Sendi, A., Kemme, B.: A scalable network-aware framework for cloud monitoring orchestration. J. Netw. Comput. Appl. 133, 1–14 (2019). https://doi.org/10.1016/j.jnca.2019.02.006CrossRef

Yan, Q., Yu, F.R., Gong, Q., Li, J.: Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: a survey, some research issues, and challenges. IEEE Commun. Surv. Tutor. 18(1), 602–622 (2016). https://doi.org/10.1109/COMST.2015.2487361CrossRef

Mousavi, S.M., St-Hilaire, M.: Early detection of DDoS attacks against software defined network controllers. J. Netw. Syst. Manag. 26(3), 573–591 (2018). https://doi.org/10.1007/s10922-017-9432-1CrossRef

Jarraya, Y., Madi, T., Debbabi, M.: A survey and a layered taxonomy of software-defined networking. IEEE Commun. Surv. Tutor. 16(4), 1955–1980 (2014). https://doi.org/10.1109/COMST.2014.2320094CrossRef

Sahay, R., Meng, W., Jensen, C.D.: The application of software defined networking on securing computer networks: a survey. J. Netw. Comput. Appl. 131, 89–108 (2019). https://doi.org/10.1016/j.jnca.2019.01.019CrossRef

Yeganeh, S.H., Tootoonchian, A., Ganjali, Y.: On scalability of software-defined networking. IEEE Commun. Mag. 51(2), 136–141 (2013). https://doi.org/10.1109/MCOM.2013.6461198CrossRef

Banikazemi, M., Olshefski, D., Shaikh, A., Tracey, J., Wang, G.: Meridian: an SDN platform for cloud network services. IEEE Commun. Mag. 51(2), 120–127 (2013). https://doi.org/10.1109/MCOM.2013.6461196CrossRef

Mayoral, A., Vilalta, R., Munoz, R., Casellas, R., Martínez, R.: SDN orchestration architectures and their integration with cloud computing applications. Opt. Switch. Netw. 26, 2–13 (2017). https://doi.org/10.1016/j.osn.2015.09.007CrossRef

10.

Conti, M., Lal, C., Mohammadi, R., Rawat, U.: Lightweight solutions to counter DDoS attacks in software defined networking. Wirel. Netw. 25(5), 2751–2768 (2019). https://doi.org/10.1007/s11276-019-01991-yCrossRef

11.

Agrawal, N., Tapaswi, S.: Detection of low-rate cloud DDoS attacks in frequency domain using fast hartley transform. Wirel. Pers. Commun. 112, 1762 (2010). https://doi.org/10.1007/s11277-020-07125-4CrossRef

12.

Agrawal, N., Tapaswi, S.: Defense mechanisms against DDoS attacks in a cloud computing environment: state-of-the-art and research challenges. IEEE Commun. Surv. Tutor. 21(4), 1–27 (2019). https://doi.org/10.1109/COMST.2019.2934468CrossRef

13.

Dong, S., Abbas, K., Jain, R.: A survey on distributed denial of service (DDoS) attacks in SDN and cloud computing environments. IEEE Access. 7, 80813–80828 (2019). https://doi.org/10.1109/ACCESS.2019.2922196CrossRef

14.

Cambiaso, E., Papaleo, G., Aiello, M.: Slowcomm: design, development and performance evaluation of a new slow DoS attack. J. Inf. Secur. Appl. 35, 23–31 (2017). https://doi.org/10.1016/j.jisa.2017.05.005CrossRef

15.

Agrawal, N., Tapaswi, S.: Low rate cloud ddos attack defense method based on power spectral density analysis. Inf. Process. Lett. 138, 44–50 (2018). https://doi.org/10.1016/j.ipl.2018.06.001MathSciNetCrossRefMATH

16.

Hong, K., Kim, Y., Choi, H., Park, J.: SDN-assisted slow HTTP DDoS attack defense method. IEEE Commun. Lett. 22(4), 688–691 (2017). https://doi.org/10.1109/LCOMM.2017.2766636CrossRef

17.

