Abstract
The integration of cloud computing with Software Defined Networking (SDN) addresses several challenges of a typical cloud infrastructure such as complex inter-networking, data collection, fast response, etc. Though SDN-based cloud opens new opportunities, the SDN controller may itself become vulnerable to several attacks. The unique features of SDN are used by the attackers to implement the severe Distributed Denial of Service (DDoS) attacks. Several approaches are available in literature to defend against the traditional DDoS flooding attacks in SDN-cloud. To elude the detection systems, attackers try to employ the cultivated attack strategies. Such sophisticated DDoS attack strategies are implemented by generating low-rate attack traffic. The most common type of Low-Rate DDoS (LR-DDoS) attack is the Shrew attack. The existing approaches are not capable to detect, mitigate, and traceback such attacks. Thus, this work discusses a new mechanism which not only detects and mitigates the shrew attack but traces back the location of the attack sources as well. The attack is detected using the information entropy variations, and the attack sources are traced-back using the deterministic packet marking scheme. The experiments are performed in a real SDN-cloud scenario, and the experimental results show that the approach requires 1 packet and 8.27 packets on an average to locate the bots and attackers respectively. The approach detects and traces back the attack sources in between 14.45 ms to 10.02 s and provides 97.6% accuracy.
Similar content being viewed by others
Change history
03 February 2021
The term ‘Mechanism’ in the article title was erroneously published as ‘Mechduanism’. The error has been corrected.
References
Agrawal, N., Tapaswi, S.: A proactive defense method for the stealthy EDoS attacks in a cloud environment. Int. J. Netw. Manag. 30, e2094 (2020). https://doi.org/10.1002/nem.2094
Jabbarifar, M., Shameli-Sendi, A., Kemme, B.: A scalable network-aware framework for cloud monitoring orchestration. J. Netw. Comput. Appl. 133, 1–14 (2019). https://doi.org/10.1016/j.jnca.2019.02.006
Yan, Q., Yu, F.R., Gong, Q., Li, J.: Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: a survey, some research issues, and challenges. IEEE Commun. Surv. Tutor. 18(1), 602–622 (2016). https://doi.org/10.1109/COMST.2015.2487361
Mousavi, S.M., St-Hilaire, M.: Early detection of DDoS attacks against software defined network controllers. J. Netw. Syst. Manag. 26(3), 573–591 (2018). https://doi.org/10.1007/s10922-017-9432-1
Jarraya, Y., Madi, T., Debbabi, M.: A survey and a layered taxonomy of software-defined networking. IEEE Commun. Surv. Tutor. 16(4), 1955–1980 (2014). https://doi.org/10.1109/COMST.2014.2320094
Sahay, R., Meng, W., Jensen, C.D.: The application of software defined networking on securing computer networks: a survey. J. Netw. Comput. Appl. 131, 89–108 (2019). https://doi.org/10.1016/j.jnca.2019.01.019
Yeganeh, S.H., Tootoonchian, A., Ganjali, Y.: On scalability of software-defined networking. IEEE Commun. Mag. 51(2), 136–141 (2013). https://doi.org/10.1109/MCOM.2013.6461198
Banikazemi, M., Olshefski, D., Shaikh, A., Tracey, J., Wang, G.: Meridian: an SDN platform for cloud network services. IEEE Commun. Mag. 51(2), 120–127 (2013). https://doi.org/10.1109/MCOM.2013.6461196
Mayoral, A., Vilalta, R., Munoz, R., Casellas, R., Martínez, R.: SDN orchestration architectures and their integration with cloud computing applications. Opt. Switch. Netw. 26, 2–13 (2017). https://doi.org/10.1016/j.osn.2015.09.007
Conti, M., Lal, C., Mohammadi, R., Rawat, U.: Lightweight solutions to counter DDoS attacks in software defined networking. Wirel. Netw. 25(5), 2751–2768 (2019). https://doi.org/10.1007/s11276-019-01991-y
Agrawal, N., Tapaswi, S.: Detection of low-rate cloud DDoS attacks in frequency domain using fast hartley transform. Wirel. Pers. Commun. 112, 1762 (2010). https://doi.org/10.1007/s11277-020-07125-4
Agrawal, N., Tapaswi, S.: Defense mechanisms against DDoS attacks in a cloud computing environment: state-of-the-art and research challenges. IEEE Commun. Surv. Tutor. 21(4), 1–27 (2019). https://doi.org/10.1109/COMST.2019.2934468
