Skip to main content
SpringerLink
Log in
Book cover

International Conference on Information Security Practice and Experience

ISPEC 2016: Information Security Practice and Experience pp 315–329Cite as

Countering Burst Header Packet Flooding Attack in Optical Burst Switching Network

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10060))

Abstract

Optical burst switching (OBS) network is a promising switching technology for building the next-generation of Internet backbone infrastructure. It works by assembling UDP packets and sending a burst header packet (BHP) in order to reserve the required network resources along the path before sending the corresponding data burst. If a source node (ingress) gets compromised by an attacker and floods the network with only BHPs to reserve resources without sending actual data, a denial of service attack can occur. In this paper, we propose and develop a new security model that can be embedded into an OBS core switch architecture to prevent BHP flooding attacks. The countermeasure security model allows the OBS core switch to classify the ingress nodes based on their behavior and the amount of reserved resources that are not being utilized. A malicious node that causes BHP flooding attack will be blocked by the developed model until the risk disappears. The security model is implemented, tested and verified using a modified NCTUns network simulator. The analysis conducted reveals that our proposed model is effective in countering BHP flooding attacks as well as in providing the network resources to the legitimate nodes.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Chatterjee, S., Pawlowski, S.: All-optical networks. Commun. ACM 42, 74–83 (1999)

    Article  Google Scholar 

  2. Chen, Y., Verma, P.K.: Secure optical burst switching: framework and research directions. IEEE Commun. Mag. 46(8), 40–45 (2008)

    Article  Google Scholar 

  3. Qiao, C., Yoo, M.: Optical burst switching (OBS) - a new paradigm for an optical Internet. J. High Speed Netw. 8(1), 69–84 (1999)

    Google Scholar 

  4. Turner, J.: Terabit burst switching. J. High Speed Netw. 8, 3–16 (1999)

    Google Scholar 

  5. Jue, J.P., Vokkarane, V.M.: Optical Burst Switched Networks. Springer, Berlin (2006)

    MATH  Google Scholar 

  6. Blumenthal, D.J., Prucnal, P.R., Sauer, J.R.: Photonic packet switches: architectures and experimental implementations. Proc. IEEE 82, 1650–1667 (1994)

    Article  Google Scholar 

  7. Chang, G.-K., Ellinas, G., Meagher, B., Xin, W., Yoo, S.J., Iqbal, M.Z., Way, W., Young, J., Dai, H., Chen, Y.J., Lee, C.D., Yang, X., Chowdhury, A., Chen, S.: Low latency packet forwarding in IP over WDM networks using optical label switching techniques. In: IEEE LEOS 1999 Annual Meeting, pp. 17–18 (1999)

    Google Scholar 

  8. Sreenath, N., Muthuraj, K., Kuzhandaivelu, G.V.: Threats and vulnerabilities on TCP/OBS networks. In: Proceedings of the International Conference on Computer Communication and Informatics (ICCCI 2012), pp. 1–5 (2012)

    Google Scholar 

  9. Sliti, M., Hamdi, M., Boudriga, N.: A novel optical firewall architecture for burst switched networks. In: Proceedings of 12th International Conference on Transparent Optical Networks (ICTON), pp. 1–5 (2010)

    Google Scholar 

  10. Sliti, M., Boudriga, N.: BHP flooding vulnerability and countermeasure. Photonic Netw. Commun. 29(2), 198–213 (2015)

    Article  Google Scholar 

  11. Eddy W.: TCP SYN Flooding Attacks and Common Mitigations. RFC 4987 (2007)

    Google Scholar 

  12. Chen, Y., Verma, P.K., Kak, S.: Embedded security framework for integrated classical and quantum cryptography services in optical burst switching networks. Secur. Commun. Netw. 2(6), 546–554 (2009)

    Google Scholar 

  13. Chouhan, S.S., Sharma, S.: Identification of current attacks and their counter measures in optical burst switched (OBS) network. Int. J. Adv. Comput. Res. 2(1), 2249–7277 (2012)

    Google Scholar 

  14. Kahate, A.: Cryptography and Network Security, 2nd edn. McGraw-Hill, New York (2008)

    Google Scholar 

  15. Yuan, S., Stewart, D.: Protection of optical networks against inter-channel eavesdropping and jamming attacks. In: Proceedings of International Conference on Computational Science and Computational Intelligence (CSCI), Las Vegas, pp. 34–38 (2014)

    Google Scholar 

  16. Stallings, W.: Cryptography and Network Security. Prentice Hall, Upper Saddle River (2006)

    Google Scholar 

  17. Fernandez, B.T.F., Sreenath, C.N.: Burstification threat in optical burst switched networks. In: IEEE proceeding of International Conference on Communication and Signal Processing, pp.1666–1670 (2014)

    Google Scholar 

  18. Sreenath, N., Muthuraj, K., Sivasubramanian, P.: Secure optical internet: attack detection and prevention mechanism. In: IEEE, pp. 1009–1012 (2012)