Perez-Diaz, J.A., Valdovinos, I.A., Choo, K.K.R., Zhu, D.: A flexible SDN-based architecture for identifying and mitigating low-rate DDoS attacks using machine learning. IEEE Access 8, 155859–155872 (2020). https://doi.org/10.1109/ACCESS.2020.3019330CrossRef

18.

Luo, J., Yang, X., Wang, J., Xu, J., Sun, J., Long, K.: On a mathematical model for Low-Rate Shrew DDoS. IEEE Trans. Inf. Forensics Secur. 9(7), 1069–1083 (2014). https://doi.org/10.1109/TIFS.2014.2321034CrossRef

19.

Xie, R., Xu, M., Cao, J., Li, Q.: SoftGuard: defend against the low-rate TCP attack in SDN. In: Proceedings of the IEEE International Conference on Communications (ICC), pp. 1–6, Shanghai, China, (2019). https://doi.org/10.1109/ICC.2019.8761806

20.

Somani, G., Gaur, M.S., Sanghi, D., Conti, M., Rajarajan, M., Buyya, R.: Combating DDoS attacks in the cloud: requirements, trends, and future directions. IEEE Cloud Comput. 4(1), 22–32 (2017). https://doi.org/10.1109/MCC.2017.14CrossRef

21.

Agrawal, N., Tapaswi, S.: A lightweight approach to detect the low/high rate IP spoofed cloud DDoS attacks. In: Proceedings of the of IEEE \(7^{th}\) International Symposium on Cloud and Service Computing (SC2), pp. 118–123 (2017). https://doi.org/10.1109/SC2.2017.25

22.

Dong, P., Du, X., Zhang, H., Xu, T.: A detection method for a novel DDoS attack against SDN controllers by vast new low-traffic flows. In: Proceedings of the IEEE International Conference on Communications (ICC), pp. 1-6, Kuala Lumpur, Malaysia (2016). https://doi.org/10.1109/ICC.2016.7510992

23.

Agrawal, N., Tapaswi, S.: Defense schemes for variants of distributed-denial-of-service (DDoS) attacks in cloud computing: a survey. Inf. Secur. J. 26(2), 61–73 (2017). https://doi.org/10.1080/19393555.2017.1282995CrossRef

24.

Singh, M.P., Bhandari, A.: New-flow based DDoS attacks in SDN: taxonomy, rationales, and research challenges. Comput. Commun. 154, 509–527 (2020). https://doi.org/10.1016/j.comcom.2020.02.085CrossRef

25.

Yan, Q., Yu, F.R.: Distributed denial of service attacks in software-defined networking with cloud computing. IEEE Commun. Mag. 53(4), 52–59 (2015). https://doi.org/10.1109/MCOM.2015.7081075CrossRef

26.

Fouladi, R.F., Ermiş, O., Anarim, E.: A DDoS attack detection and defense scheme using time-series analysis for SDN. J. Inf. Secur. Appl. 54, 102587 (2020). https://doi.org/10.1016/j.jisa.2020.102587CrossRef

27.

Xing, T., Huang, D., Xu, L., Chung, C.J., Khatkar, P.: Snortflow: a openflow-based intrusion prevention system in cloud environment. In: Proceedings of the of IEEE \(2^{nd}\) GENI Research and Educational Experiment Workshop (GREE), pp. 89–92. (2013). https://doi.org/10.1109/GREE.2013.25

28.

Chen, Z., Jiang, F., Cheng, Y., Gu, X., Liu, W., Peng, J.: XGBoost classifier for DDoS attack detection and analysis in SDN-based cloud. In: Proceedings of the IEEE International Conference on Big Data and Smart Computing (BigComp), pp. 251–256. (2018). https://doi.org/10.1109/BigComp.2018.00044

29.

