Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Journal of Network and Systems Management
Published in: Journal of Network and Systems Management 3/2018

30-09-2017

Early Detection of DDoS Attacks Against Software Defined Network Controllers

Authors: Seyed Mohammad Mousavi, Marc St-Hilaire

Published in: Journal of Network and Systems Management | Issue 3/2018

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

Software Defined Network (SDN) is a new network architecture that has an operating system. Unlike conventional production networks, SDN allows more flexibility in network management using that operating system that is called the controller. The main advantage of having a controller in the network is the separation of the forwarding and the control planes, which provides central control over the network. Although central control is the major advantage of SDN, it is also a single point of failure if it is made unreachable by a Distributed Denial of Service (DDoS) attack. In this paper, that single point of failure is addressed by utilizing the controller to detect such attacks and protect the SDN architecture of the network in its early stages. The two main objectives of this paper are to (1) make use of the controller’s broad view of the network to detect DDoS attacks and (2) propose a solution that is effective and lightweight in terms of the resources that it uses. To accomplish these objectives, this paper examines the effect of DDoS attacks on the SDN controller and the way it can exhaust controller resources. The proposed solution to detect such attacks is based on the entropy variation of the destination IP address. Based on our experimental setup, the proposed method can detect DDoS within the first 250 packets of the attack traffic.
previous article Towards Deployable, Distributed ISP Traffic Filtering for the Cloud-Era
next article Network Selection Decisions for Multiple Calls Based on Consensus Level

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
Footnotes
1
A new packet in the sense that there is no flow for it in the switch table and it must be sent to the controller to be validated for a new flow.
 
2
It is important to note that starting with OpenFlow v1.4.0, an eviction mechanism exists.
 
Literature
1.
2.
Feinstein, L., Schnackenberg, D., Balupari, R., Kindred D.: Statistical approaches to DDoS attack detection and response. In: Proceedings of DARPA Information Survivability Conference and Exposition, vol. 1, pp. 303–314 (2003)
3.
4.
Dhawan, M., Poddar, R., Mahajan, K., Mann, V.: SPHINX: detecting security attacks in software-defined networks, NDSS, pp. 1–15, 2015
5.
Gu G., Shin, S.: CloudWatcher: network security monitoring using OpenFlow in dynamic cloud networks (or: How to provide security monitoring as a service in clouds?). In: 20th IEEE International conference on Network Protocols, pp. 1–6 (2012)
6.
Su, W., Wu, L., Huang, Y., Kuo, S., Hu, Y.: Design of event-based intrusion detection system on OpenFlow network. In: IEEE International Conference on Dependable Systems and Networks (SDN), pp. 1–2 (2013)
7.
Mota, E., Passito A., Braga, R.: Lightweight DDoS flooding attack detection usingNOX/OpenFlow. In: IEEE 35th Conference on Local Computer Networks, pp. 408–415 (2010)
8.
Ostermann, S., Tjaden B., Ramadas, M.: Detecting anamalous network traffic with self-organizing maps. In: Recent Advances in Intrusion Detection, pp. 36–54 (2003)
9.
Wang, R., Jia, Z., Ju, L.: An entropy-based distributed DDoS detection mechanism in software-defined networking. In: IEEE Trustcom/BigDataSE/ISPA, pp. 310–317 (2015)
10.
Shin, S., Yegneswaran, V., Porras, P., Gu, G.: AVANT-GUARD: scalable and vigilant switch flow management in software-defined networks. In: Proceedings of the 2013 ACM SIGSAC conference on computer and communications security, pp. 413–424 (2013)
11.
Wang, H., Xu, L., Gu, G.: FloodGuard: A DoS attack prevention extension in software-defined networks. In: 45th annual IEEE/IFIP international conference on dependable systems and networks, pp. 239–250 (2015)
12.
Zhang, J., Qin, Z., Ou, L., Jiang, P., Liu, J., Liu, A.X.: An advanced entropy-based DDoS detection scheme. In: International Conference on Information Networking and Automation (ICINA), pp. 67–71 (2010)
13.
No, G., Ra, I.: An efficient and reliable DDoS attack detection using fast entropy computation method. In: International Symposium on Communication and Information Technology, pp. 1223–1228 (2009)
14.
Nakashima, T., Sueyoshi T., Oshima, S.: Early DoS/DDoS detection method using short-term statistics. In: International Conference on Complex, Intelligent and Software Intensive Systems, pp. 168–173 (2010)
15.
16.
17.
18.
Metadata
Title
Early Detection of DDoS Attacks Against Software Defined Network Controllers
Authors
Seyed Mohammad Mousavi
Marc St-Hilaire
Publication date
30-09-2017
Publisher
Springer US
Published in
Journal of Network and Systems Management / Issue 3/2018
Print ISSN: 1064-7570
Electronic ISSN: 1573-7705
DOI
https://doi.org/10.1007/s10922-017-9432-1

Other articles of this Issue 3/2018

Journal of Network and Systems Management 3/2018 Go to the issue

OriginalPaper

A Novel Approach for Information Discovery in Wireless Sensor Grids

OriginalPaper

HE-MAN: Hierarchical Management for Vehicular Delay-Tolerant Networks

OriginalPaper

Network Selection Decisions for Multiple Calls Based on Consensus Level

OriginalPaper

Cluster Ensemble with Link-Based Approach for Botnet Detection

OriginalPaper

Multi-layer Virtual Transport Network Design

OriginalPaper

Green Approach for Joint Management of Geo-Distributed Data Centers and Interconnection Networks

Premium Partner

    Image Credits