Dong, S., Abbas, K., Jain, R.: A survey on distributed denial of service (DDoS) attacks in SDN and cloud computing environments. IEEE Access. 7, 80813–80828 (2019). https://doi.org/10.1109/ACCESS.2019.2922196
Cambiaso, E., Papaleo, G., Aiello, M.: Slowcomm: design, development and performance evaluation of a new slow DoS attack. J. Inf. Secur. Appl. 35, 23–31 (2017). https://doi.org/10.1016/j.jisa.2017.05.005
Agrawal, N., Tapaswi, S.: Low rate cloud ddos attack defense method based on power spectral density analysis. Inf. Process. Lett. 138, 44–50 (2018). https://doi.org/10.1016/j.ipl.2018.06.001
Hong, K., Kim, Y., Choi, H., Park, J.: SDN-assisted slow HTTP DDoS attack defense method. IEEE Commun. Lett. 22(4), 688–691 (2017). https://doi.org/10.1109/LCOMM.2017.2766636
Perez-Diaz, J.A., Valdovinos, I.A., Choo, K.K.R., Zhu, D.: A flexible SDN-based architecture for identifying and mitigating low-rate DDoS attacks using machine learning. IEEE Access 8, 155859–155872 (2020). https://doi.org/10.1109/ACCESS.2020.3019330
Luo, J., Yang, X., Wang, J., Xu, J., Sun, J., Long, K.: On a mathematical model for Low-Rate Shrew DDoS. IEEE Trans. Inf. Forensics Secur. 9(7), 1069–1083 (2014). https://doi.org/10.1109/TIFS.2014.2321034
Xie, R., Xu, M., Cao, J., Li, Q.: SoftGuard: defend against the low-rate TCP attack in SDN. In: Proceedings of the IEEE International Conference on Communications (ICC), pp. 1–6, Shanghai, China, (2019). https://doi.org/10.1109/ICC.2019.8761806
Somani, G., Gaur, M.S., Sanghi, D., Conti, M., Rajarajan, M., Buyya, R.: Combating DDoS attacks in the cloud: requirements, trends, and future directions. IEEE Cloud Comput. 4(1), 22–32 (2017). https://doi.org/10.1109/MCC.2017.14
Agrawal, N., Tapaswi, S.: A lightweight approach to detect the low/high rate IP spoofed cloud DDoS attacks. In: Proceedings of the of IEEE \(7^{th}\) International Symposium on Cloud and Service Computing (SC2), pp. 118–123 (2017). https://doi.org/10.1109/SC2.2017.25
Dong, P., Du, X., Zhang, H., Xu, T.: A detection method for a novel DDoS attack against SDN controllers by vast new low-traffic flows. In: Proceedings of the IEEE International Conference on Communications (ICC), pp. 1-6, Kuala Lumpur, Malaysia (2016). https://doi.org/10.1109/ICC.2016.7510992
Agrawal, N., Tapaswi, S.: Defense schemes for variants of distributed-denial-of-service (DDoS) attacks in cloud computing: a survey. Inf. Secur. J. 26(2), 61–73 (2017). https://doi.org/10.1080/19393555.2017.1282995
Singh, M.P., Bhandari, A.: New-flow based DDoS attacks in SDN: taxonomy, rationales, and research challenges. Comput. Commun. 154, 509–527 (2020). https://doi.org/10.1016/j.comcom.2020.02.085
Yan, Q., Yu, F.R.: Distributed denial of service attacks in software-defined networking with cloud computing. IEEE Commun. Mag. 53(4), 52–59 (2015). https://doi.org/10.1109/MCOM.2015.7081075
Fouladi, R.F., Ermiş, O., Anarim, E.: A DDoS attack detection and defense scheme using time-series analysis for SDN. J. Inf. Secur. Appl. 54, 102587 (2020). https://doi.org/10.1016/j.jisa.2020.102587
Xing, T., Huang, D., Xu, L., Chung, C.J., Khatkar, P.: Snortflow: a openflow-based intrusion prevention system in cloud environment. In: Proceedings of the of IEEE \(2^{nd}\) GENI Research and Educational Experiment Workshop (GREE), pp. 89–92. (2013). https://doi.org/10.1109/GREE.2013.25
Chen, Z., Jiang, F., Cheng, Y., Gu, X., Liu, W., Peng, J.: XGBoost classifier for DDoS attack detection and analysis in SDN-based cloud. In: Proceedings of the IEEE International Conference on Big Data and Smart Computing (BigComp), pp. 251–256. (2018). https://doi.org/10.1109/BigComp.2018.00044
Zhu, L., Tang, X., Shen, M., Du, X., Guizani, M.: Privacy-preserving DDoS attack detection using cross-domain traffic in software defined networks. IEEE J. Sel. Areas Commun. 36(3), 628–643 (2018). https://doi.org/10.1109/JSAC.2018.2815442
Zheng, J., Li, Q., Gu, G., Cao, J., Yau, D.K., Wu, J.: Realtime DDoS defense using COTS SDN switches via adaptive correlation analysis. IEEE Trans. Inf. Forensics Secur. 13(7), 1838–1853 (2018). https://doi.org/10.1109/TIFS.2018.2805600
Wang, R., Jia, Z., Ju, L.: An entropy-based distributed DDoS detection mechanism in software-defined networking. In: Proceedings of the IEEE Trustcom/BigDataSE/ISPA, pp. 310–317. (2015). https://doi.org/10.1109/Trustcom.2015.389