Zhu, L., Tang, X., Shen, M., Du, X., Guizani, M.: Privacy-preserving DDoS attack detection using cross-domain traffic in software defined networks. IEEE J. Sel. Areas Commun. 36(3), 628–643 (2018). https://doi.org/10.1109/JSAC.2018.2815442CrossRef

30.

Zheng, J., Li, Q., Gu, G., Cao, J., Yau, D.K., Wu, J.: Realtime DDoS defense using COTS SDN switches via adaptive correlation analysis. IEEE Trans. Inf. Forensics Secur. 13(7), 1838–1853 (2018). https://doi.org/10.1109/TIFS.2018.2805600CrossRef

31.

Wang, R., Jia, Z., Ju, L.: An entropy-based distributed DDoS detection mechanism in software-defined networking. In: Proceedings of the IEEE Trustcom/BigDataSE/ISPA, pp. 310–317. (2015). https://doi.org/10.1109/Trustcom.2015.389

32.

Sahay, R., Blanc, G., Zhang, Z., Debar, H.: ArOMA: an SDN based autonomic DDoS mitigation framework. Comput. Secur. 70, 482–499 (2017). https://doi.org/10.1016/j.cose.2017.07.008CrossRef

33.

Chesla, A., Doron, E.: Techniques for traffic diversion in software defined networks for mitigating denial of service attacks. United States patent application US 14/728,405 (2016)

34.

Wang, B., Zheng, Y., Lou, W., Hou, Y.T.: DDoS attack protection in the era of cloud computing and software-defined networking. Comput. Netw. 81, 308–319 (2015). https://doi.org/10.1016/j.comnet.2015.02.026CrossRef

35.

Buragohain, C., Medhi, N.: FlowTrApp: an SDN based architecture for DDoS attack detection and mitigation in data centers. In: Proceedings of the IEEE \(3^{rd}\) International Conference on Signal Processing and Integrated Networks (SPIN), pp. 519–524. (2016). https://doi.org/10.1109/SPIN.2016.7566750

36.

Singh, K., Singh, P., Kumar, K.: A systematic review of IP traceback schemes for denial of service attacks. Comput. Secur. 56, 111–139 (2016). https://doi.org/10.1016/j.cose.2015.06.007CrossRef

37.

Zhang, H., Reich, J., Rexford, J.: Packet Traceback for Software-Defined Networks, pp. 1–7. Princeton University Press, Princeton (2015)

38.

Belenky, A., Ansari, N.: IP traceback with deterministic packet marking. IEEE Commun. Lett. 7(4), 162–164 (2003). https://doi.org/10.1109/LCOMM.2003.811200CrossRef

39.

Francois, J., Festor, O.: Anomaly traceback using software defined networking. In: Proceedings of the IEEE International Workshop on Information Forensics and Security (WIFS), pp. 203–208. (2014). https://doi.org/10.1109/WIFS.2014.7084328

40.

Savage, S., Wetherall, D., Karlin, A., Anderson, T.: Network support for IP traceback. IEEE/ACM Trans. Netw. 9(3), 226–237 (2001). https://doi.org/10.1109/90.929847CrossRef

41.

Belenky, A., Ansari, N.: On deterministic packet marking. Comput. Netw. 51(10), 2677–2700 (2007). https://doi.org/10.1016/j.comnet.2006.11.020CrossRefMATH

42.

Rajam, V.S., Shalinie, S.M.: A novel traceback algorithm for DDoS attack with marking scheme for online system. In: Proceedings of the IEEE International Conference on Recent Trends In Information Technology (ICRTIT), pp. 407–412. (2012). https://doi.org/10.1109/ICRTIT.2012.6206751

43.

Jin, G., Yang, J.: Deterministic packet marking based on redundant decomposition for IP traceback. IEEE Commun. Lett. 10(3), 204–206 (2006). https://doi.org/10.1109/LCOMM.2006.1603385CrossRef

44.

