Abstract
Denial-of-service (DoS) attacks bring many challenges in software-defined networks (SDN), mainly due to the vulnerabilities present in the communication between the control and data planes. Mitigation mechanisms have been proposed to alleviate these problems with the side effect of blocking legitimate flows. This work presents a DoS attack mitigation mechanism, named DoSSec, which encompasses a flow-based reputation strategy to improve detection of spurious traffic. The results show that DoSSec is able to prioritize and preserve an average of \(95\%\) legitimate traffic compared to state-of-the-art solutions, reducing impacts caused by SYN flood DoS attacks.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ambrosin, M., Conti, M., Gaspari, F.D., Poovendran, R.: LineSwitch: tackling control plane saturation attacks in SDN. IEEE/ACM Trans. Networking 25 (2017)
Beitollahi, H., Deconinck, G.: Analyzing well-known countermeasures against distributed denial of service attacks. Comput. Commun. 35(11), 1312–1332 (2012)
Bera, P., Saha, A., Setua, S.K.: DoS in SDN. In: 5th International CCSNT, pp. 497–501, December 2016
Bosshart, P., Daly, D., Gibb, G., Izzard, M., McKeown, N., Rexford, J., Schlesinger, C., Talayco, D., Vahdat, A., Varghese, G., Walker, D.: P4: programming protocol-independent packet processors. SIGCOMM Rev. 44(3), 87–95 (2014)
Carvalho, R.N., Costa, L.R., Bordim, J.L., Alchieri, E.A.P.: New programmable data plane architecture based on P4 OpenFlow agent. In: Barolli, L., Amato, F., Moscato, F., Enokido, T., Takizawa, M. (eds.) AINA. pp, pp. 1355–1367. Springer, Cham (2020)
Dridi, L., Zhani, M.F.: SDN-guard: DoS attacks mitigation in SDN networks. In: 5th International Conference Cloudnet, pp. 212–217, October 2016
Fichera, S., Galluccio, L., Grancagnolo, S.C., Morabito, G.: OPERETTA: an OPEnFlow-based REmedy to mitigate TCP SYNFLOOD Attacks against web servers. Comput. Netw. 92, 89–100 (2015)
Imran, M., Durad, H., Khan, F., Derhab, A.: Toward an optimal solution against DoS attacks in software defined networks. Future Gener. Comput. Syst. 92, 09 (2018)
Kalkan, K., Gür, G., Alagöz, F.: SDNScore: a statistical defense mechanism against DDoS attacks in SDN environment. In 2017 ISCC, pp. 669–675 (2017)
Kuerban, M., Tian, Y., Yang, Q., Jia, Y., Huebert, B.: FlowSec: DoS attack mitigation strategy on SDN controller. In: International CNAS, pp. 1–2, August 2016
Kumar, P., Tripathi, M., Nehra, A., Conti, M., Lal, C.: Safety: early detection and mitigation of TCP SYN flood utilizing entropy in SDN. IEEE Trans. Netw. Serv. Manag. (2018)
Lapolli, A.C., Marques, J.A., Gaspary, L.P.: Offloading real-time DDoS attack detection to programmable data planes. In: IFIP International Symposium on Integrated Network Management (2019)
Lau, F., Rubin, S.H., Smith, M.H., Trajkovic, L.: DDoS attacks, vol. 3, pp. 2275–2280, February 2000
Mohammadi, R., Javidan, R., Conti, M.: SLICOTS: an SDN-based lightweight countermeasure for SYN flooding attacks. IEEE Trans. Netw. Serv. Manag. 14, 487–497 (2017)
Niemiec, M., Jaglarz, P., Jekot, M., Chołda, P., Boryło, P.: Risk assessment approach to secure northbound interface of SDN networks. In: 2019 ICNC, pp. 164–169 (2019)
Nugraha, M., Paramita, I., Choi, D., Cho, B.: Utilizing OpenFlow and sFlow to detect and mitigate SYN flooding attack. J. Korea Multimedia Soc. 8(8) (2014)
Shin, S., Yegneswaran, V., Porras, P., Gu, G.: AVANT-GUARD: scalable and vigilant switch flow management in SDN. In: ACM SIGSAC Conference on Computer, pp. 413–424 (2013)
Sviridov, G., Bonola, M., Giaccone, P., Bianchi, G.: LODGE: LOcal Decisions on Global statEs in progrananaable data planes. In: 4th CNSW, pp. 257–261 (2018)
Wang, Y., Liu, Y., Hu, J., Zhang, M., Wang, X.: Reputation and incentive mechanism for SDN applications. In: 14th International CMASN, pp. 152–157 (2018)
Acknowledgements
This work is partially supported by the MCTIC/RNP/CTIC (Brazil) through the project P4Sec.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Carvalho, R.N., Costa, L.R., Bordim, J.L., Alchieri, E. (2021). DoSSec: A Reputation-Based DoS Mitigation Mechanism on SDN. In: Barolli, L., Woungang, I., Enokido, T. (eds) Advanced Information Networking and Applications. AINA 2021. Lecture Notes in Networks and Systems, vol 226. Springer, Cham. https://doi.org/10.1007/978-3-030-75075-6_62
Download citation
DOI: https://doi.org/10.1007/978-3-030-75075-6_62
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-75074-9
Online ISBN: 978-3-030-75075-6
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)