Abstract
Optical burst switching (OBS) network is a promising switching technology for building the next-generation of Internet backbone infrastructure. It works by assembling UDP packets and sending a burst header packet (BHP) in order to reserve the required network resources along the path before sending the corresponding data burst. If a source node (ingress) gets compromised by an attacker and floods the network with only BHPs to reserve resources without sending actual data, a denial of service attack can occur. In this paper, we propose and develop a new security model that can be embedded into an OBS core switch architecture to prevent BHP flooding attacks. The countermeasure security model allows the OBS core switch to classify the ingress nodes based on their behavior and the amount of reserved resources that are not being utilized. A malicious node that causes BHP flooding attack will be blocked by the developed model until the risk disappears. The security model is implemented, tested and verified using a modified NCTUns network simulator. The analysis conducted reveals that our proposed model is effective in countering BHP flooding attacks as well as in providing the network resources to the legitimate nodes.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Chatterjee, S., Pawlowski, S.: All-optical networks. Commun. ACM 42, 74–83 (1999)
Chen, Y., Verma, P.K.: Secure optical burst switching: framework and research directions. IEEE Commun. Mag. 46(8), 40–45 (2008)
Qiao, C., Yoo, M.: Optical burst switching (OBS) - a new paradigm for an optical Internet. J. High Speed Netw. 8(1), 69–84 (1999)
Turner, J.: Terabit burst switching. J. High Speed Netw. 8, 3–16 (1999)
Jue, J.P., Vokkarane, V.M.: Optical Burst Switched Networks. Springer, Berlin (2006)
Blumenthal, D.J., Prucnal, P.R., Sauer, J.R.: Photonic packet switches: architectures and experimental implementations. Proc. IEEE 82, 1650–1667 (1994)
Chang, G.-K., Ellinas, G., Meagher, B., Xin, W., Yoo, S.J., Iqbal, M.Z., Way, W., Young, J., Dai, H., Chen, Y.J., Lee, C.D., Yang, X., Chowdhury, A., Chen, S.: Low latency packet forwarding in IP over WDM networks using optical label switching techniques. In: IEEE LEOS 1999 Annual Meeting, pp. 17–18 (1999)
Sreenath, N., Muthuraj, K., Kuzhandaivelu, G.V.: Threats and vulnerabilities on TCP/OBS networks. In: Proceedings of the International Conference on Computer Communication and Informatics (ICCCI 2012), pp. 1–5 (2012)
Sliti, M., Hamdi, M., Boudriga, N.: A novel optical firewall architecture for burst switched networks. In: Proceedings of 12th International Conference on Transparent Optical Networks (ICTON), pp. 1–5 (2010)
Sliti, M., Boudriga, N.: BHP flooding vulnerability and countermeasure. Photonic Netw. Commun. 29(2), 198–213 (2015)
Eddy W.: TCP SYN Flooding Attacks and Common Mitigations. RFC 4987 (2007)
Chen, Y., Verma, P.K., Kak, S.: Embedded security framework for integrated classical and quantum cryptography services in optical burst switching networks. Secur. Commun. Netw. 2(6), 546–554 (2009)
Chouhan, S.S., Sharma, S.: Identification of current attacks and their counter measures in optical burst switched (OBS) network. Int. J. Adv. Comput. Res. 2(1), 2249–7277 (2012)
Kahate, A.: Cryptography and Network Security, 2nd edn. McGraw-Hill, New York (2008)
Yuan, S., Stewart, D.: Protection of optical networks against inter-channel eavesdropping and jamming attacks. In: Proceedings of International Conference on Computational Science and Computational Intelligence (CSCI), Las Vegas, pp. 34–38 (2014)
Stallings, W.: Cryptography and Network Security. Prentice Hall, Upper Saddle River (2006)