Yu, S., Zhou, W., Guo, S., Guo, M.: A feasible IP traceback framework through dynamic deterministic packet marking. IEEE Trans. Comput. 65(5), 1418–1427 (2016). https://doi.org/10.1109/TC.2015.2439287MathSciNetCrossRefMATH

45.

Xiang, Y., Zhou, W., Guo, M.: Flexible deterministic packet marking: an IP traceback system to find the real source of attacks. IEEE Trans. Parallel Distrib. Syst. 20(4), 567–580 (2009). https://doi.org/10.1109/TPDS.2008.132CrossRef

46.

Patel, H., Jinwala, D.C.: LPM: a lightweight authenticated packet marking approach for IP traceback. Comput. Netw. 140, 41–50 (2018). https://doi.org/10.1016/j.comnet.2018.04.014CrossRef

47.

Goodrich, M.T.: Probabilistic packet marking for large-scale IP traceback. IEEE/ACM Trans. Netw. 16(1), 15–24 (2008). https://doi.org/10.1109/TNET.2007.910594CrossRef

48.

Nur, A.Y., Tozal, M.E.: Record route IP traceback: combating DoS attacks and the variants. Comput. Secur. 72, 13–25 (2018). https://doi.org/10.1016/j.cose.2017.08.012CrossRef

49.

Hoque, N., Bhattacharyya, D.K., Kalita, J.K.: Botnet in DDoS attacks: trends and challenges. IEEE Commun. Surv. Tutor. 17(4), 2242–2270 (2015). https://doi.org/10.1109/COMST.2015.2457491CrossRef

50.

Xiang, Y., Li, K., Zhou, W.: Low-rate DDoS attacks detection and traceback by using new information metrics. IEEE Trans. Inf. Forensics Secur. 6(2), 426–437 (2011). https://doi.org/10.1109/TIFS.2011.2107320CrossRef

51.

Sahoo, K.S., Puthal, D., Tiwary, M., Rodrigues, J.J., Sahoo, B., Dash, R.: An early detection of low rate DDoS attack to SDN based data center networks using information distance metrics. Future Gener. Comput. Syst. 89, 685–697 (2018)CrossRef

52.

Chen, Y., Hwang, K., Kwok, Y.K.: Collaborative defense against periodic shrew DDoS attacks in frequency domain. ACM Trans Inf. Syst. Secur. (TISSEC) 66(9), 1–30 (2005). https://doi.org/10.1016/j.jpdc.2006.04.007CrossRef

53.

Amazon Web Services. https://aws.amazon.com/documentation/

54.

Mininet. http://mininet.org/

55.

FlowVisor OpenFlow Controller. https://github.com/OPENNETWORKINGLAB/flowvisor/wiki

56.

OpenDayLight SDN Controller. https://docs.opendaylight.org/en/stable-oxygen/getting-started-guide/introduction.html

57.

Low Orbit Ion Canon. https://github.com/NewEraCracker/LOIC

Title: An SDN-Assisted Defense Mechanism for the Shrew DDoS Attack in a Cloud Computing Environment
Authors: Neha Agrawal
Shashikala Tapaswi
Publication date: 01-04-2021
Publisher: Springer US
Published in: Journal of Network and Systems Management / Issue 2/2021
Print ISSN: 1064-7570
Electronic ISSN: 1573-7705
DOI: https://doi.org/10.1007/s10922-020-09580-7

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 2/2021

Peripheral Diagnosis for Propagated Network Faults

ML-Based DDoS Detection and Identification Using Native Cloud Telemetry Macroscopic Monitoring

Self-organizing Fog Support Services for Responsive Edge Computing

Machine Learning-Based Multipath Routing for Software Defined Networks

Intelligent Secure Networking in In-band Full-duplex Dynamic Access Networks: Spectrum Management and Routing Protocol

Semantic Coordination on the Edge of Heterogeneous Ultra Dense Networks

Premium Partner