    Google Scholar 

  19. Muthuraj, K., Sreenath, N.: Secure optical internet: an attack on OBS node in a TCP over OBS network. Int. J. Emerg. Trends Technol. Comput. Sci. 1(4), 75–80 (2012)

    Google Scholar 

  20. Devi, B.S.K., Preetha, G., Shalinie, S.M.: DDoS detection using host-network based metrics and mitigation in experimental testbed. In: IEEE International Conference on Recent Trends in Information Technology (ICRTIT), MIT, Anna University, Chennai, pp. 423–427 (2012)

    Google Scholar 

  21. Patil, R.Y., Ragha, L.: A rate limiting mechanism for defending against flooding based distributed denial of service attack. In: 2011 World Congress on Information and Communication Technologies (WICT), pp. 182–186. IEEE (2011)

    Google Scholar 

  22. Sharma, R., Kumar, K., Singh, K., Joshi, R.C.: Shared based rate limiting: an ISP level solution to deal DDoS attacks. In: 2006 Annual IEEE India Conference, pp. 1–6 (2006)

    Google Scholar 

  23. Patil, R.Y., Ragha, L.: A dynamic rate limiting mechanism for flooding based distributed denial of service attack. In: Fourth International Conference on Advances in Recent Technologies in Communication and Computing (ARTCom 2012), pp. 135–138. IET (2012)

    Google Scholar 

  24. Wang, F., Hu, X., Su, J.: Mutual-aid team: protect poor clients in rate-limiting-based DDoS defense. In: IEEE 14th International Conference on Communication Technology (ICCT), pp. 773–778 (2012)

    Google Scholar 

  25. Udhayan, J., Anitha, R.: Demystifying and rate limiting ICMP hosted DoS/DDoS flooding attacks with attack productivity analysis. In: IEEE International Advance Computing Conference, IACC 2009, pp. 558–564, March 2009

    Google Scholar 

  26. Savage, S., Wetherall, D., Karlin, A., Anderson, T.: Practical network support for IP traceback. In: Proceedings of ACM SIGCOMM 2000, Stockholm, Sweden, pp. 295–306, August 2000

    Google Scholar 

  27. Snoeren, A.C., Partridge, C., Sanchez, L.A., Jones, C.E., Tchakountio, F., Kent, S.T., Strayer, W.T.: Hash-based IP traceback. In: Proceedings of ACM SIGCOMM 2001, San Diego, CA, USA, pp. 3–14 (2001)

    Google Scholar 

  28. Gupta, B.B., Misra, M., Joshi, R.C.: An ISP level solution to combat DDoS attacks using combined statistical based approach. arXiv preprint arXiv:1203.2400 (2012)

  29. Rajam, V.S., Selvaram, G., Kumar, M.P., Shalinie, S.M.: Autonomous system based traceback mechanism for DDoS attack. In: 2013 Fifth International Conference on Advanced Computing (ICoAC), pp. 164–171 (2013)

    Google Scholar 

  30. Kumar, K., Sangal, A.L., Bhandari, A.: Traceback techniques against DDOS attacks: a comprehensive review. In: 2011 2nd International Conference on Computer and Communication Technology (ICCCT), pp. 491–498 (2011)

    Google Scholar 

  31. Wei, J., Chen, K., Lian, Y.F., Dai, Y.X.: A novel vector edge sampling scheme for IP traceback against DDoS attacks. In: 2010 International Conference on Machine Learning and Cybernetics, vol. 6, pp. 2829–2832 (2010)

    Google Scholar 

  32. http://nsl.csie.nctu.edu.tw/nctuns.html

  33. Utilization, HP TopTools for Hubs & Switches, Hewlett-Packard Company (1999). http://hp.com/rnd/device_help/help/hpwnd/webhelp/HPJ4093A/utilization.htm

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, University of South Carolina, Columbia, SC, 29208, USA

    Adel Rajab & Chin-Tser Huang

  2. College of Computer Science and Information System, Najran University, Najran, 1988, Kingdom of Saudi Arabia

    Mohammed Al-Shargabi

  3. Department of Computer Science, University of Texas, Dallas, TX, 75080, USA

    Jorge Cobb

Authors
  1. Adel Rajab
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chin-Tser Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mohammed Al-Shargabi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jorge Cobb
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Chin-Tser Huang .

Editor information

Editors and Affiliations

  1. Huawei International, Singapore, Singapore

    Feng Bao

  2. University of Surrey, Guilford, Surrey, United Kingdom

    Liqun Chen

  3. Singapore Management University, Singapore, Singapore

    Robert H. Deng

  4. Guangzhou University, Guangzhou, Guangdong, China

    Guojun Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

Rajab, A., Huang, CT., Al-Shargabi, M., Cobb, J. (2016). Countering Burst Header Packet Flooding Attack in Optical Burst Switching Network. In: Bao, F., Chen, L., Deng, R., Wang, G. (eds) Information Security Practice and Experience. ISPEC 2016. Lecture Notes in Computer Science(), vol 10060. Springer, Cham. https://doi.org/10.1007/978-3-319-49151-6_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-49151-6_22

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-49150-9

  • Online ISBN: 978-3-319-49151-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation