survey

Software-defined Networking-based DDoS Defense Mechanisms

Authors:
Rochak Swami

National Institute of Technology, Kurukshetra, Haryana, India

National Institute of Technology, Kurukshetra, Haryana, India

0000-0003-4201-5051
View Profile

,
Mayank Dave

National Institute of Technology, Kurukshetra, Haryana, India

National Institute of Technology, Kurukshetra, Haryana, India
View Profile

,
Virender Ranga

National Institute of Technology, Kurukshetra, Haryana, India

National Institute of Technology, Kurukshetra, Haryana, India
View Profile

Authors Info & Claims

ACM Computing Surveys Volume 52 Issue 2Article No.: 28pp 1–36https://doi.org/10.1145/3301614

Published:09 April 2019Publication History

ACM Computing Surveys

Abstract

Distributed Denial of Service attack (DDoS) is recognized to be one of the most catastrophic attacks against various digital communication entities. Software-defined networking (SDN) is an emerging technology for computer networks that uses open protocols for controlling switches and routers placed at the network edges by using specialized open programmable interfaces. In this article, a detailed study on DDoS threats prevalent in SDN is presented. First, SDN features are examined from the perspective of security, and then a discussion on SDN security features is done. Further, two viewpoints on protecting networks against DDoS attacks are presented. In the first view, SDN utilizes its abilities to secure conventional networks. In the second view, SDN may become a victim of the threat itself because of the centralized control mechanism. The main focus of this research work is on discovering critical security implications in SDN while reviewing the current ongoing research studies. By emphasizing the available state-of-the-art techniques, an extensive review of the advancement of SDN security is provided to the research and IT communities.

Supplemental Material

Available for Download

zip

swami.zip (61.4 KB)

Supplemental movie, appendix, image and software files for, Software-defined Networking-based DDoS Defense Mechanisms

