Abstract
Distributed Denial of Service (DDoS) attacks being one of the most challenging security issues in the current network requires a lot of attention from the research community. Detection and mitigation of DDoS attacks at early stages could reduce the impact of the attack on legitimate users. Software Defined Networking (SDN) has emerged as a technique to aid the resolution of DDoS attacks effectively. This paper proposes one such detection scheme that utilizes Radial Basis Function networks optimized with Particle Swarm Optimization for early detection of DDoS attacks in SDN networks. A feature set for training and testing of detection module is also proposed that allows the identification of DDoS attacks. The proposed detection scheme is efficient enough to classify the heavy load of network traffic from that of DDoS attacks. Not only detection is important in such scenario, but the mitigation technique also needs to be selected very carefully in order to meet the desired network requirements as well as to secure the legitimate users. For the purpose of identification of suitable mitigation scheme an analytical comparison of possible controller based mitigation techniques is presented. These techniques are further compared based on several parameters governing the effect of mitigation on network users and processing.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
InfoWorld: 2017: The year of widespread SDN adoption and DDoS attack mitigation (2017). http://www.infoworld.com/article/3156344/internet/2017-widespread-sdn-adoption-and-ddos-attack-mitigation.html
Braga, R., Mota, E., Passito, A.: Lightweight DDoS flooding attack detection using NOX/OpenFlow. In: IEEE 35th Conference on Local Computer Networks (LCN), pp. 408–415. IEEE (2010)
Mihai-Gabriel, I., Victor-Valeriu, P.: Achieving DDoS resiliency in a software defined network by intelligent risk assessment based on neural networks and danger theory. In: IEEE 15th International Symposium on Computational Intelligence and Informatics (CINTI), pp. 319–324. IEEE, November 2014
Cui, Y., et al.: SD-Anti-DDoS: fast and efficient DDoS defense in software-defined networks. J. Netw. Comput. Appl. 68, 65–79 (2016)
Kokila, R.T., Selvi, S.T., Govindarajan, K.: DDoS detection and analysis in SDN-based environment using support vector machine classifier. In: Sixth International Conference on Advanced Computing (ICoAC), pp. 205–210. IEEE, December 2014
Li, X., Yuan, D., Hu, H., Ran, J., Li, S.: DDoS detection in SDN switches using support vector machine classifier. In: Joint International Mechanical, Electronic and Information Technology Conference (JIMET-15). Atlantis Press (2015)
Broomhead, D.S., Lowe, D.: Radial basis functions, multi-variable functional interpolation and adaptive networks. Technical report (1988)
Kennedy, J., Eberhart, R.: Particle swarm optimization. In: IEEE International Conference on Neural Networks, pp. 1942–1948. IEEE (1995)
Floodlight documentation (2016). https://floodlight.atlassian.net/wiki/display/floodlightcontroller/For+Developers
Dayal, N., Srivastava, S.: Analyzing behavior of DDoS attacks to identify DDoS detection features in SDN. In: 9th International Conference on Communication Systems and Networks (COMSNETS-2017), pp. 274–281. IEEE (2017)
Dillon, C., Berkelaar, M.: Openflow DDoS mitigation, February 2014
Lim, S., Ha, J., Kim, H., Kim, Y., Yang, S.: A SDN-oriented DDoS blocking scheme for botnet-based attacks. In: Sixth International Conference on Ubiquitous and Future Networks (ICUFN), pp. 63–68 (2014)
Luo, S., Wu, J., Li, J., Pei, B.: A defense mechanism for distributed denial of service attack in software-defined networks. In: Ninth International Conference on Frontier of Computer Science and Technology (FCST), pp. 325–329. IEEE (2015)