Fernandez, B.T.F., Sreenath, C.N.: Burstification threat in optical burst switched networks. In: IEEE proceeding of International Conference on Communication and Signal Processing, pp.1666–1670 (2014)
Sreenath, N., Muthuraj, K., Sivasubramanian, P.: Secure optical internet: attack detection and prevention mechanism. In: IEEE, pp. 1009–1012 (2012)
Muthuraj, K., Sreenath, N.: Secure optical internet: an attack on OBS node in a TCP over OBS network. Int. J. Emerg. Trends Technol. Comput. Sci. 1(4), 75–80 (2012)
Devi, B.S.K., Preetha, G., Shalinie, S.M.: DDoS detection using host-network based metrics and mitigation in experimental testbed. In: IEEE International Conference on Recent Trends in Information Technology (ICRTIT), MIT, Anna University, Chennai, pp. 423–427 (2012)
Patil, R.Y., Ragha, L.: A rate limiting mechanism for defending against flooding based distributed denial of service attack. In: 2011 World Congress on Information and Communication Technologies (WICT), pp. 182–186. IEEE (2011)
Sharma, R., Kumar, K., Singh, K., Joshi, R.C.: Shared based rate limiting: an ISP level solution to deal DDoS attacks. In: 2006 Annual IEEE India Conference, pp. 1–6 (2006)
Patil, R.Y., Ragha, L.: A dynamic rate limiting mechanism for flooding based distributed denial of service attack. In: Fourth International Conference on Advances in Recent Technologies in Communication and Computing (ARTCom 2012), pp. 135–138. IET (2012)
Wang, F., Hu, X., Su, J.: Mutual-aid team: protect poor clients in rate-limiting-based DDoS defense. In: IEEE 14th International Conference on Communication Technology (ICCT), pp. 773–778 (2012)
Udhayan, J., Anitha, R.: Demystifying and rate limiting ICMP hosted DoS/DDoS flooding attacks with attack productivity analysis. In: IEEE International Advance Computing Conference, IACC 2009, pp. 558–564, March 2009
Savage, S., Wetherall, D., Karlin, A., Anderson, T.: Practical network support for IP traceback. In: Proceedings of ACM SIGCOMM 2000, Stockholm, Sweden, pp. 295–306, August 2000
Snoeren, A.C., Partridge, C., Sanchez, L.A., Jones, C.E., Tchakountio, F., Kent, S.T., Strayer, W.T.: Hash-based IP traceback. In: Proceedings of ACM SIGCOMM 2001, San Diego, CA, USA, pp. 3–14 (2001)
Gupta, B.B., Misra, M., Joshi, R.C.: An ISP level solution to combat DDoS attacks using combined statistical based approach. arXiv preprint arXiv:1203.2400 (2012)
Rajam, V.S., Selvaram, G., Kumar, M.P., Shalinie, S.M.: Autonomous system based traceback mechanism for DDoS attack. In: 2013 Fifth International Conference on Advanced Computing (ICoAC), pp. 164–171 (2013)
Kumar, K., Sangal, A.L., Bhandari, A.: Traceback techniques against DDOS attacks: a comprehensive review. In: 2011 2nd International Conference on Computer and Communication Technology (ICCCT), pp. 491–498 (2011)
Wei, J., Chen, K., Lian, Y.F., Dai, Y.X.: A novel vector edge sampling scheme for IP traceback against DDoS attacks. In: 2010 International Conference on Machine Learning and Cybernetics, vol. 6, pp. 2829–2832 (2010)
Utilization, HP TopTools for Hubs & Switches, Hewlett-Packard Company (1999). http://hp.com/rnd/device_help/help/hpwnd/webhelp/HPJ4093A/utilization.htm
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Rajab, A., Huang, CT., Al-Shargabi, M., Cobb, J. (2016). Countering Burst Header Packet Flooding Attack in Optical Burst Switching Network. In: Bao, F., Chen, L., Deng, R., Wang, G. (eds) Information Security Practice and Experience. ISPEC 2016. Lecture Notes in Computer Science(), vol 10060. Springer, Cham. https://doi.org/10.1007/978-3-319-49151-6_22
Download citation
DOI: https://doi.org/10.1007/978-3-319-49151-6_22
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-49150-9
Online ISBN: 978-3-319-49151-6
eBook Packages: Computer ScienceComputer Science (R0)