References

Nick Feamster, Jennifer Rexford, and Ellen Zegura. 2014. The road to SDN: An intellectual history of programmable networks. ACM SIGCOMM Comput. Commun. Rev. 44, 2 (2014), 87--98. Google ScholarDigital Library
Akram Hakiri, Aniruddha Gokhale, Pascal Berthou, Douglas C. Schmidt, and Thierry Gayraud. 2014. Software-defined networking: Challenges and research opportunities for future internet. Comput. Netw. 75 (2014), 453--471. Google ScholarDigital Library
D. Kreutz, F. M. V. Ramos, P. E. Veríssimo, C. E. Rothenberg, S. Azodolmolky, and S. Uhlig. 2015. Software-defined networking: A comprehensive survey. Proc. IEEE 103, 1 (Jan. 2015), 14--76.Google ScholarCross Ref
J. Tourrilhes, P. Sharma, S. Banerjee, and J. Pettit. 2014. SDN and OpenFlow evolution: A standards perspective. Computer 47, 11 (Nov. 2014), 22--29. Google ScholarDigital Library
Paul Goransson, Chuck Black, and Timothy Culver. 2016. Software Defined Networks: A Comprehensive Approach. Morgan Kaufmann. Google ScholarDigital Library
Keith Kirkpatrick. 2013. Software-defined networking. Commun. ACM 56, 9 (2013), 16--19. Google ScholarDigital Library
H. Kim and N. Feamster. 2013. Improving network management with software defined networking. IEEE Commun. Mag. 51, 2 (Feb. 2013), 114--119.Google ScholarCross Ref
Per Oscarson. 2003. Information security fundamentals. In Security Education and Critical Infrastructures. Springer, Berlin, 95--107. Google ScholarDigital Library
Muhammad Umar Farooq, Muhammad Waseem, Anjum Khairi, and Sadia Mazhar. 2015. A critical analysis on the security concerns of internet of things (IoT). Int. J. Comput. Appl. 111, 7 (2015).Google Scholar
Christos Douligeris and Aikaterini Mitrokotsa. 2004. DDoS attacks and defense mechanisms: Classification and state-of-the-art. Comput. Netw. 44, 5 (2004), 643--666. Google ScholarDigital Library
Stephen M. Specht and Ruby B. Lee. 2004. Distributed denial of service: Taxonomies of attacks, tools, and countermeasures. In Proceedings of the International Society for Computers and Their Applications and the International Conference on Parallel and Distributed Computing Systems (ISCA PDCS’04). 543--550.Google Scholar
A. D. Wood and J. A. Stankovic. 2002. Denial of service in sensor networks. Computer 35, 10 (Oct. 2002), 54--62. Google ScholarDigital Library
Dan Goodin. 2018. US service provider survives the biggest recorded DDoS in history. Retrieved March 30, 2018 from https://arstechnica.com/information-technology/2018/03/us-service-provider-survives-the-biggest-recorded-ddos-in-history/.Google Scholar
Rob Enns. 2006. NETCONF configuration protocol. Technical Report RFC 4741.Google Scholar
Xianfeng Li and Wencong Xie. 2017. CRAFT: A cache reduction architecture for flow tables in software-defined networks. In Proceedings of the 2017 IEEE Symposium on Computers and Communications (ISCC’17). 967--972.Google Scholar
Naga Katta, Omid Alipourfard, Jennifer Rexford, and David Walker. 2016. CacheFlow: Dependency-aware rule-caching for software-defined networks. In Proceedings of the Symposium on SDN Research (SOSR’16). ACM, New York, NY, Article 6, 12 pages. Google ScholarDigital Library
Giuseppe Bianchi, Marco Bonola, Antonio Capone, and Carmelo Cascone. 2014. OpenState: Programming platform-independent stateful openflow applications inside the switch. SIGCOMM Comput. Commun. Rev. 44, 2 (Apr. 2014), 44--51. Google ScholarDigital Library
CALYPTIX. 2015. DDoS Attacks 101: Types, targets, and motivations. Retrieved April 26, 2015 from https://www.calyptix.com/top-threats/ddos-attacks-101-types-targets-motivations/.Google Scholar
B. B. Gupta, R. C. Joshi, and Manoj Misra. 2009. Defending against distributed denial of service attacks: Issues and challenges. Inf. Secur. J. 18, 5 (2009), 224--247.Google Scholar
N. Muraleedharan and B. Janet. 2017. Behaviour analysis of HTTP based slow denial of service attack. In Proceedings of the 2017 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET’17). IEEE, 1851--1856.Google Scholar
B. B. Gupta and Omkar P. Badve. 2017. Taxonomy of DoS and DDoS attacks and desirable defense mechanism in a cloud computing environment. Neur. Comput. Appl. 28, 12 (2017), 3655--3682. Google ScholarDigital Library