Giotis, K., Argyropoulos, C., Androulidakis, G., Kalogeras, D., Maglaris, V.: Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments. Comput. Netw. 62, 122–136 (2014)
Liu, J., Lai, Y., Zhang, S.: Fl-guard: a detection and defense system for DDoS attack in SDN. In: Proceedings of the 2017 International Conference on Cryptography, Security and Privacy, pp. 107–111. ACM (2017)
Wang, R., Jia, Z., Ju, L.: An entropy-based distributed DDoS detection mechanism in software-defined networking. In: Trustcom/BigDataSE/ISPA, vol. 1, pp. 310–317. IEEE (2015)
Wei, L., Fung, C.: FlowRanger: a request prioritizing algorithm for controller DoS attacks in software defined networks. In: IEEE International Conference on Communications (ICC), pp. 5254–5259 (2015)
Wang, B., Zheng, Y., Lou, W., Hou, Y.T.: DDoS attack protection in the era of cloud computing and software-defined networking. Comput. Netw. 81, 308–319 (2015)
Fichera, S., Galluccio, L., Grancagnolo, S.C., Morabito, G., Palazzo, S.: OPERETTA: an OPEnflow-based REmedy to mitigate TCP synflood attacks against web servers. Comput. Netw. 92, 89–100 (2015)
Wang, X., Chen, M., Xing, C.: SDSNM: a software-defined security networking mechanism to defend against DDoS attacks. In: Ninth International Conference on Frontier of Computer Science and Technology (FCST), pp. 115–121. IEEE (2015)
Kalliola, A., Lee, K., Lee, H., Aura, T.: Flooding DDoS mitigation and traffic management with software defined networking. In: IEEE 4th International Conference on Cloud Networking (CloudNet), pp. 248–254. IEEE (2015)
Sahay, R., Blanc, G., Zhang, Z., Debar, H.: Towards autonomic DDoS mitigation using software defined networking. In: NDSS Workshop on Security of Emerging Networking Technologies (2015)
Shtern, M., Sandel, R., Litoiu, M., Bachalo, C., Theodorou, V.: Towards mitigation of low and slow application DDoS attacks. In: IEEE International Conference on Cloud Engineering (IC2E), pp. 604–609. IEEE (2014)
Xu, T., Gao, D., Dong, P., Zhang, H., Foh, C.H., Chao, H.C.: Defending against new-flow attack in SDN-based Internet of Things. IEEE Access 5, 3431–3443 (2017)
The internet topology zoo (2012). http://www.topology-zoo.org/dataset.html
Mininet: An instant virtual network on your laptop (or other pc) (2016). http://mininet.org/
Grobmann, M., Schuberth, S.J.: Auto-mininet: assessing the internet topology zoo in a software-defined network emulator. Technical report, Otto-Friedrich University (2013)
Borgnat, P., et al.: Seven years and one day: sketching the evolution of internet traffic. In: INFOCOM 2009. IEEE (2009)
Botta, A., Dainotti, A., Pescape, A.: A tool for the generation of realistic network workload for emerging networking scenarios. Comput. Netw. 56(15), 3531–3547 (2012)
Scapy v2.1.1-dev documentation (2010). http://www.secdev.org/projects/scapy/doc/usage.html
Hyenae (2010). https://sourceforge.net/projects/hyenae
hping3(8)-Linux man page (2010). https://linux.die.net/man/8/hping3
sFlow-RT (2015). http://sflow-rt.com/index.php
Acknowledgments
The authors would like to acknowledge financial support of Ministry of Human Resource Development, ISEA Phase II project and TEQIP Phase II for the related doctoral research work.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Dayal, N., Srivastava, S. (2019). Leveraging SDN for Early Detection and Mitigation of DDoS Attacks. In: Biswas, S., et al. Communication Systems and Networks. COMSNETS 2018. Lecture Notes in Computer Science(), vol 11227. Springer, Cham. https://doi.org/10.1007/978-3-030-10659-1_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-10659-1_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-10658-4
Online ISBN: 978-3-030-10659-1
eBook Packages: Computer ScienceComputer Science (R0)