L. Feinstein, D. Schnackenberg, R. Balupari, and D. Kindred. 2003. Statistical approaches to DDoS attack detection and response. In Proceedings DARPA Information Survivability Conference and Exposition, Vol. 1. 303--314.Google Scholar
D. Sattar, A. Matrawy, and O. Adeojo. 2016. Adaptive bubble burst (ABB): Mitigating DDoS attacks in software-defined networks. In Proceedings of the 2016 17th International Telecommunications Network Strategy and Planning Symposium (Networks’16). 50--55.Google Scholar
Ahmad Ariff Aizuddin, Mohd Atan, Megat Norulazmi, Megat Mohamed Noor, Shadil Akimi, and Zainal Abidin. 2017. DNS amplification attack detection and mitigation via sFlow with security-centric SDN. In Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication (IMCOM’17). ACM, New York, NY, Article 3, 7 pages. Google ScholarDigital Library
Sonia Panchen, Peter Phaal, and Neil McKee. 2001. InMon corporation’s sFlow: A method for monitoring traffic in switched and routed networks. Technical Report RFC 3176.Google Scholar
Jiaqi Yan and Dong Jin. 2015. VT-Mininet: Virtual-time-enabled mininet for scalable and accurate software-define network emulation. In Proceedings of the 1st ACM SIGCOMM Symposium on Software Defined Networking Research (SOSR’15). ACM, New York, NY, Article 27, 7 pages. Google ScholarDigital Library
Ben Pfaff, Justin Pettit, Teemu Koponen, Ethan J. Jackson, Andy Zhou, Jarno Rajahalme, Jesse Gross, Alex Wang, Joe Stringer, Pravin Shelar, et al. 2015. The design and implementation of open vSwitch. In Proceedings of the USENIX Symposium on Networked Systems Design and Implementation (NSDI’15). 117--130. Google ScholarDigital Library
Christian Rossow. 2014. Amplification hell: Revisiting network protocols for DDoS abuse. In Proceedings of the Network and Distributed System Security Symposium (NDSS’14).Google ScholarCross Ref
David Huistra. 2013. Detecting reflection attacks in DNS flows. In 19th Twente Student Conference on IT. https://pdfs.semanticscholar.org/4ad8/24537f212f70e25e4cbab55498f5a8e43942.pdf.Google Scholar
Q. Yan, Q. Gong, and F. R. Yu. 2017. Effective software-defined networking controller scheduling method to mitigate DDoS attacks. Electron. Lett. 53, 7 (2017), 469--471.Google ScholarCross Ref
Ligia Rodrigues Prete, A. A. Shinoda, C. M. Schweitzer, and R. L. S. de Oliveira. 2014. Simulation in an SDN network scenario using the POX controller. In Proceedings of the 2014 IEEE Colombian Conference on Communications and Computing (COLCOM’14). 1--6.Google ScholarCross Ref
Ming-Hung Chen, Jyun-Yan Ciou, I-Hsin Chung, and Cheng-Fu Chou. 2018. FlexProtect: A SDN-based DDoS attack protection architecture for multi-tenant data centers. In Proceedings of the International Conference on High Performance Computing in Asia-Pacific Region (HPC Asia’18). ACM, New York, NY, 202--209. Google ScholarDigital Library
J. Zheng, Q. Li, G. Gu, J. Cao, D. K. Y. Yau, and J. Wu. 2018. Realtime DDoS defense using COTS SDN switches via adaptive correlation analysis. IEEE Trans. Inf. Forens. Secur. 13, 7 (Jul. 2018), 1838--1853.Google ScholarCross Ref
C. Buragohain and N. Medhi. 2016. FlowTrApp: An SDN based architecture for DDoS attack detection and mitigation in data centers. In Proceedings of the 2016 3rd International Conference on Signal Processing and Integrated Networks (SPIN’16). 519--524.Google Scholar
K. Hong, Y. Kim, H. Choi, and J. Park. 2018. SDN-assisted slow HTTP DDoS attack defense method. IEEE Commun. Lett. 22, 4 (April 2018), 688--691.Google ScholarCross Ref
Mark Shtern, Roni Sandel, Marin Litoiu, Chris Bachalo, and Vasileios Theodorou. 2014. Towards mitigation of low and slow application ddos attacks. In Proceedings of the 2014 IEEE International Conference on Cloud Engineering (IC2E’14). IEEE, 604--609. Google ScholarDigital Library
Thomas Lukaseder, Lisa Maile, Benjamin Erb, and Frank Kargl. 2018. SDN-assisted network-based mitigation of slow DDoS attacks. In Proceedings of the International Conference on Security and Privacy in Communication Systems. Springer, 102--121.Google ScholarCross Ref
Nikhil Tripathi, Neminath Hubballi, and Yogendra Singh. 2016. How secure are web servers? An empirical study of slow HTTP DoS attacks and detection. In Proceedings of the 2016 11th International Conference on Availability, Reliability and Security (ARES’16). IEEE, 454--463.Google ScholarCross Ref
Tetsuya Hirakawa, Kanayo Ogura, Bhed Bahadur Bista, and Toyoo Takata. 2016. A defense method against distributed slow HTTP DoS attack. In Proceedings of the 2016 19th International Conference on Network-Based Information Systems (NBiS’16). IEEE, 152--158.Google ScholarCross Ref
Clifford Kemp, Chad Calvert, and Taghi Khoshgoftaar. 2018. Utilizing netflow data to detect slow read attacks. In Proceedings of the 2018 IEEE International Conference on Information Reuse and Integration (IRI’18). IEEE, 108--116.Google ScholarDigital Library
Truong Thu Huong and Nguyen Huu Thanh. 2017. Software defined networking-based one-packet DDoS mitigation architecture. In Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication (IMCOM’17). ACM, New York, NY, Article 110, 7 pages. Google ScholarDigital Library
Rishikesh Sahay, Gregory Blanc, Zonghua Zhang, Khalifa Toumi, and Hervé Debar. 2017. Adaptive policy-driven attack mitigation in SDN. In Proceedings of the 1st International Workshop on Security and Dependability of Multi-Domain Infrastructures (XDOMO’17). ACM, New York, NY, Article 4, 6 pages. Google ScholarDigital Library
Rishikesh Sahay, Gregory Blanc, Zonghua Zhang, and Hervé Debar. 2017. ArOMA: An SDN based autonomic DDoS mitigation framework. Comput. Secur. 70 (2017), 482--499.Google ScholarCross Ref
Sufian Hameed and Hassan Ahmed Khan. 2018. SDN based collaborative scheme for mitigation of DDoS attacks. Fut. Internet 10, 3, Article 23 (2018).Google Scholar
Lei Wang, Qing Li, Yong Jiang, Xuya Jia, and Jianping Wu. 2018. Woodpecker: Detecting and mitigating link-flooding attacks via SDN. Comput. Netw. 147 (2018), 1--13.Google ScholarCross Ref
Hojjat Adeli and Shih-Lin Hung. 1994. Machine Learning: Neural Networks, Genetic Algorithms, and Fuzzy Systems. John Wiley 8 Sons, Inc., New York, NY. Google ScholarDigital Library
Ioannis Tsochantaridis, Thomas Hofmann, Thorsten Joachims, and Yasemin Altun. 2004. Support vector machine learning for interdependent and structured output spaces. In Proceedings of the 21st International Conference on Machine Learning (ICML’04). ACM, New York, NY, 104. Google ScholarDigital Library
Teuvo Kohonen. 1998. The self-organizing map. Neurocomputing 21, 1 (1998), 1--6.Google ScholarCross Ref
J. Ashraf and S. Latif. 2014. Handling intrusion and DDoS attacks in software defined networks using machine learning techniques. In Proceedings of the 2014 National Software Engineering Conference. 55--60.Google Scholar
Quamar, Weiqing Sun, and Ahmad Y. Javaid. 2016. A deep learning based DDoS detection system in software-defined networking (SDN). CoRR abs/1611.07400 (2016). http://arxiv.org/abs/1611.07400Google Scholar
Chuanhuang Li, Yan Wu, Xiaoyong Yuan, Zhengjun Sun, Weiming Wang, Xiaolin Li, and Liang Gong. 2018. Detection and defense of DDoS attack--based on deep learning in OpenFlow-based SDN. Int. J. Commun. Syst. 31, 5 (2018), e3497.Google ScholarCross Ref
M. E. Ahmed, H. Kim, and M. Park. 2017. Mitigating DNS query-based DDoS attacks with machine learning on software-defined networking. In Proceedings of the 2017 IEEE Military Communications Conference (MILCOM’17). 11--16.Google Scholar
D. Hu, P. Hong, and Y. Chen. 2017. FADM: DDoS flooding attack detection and mitigation system in software-defined networking. In Proceedings of the 2017 IEEE Global Communications Conference (GLOBECOM’17). 1--7.Google Scholar
Yunhe Cui, Lianshan Yan, Saifei Li, Huanlai Xing, Wei Pan, Jian Zhu, and Xiaoyang Zheng. 2016. SD-Anti-DDoS: Fast and efficient DDoS defense in software-defined networks. J. Netw. Comput. Appl. 68 (2016), 65--79. Google ScholarDigital Library
Mohd Zafran Abdul Aziz and Koji Okamura. 2017. Leveraging SDN for detection and mitigation SMTP flood attack through deep learning analysis techniques. Int. J. Comput. Sci. Netw. Secur. 17, 10 (2017), 166.Google Scholar
A. Santos da Silva, J. A. Wickboldt, L. Z. Granville, and A. Schaeffer-Filho. 2016. ATLANTIC: A framework for anomaly traffic detection, classification, and mitigation in SDN. In Proceedings of the 2016 IEEE/IFIP Network Operations and Management Symposium (NOMS’16). 27--35.Google Scholar
Jin Ye, Xiangyang Cheng, Jian Zhu, Luting Feng, and Ling Song. 2018. A DDoS attack detection method based on SVM in software defined network. Security and Communication Networks 2018 (2018).Google Scholar
S. Lee, J. Kim, S. Shin, P. Porras, and V. Yegneswaran. 2017. Athena: A framework for scalable anomaly detection in software-defined networks. In Proceedings of the 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN’17). 249--260.Google Scholar
M. V. O. De Assis, A. H. Hamamoto, T. Abrão, and M. L. Proença. 2017. A game theoretical based system using holt-winters and genetic algorithm with fuzzy logic for DoS/DDoS mitigation on SDN networks. IEEE Access 5 (2017), 9485--9496.Google ScholarCross Ref
C. C. Chen, Y. R. Chen, W. C. Lu, S. C. Tsai, and M. C. Yang. 2017. Detecting amplification attacks with software defined networking. In Proceedings of the 2017 IEEE Conference on Dependable and Secure Computing. 195--201.Google Scholar
Pankaj Berde, Matteo Gerola, Jonathan Hart, Yuta Higuchi, Masayoshi Kobayashi, Toshio Koide, Bob Lantz, Brian O’Connor, Pavlin Radoslavov, William Snow, et al. 2014. ONOS: Towards an open, distributed SDN OS. In Proceedings of the 3rd Workshop on Hot Topics in Software Defined Networking. ACM, 1--6. Google ScholarDigital Library
Qiao Yan and Wenyao Huang. 2017. A DDoS detection and mitigation system framework based on spark and SDN. In Smart Computing and Communication, Meikang Qiu (Ed.). Springer International Publishing, Cham, 350--358.Google Scholar
D. He, S. Chan, X. Ni, and M. Guizani. 2017. Software-defined-networking-enabled traffic anomaly detection and mitigation. IEEE IoT J. 4, 6 (Dec. 2017), 1890--1898.Google Scholar
Adel Alshamrani, Ankur Chowdhary, Sandeep Pisharody, Duo Lu, and Dijiang Huang. 2017. A defense system for defeating DDoS attacks in SDN based networks. In Proceedings of the 15th ACM International Symposium on Mobility Management and Wireless Access (MobiWac’17). ACM, New York, NY, 83--92. Google ScholarDigital Library
Jing Liu, Yingxu Lai, and Shixuan Zhang. 2017. FL-GUARD: A detection and defense system for DDoS attack in SDN. In Proceedings of the 2017 International Conference on Cryptography, Security and Privacy (ICCSP’17). ACM, New York, NY, 107--111. Google ScholarDigital Library
T. Xu, D. Gao, P. Dong, C. H. Foh, and H. Zhang. 2017. Mitigating the table-overflow attack in software-defined networking. IEEE Trans. Netw. Serv. Manage. 14, 4 (Dec. 2017), 1086--1097. Google ScholarDigital Library
Z. K. Khattak, M. Awais, and A. Iqbal. 2014. Performance evaluation of OpenDaylight SDN controller. In Proceedings of the 2014 20th IEEE International Conference on Parallel and Distributed Systems (ICPADS’14). 671--676.Google Scholar
R. Durner, C. Lorenz, M. Wiedemann, and W. Kellerer. 2017. Detecting and mitigating denial of service attacks against the data plane in software defined networks. In Proceedings of the 2017 IEEE Conference on Network Softwarization (NetSoft’17). 1--6.Google Scholar
S. M. Mousavi and M. St-Hilaire. 2015. Early detection of DDoS attacks against SDN controllers. In Proceedings of the 2015 International Conference on Computing, Networking and Communications (ICNC’15). 77--81.Google Scholar
Kshira Sagar Sahoo, Deepak Puthal, Mayank Tiwary, Joel J. P. C. Rodrigues, Bibhudatta Sahoo, and Ratnakar Dash. 2018. An early detection of low-rate DDoS attack to SDN based data center networks using information distance metrics. Fut. Gener. Comput. Syst. 89 (2018), 685--697.Google ScholarDigital Library
Tao Wang, Hongchang Chen, Guozhen Cheng, and Yulin Lu. 2018. SDNManager: A safeguard architecture for SDN DoS attacks based on bandwidth prediction. Security and Communication Networks 2018 (2018).Google Scholar
R. Macedo, R. de Castro, A. Santos, Y. Ghamri-Doudane, and M. Nogueira. 2016. Self-Organized SDN controller cluster conformations against DDoS attacks effects. In Proceedings of the 2016 IEEE Global Communications Conference (GLOBECOM’16). 1--6.Google Scholar
Peng Zhang, Huanzhao Wang, Chengchen Hu, and Chuang Lin. 2016. On denial of service attacks in software defined networks. IEEE Netw. 30, 6 (2016), 28--33. Google ScholarDigital Library
R. Mohammadi, R. Javidan, and M. Conti. 2017. SLICOTS: An SDN-Based lightweight countermeasure for TCP SYN flooding attacks. IEEE Trans. Netw. Serv. Manage. 14, 2 (Jun. 2017), 487--497.Google ScholarDigital Library
Seungwon Shin, Vinod Yegneswaran, Phillip A. Porras, and Guofei Gu. 2013. AVANT-GUARD: Scalable and vigilant switch flow management in software-defined networks. In Proceedings of the ACM Conference on Computer and Communications Security. Google ScholarDigital Library
Biao Han, Xiangrui Yang, Zhigang Sun, Jinfeng Huang, and Jinshu Su. 2018. OverWatch: A cross-plane DDoS attack defense framework with collaborative intelligence in SDN. Security and Communication Networks 2018 (2018).Google Scholar
K. Kalkan, G. Gür, and F. Alagöz. 2017. SDNScore: A statistical defense mechanism against DDoS attacks in SDN environment. In Proceedings of the 2017 IEEE Symposium on Computers and Communications (ISCC’17). 669--675.Google Scholar
J. Boite, P. A. Nardin, F. Rebecchi, M. Bouet, and V. Conan. 2017. Statesec: Stateful monitoring for DDoS protection in software defined networks. In Proceedings of the 2017 IEEE Conference on Network Softwarization (NetSoft’17). 1--9.Google Scholar
Giuseppe Bianchi, Marco Bonola, Antonio Capone, and Carmelo Cascone. 2014. OpenState: Programming platform-independent stateful openflow applications inside the switch. ACM SIGCOMM Comput. Commun. Rev. 44, 2 (2014), 44--51. Google ScholarDigital Library
Lobna Dridi and Mohamed Faten Zhani. 2017. A holistic approach to mitigating DoS attacks in SDN networks. Int. J. Netw. Manage. 28, 1 (2017), e1996.Google ScholarCross Ref
Zhuo Chen, Fu Jiang, Yijun Cheng, Xin Gu, Weirong Liu, and Jun Peng. 2018. XGBoost classifier for DDoS attack detection and analysis in SDN-Based cloud. In Proceedings of the 2018 IEEE International Conference on Big Data and Smart Computing (BigComp’18). IEEE, 251--256.Google ScholarCross Ref
Pengpeng Wu, Lin Yao, Chi Lin, Guowei Wu, and Mohammad S. Obaidat. 2018. FMD: A DoS mitigation scheme based on flow migration in software-defined-networking. Int. J. Commun. Syst. 31, 9 (2018), e3543. arXiv:https://onlinelibrary.wiley.com/doi/pdf/10.1002/dac.3543Google ScholarCross Ref
H. Wang, L. Xu, and G. Gu. 2015. FloodGuard: A DoS attack prevention extension in software-defined networks. In Proceedings of the 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. 239--250. Google ScholarDigital Library
F. Rebecchi, J. Boite, P. A. Nardin, M. Bouet, and V. Conan. 2017. Traffic monitoring and DDoS detection using stateful SDN. In Proceedings of the 2017 IEEE Conference on Network Softwarization (NetSoft’17). 1--2.Google Scholar
Bing Wang, Yao Zheng, Wenjing Lou, and Y. Thomas Hou. 2015. DDoS attack protection in the era of cloud computing and software-defined networking. Comput. Netw. 81 (2015), 308--319. Google ScholarDigital Library
Q. Yan, F. R. Yu, Q. Gong, and J. Li. 2016. Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: A survey, some research issues, and challenges. IEEE Commun. Surv. Tutor. 18, 1 (Firstquarter 2016), 602--622.Google ScholarDigital Library
Narmeen Zakaria Bawany, Jawwad A. Shamsi, and Khaled Salah. 2017. DDoS attack detection and mitigation using SDN: Methods, practices, and solutions. Arab. J. Sci. Eng. 42, 2 (01 Feb. 2017), 425--441.Google ScholarCross Ref
K. Kalkan, G. Gur, and F. Alagoz. 2017. Defense mechanisms against DDoS attacks in SDN environment. IEEE Commun. Mag. 55, 9 (2017), 175--179.Google ScholarDigital Library
Muhammad Imran, Muhammad Hanif Durad, Farrukh Aslam Khan, and Abdelouahid Derhab. 2019. Toward an optimal solution against denial of service attacks in software defined networks. Fut. Gener. Comput. Syst. 92 (2019), 444--453.Google ScholarDigital Library
Muhammad Azfar Yaqub, Syed Hassan Ahmed, Safdar Hussain Bouk, and Dongkyun Kim. 2016. Information-centric networks (ICN). In Content-Centric Networks. Springer, Berlin, 19--33.Google Scholar
Bengt Ahlgren, Christian Dannewitz, Claudio Imbrenda, Dirk Kutscher, and Borje Ohlman. 2012. A survey of information-centric networking. IEEE Commun. Mag. 50, 7 (2012).Google ScholarCross Ref
Qing-Yi Zhang, Xing-Wei Wang, Min Huang, Ke-Qin Li, and Sajal K. Das. 2018. Software defined networking meets information centric networking: A survey. IEEE Access 6 (2018), 39547--39563.Google ScholarCross Ref

Index Terms

Software-defined Networking-based DDoS Defense Mechanisms
1. Security and privacy

Recommendations

Towards DDoS detection mechanisms in Software-Defined Networking
Abstract
Software-Defined Networking (SDN) is widely considered as one of the next generation network architecture. However, SDN faces with a series of issues which restraint its development and application, where the security is one of the ...
Read More
A comprehensive survey of DDoS defense solutions in SDN: Taxonomy, research challenges, and future directions
Highlights
- Identified high quality research articles in the field of SDN-aimed DDoS attacks using a systematic literature review protocol.
Abstract
The recent emergence of technologies such as Network Functions Virtualization (NFV), Intent based Networking, Internet of Things (IoT), 5G, and Cloud Computing have led to the rapid growth of networks. The inflexibility and vendor-...
Read More
A Defense Mechanism for Distributed Denial of Service Attack in Software-Defined Networks
FCST '15: Proceedings of the 2015 Ninth International Conference on Frontier of Computer Science and Technology

Distributed Denial of Service (DDoS) attack is a major threat to Internet based killer applications, such as independent news web sites, e-business and online games. Detecting and blocking such clever attacks has become difficult. Software-Defined ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Computing Surveys Volume 52, Issue 2
March 2020
770 pages
ISSN:0360-0300
EISSN:1557-7341
DOI:10.1145/3320149
Editor:
Sartaj Sahni
Department of Computer and Information Science and Engineering
Issue’s Table of Contents
Copyright © 2019 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 9 April 2019
- Revised: 1 December 2018
- Accepted: 1 December 2018
- Received: 1 June 2018
Published in csur Volume 52, Issue 2

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Software-defined networking
control plane
data plane
distributed denial of service
Qualifiers
- survey
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 76
  Total Citations
  View Citations
- 2,744
  Total Downloads
- Downloads (Last 12 months)194
- Downloads (Last 6 weeks)12
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format .

View HTML Format

Software-defined Networking-based DDoS Defense Mechanisms

ACM Computing Surveys

Abstract

Supplemental Material

Available for Download

References

Cited By

Index Terms

Recommendations

Towards DDoS detection mechanisms in Software-Defined Networking

A comprehensive survey of DDoS defense solutions in SDN: Taxonomy, research challenges, and future directions

A Defense Mechanism for Distributed Denial of Service Attack in Software-Defined Networks