Sahay, R., Blanc, G., Zhang, Z., Debar, H.: ArOMA: an SDN based autonomic DDoS mitigation framework. Comput. Secur. 70, 482–499 (2017). https://doi.org/10.1016/j.cose.2017.07.008
Chesla, A., Doron, E.: Techniques for traffic diversion in software defined networks for mitigating denial of service attacks. United States patent application US 14/728,405 (2016)
Wang, B., Zheng, Y., Lou, W., Hou, Y.T.: DDoS attack protection in the era of cloud computing and software-defined networking. Comput. Netw. 81, 308–319 (2015). https://doi.org/10.1016/j.comnet.2015.02.026
Buragohain, C., Medhi, N.: FlowTrApp: an SDN based architecture for DDoS attack detection and mitigation in data centers. In: Proceedings of the IEEE \(3^{rd}\) International Conference on Signal Processing and Integrated Networks (SPIN), pp. 519–524. (2016). https://doi.org/10.1109/SPIN.2016.7566750
Singh, K., Singh, P., Kumar, K.: A systematic review of IP traceback schemes for denial of service attacks. Comput. Secur. 56, 111–139 (2016). https://doi.org/10.1016/j.cose.2015.06.007
Zhang, H., Reich, J., Rexford, J.: Packet Traceback for Software-Defined Networks, pp. 1–7. Princeton University Press, Princeton (2015)
Belenky, A., Ansari, N.: IP traceback with deterministic packet marking. IEEE Commun. Lett. 7(4), 162–164 (2003). https://doi.org/10.1109/LCOMM.2003.811200
Francois, J., Festor, O.: Anomaly traceback using software defined networking. In: Proceedings of the IEEE International Workshop on Information Forensics and Security (WIFS), pp. 203–208. (2014). https://doi.org/10.1109/WIFS.2014.7084328
Savage, S., Wetherall, D., Karlin, A., Anderson, T.: Network support for IP traceback. IEEE/ACM Trans. Netw. 9(3), 226–237 (2001). https://doi.org/10.1109/90.929847
Belenky, A., Ansari, N.: On deterministic packet marking. Comput. Netw. 51(10), 2677–2700 (2007). https://doi.org/10.1016/j.comnet.2006.11.020
Rajam, V.S., Shalinie, S.M.: A novel traceback algorithm for DDoS attack with marking scheme for online system. In: Proceedings of the IEEE International Conference on Recent Trends In Information Technology (ICRTIT), pp. 407–412. (2012). https://doi.org/10.1109/ICRTIT.2012.6206751
Jin, G., Yang, J.: Deterministic packet marking based on redundant decomposition for IP traceback. IEEE Commun. Lett. 10(3), 204–206 (2006). https://doi.org/10.1109/LCOMM.2006.1603385
Yu, S., Zhou, W., Guo, S., Guo, M.: A feasible IP traceback framework through dynamic deterministic packet marking. IEEE Trans. Comput. 65(5), 1418–1427 (2016). https://doi.org/10.1109/TC.2015.2439287
Xiang, Y., Zhou, W., Guo, M.: Flexible deterministic packet marking: an IP traceback system to find the real source of attacks. IEEE Trans. Parallel Distrib. Syst. 20(4), 567–580 (2009). https://doi.org/10.1109/TPDS.2008.132
Patel, H., Jinwala, D.C.: LPM: a lightweight authenticated packet marking approach for IP traceback. Comput. Netw. 140, 41–50 (2018). https://doi.org/10.1016/j.comnet.2018.04.014
Goodrich, M.T.: Probabilistic packet marking for large-scale IP traceback. IEEE/ACM Trans. Netw. 16(1), 15–24 (2008). https://doi.org/10.1109/TNET.2007.910594
Nur, A.Y., Tozal, M.E.: Record route IP traceback: combating DoS attacks and the variants. Comput. Secur. 72, 13–25 (2018). https://doi.org/10.1016/j.cose.2017.08.012
Hoque, N., Bhattacharyya, D.K., Kalita, J.K.: Botnet in DDoS attacks: trends and challenges. IEEE Commun. Surv. Tutor. 17(4), 2242–2270 (2015). https://doi.org/10.1109/COMST.2015.2457491
Xiang, Y., Li, K., Zhou, W.: Low-rate DDoS attacks detection and traceback by using new information metrics. IEEE Trans. Inf. Forensics Secur. 6(2), 426–437 (2011). https://doi.org/10.1109/TIFS.2011.2107320
Sahoo, K.S., Puthal, D., Tiwary, M., Rodrigues, J.J., Sahoo, B., Dash, R.: An early detection of low rate DDoS attack to SDN based data center networks using information distance metrics. Future Gener. Comput. Syst. 89, 685–697 (2018)
Chen, Y., Hwang, K., Kwok, Y.K.: Collaborative defense against periodic shrew DDoS attacks in frequency domain. ACM Trans Inf. Syst. Secur. (TISSEC) 66(9), 1–30 (2005). https://doi.org/10.1016/j.jpdc.2006.04.007
Amazon Web Services. https://aws.amazon.com/documentation/
Mininet. http://mininet.org/
FlowVisor OpenFlow Controller. https://github.com/OPENNETWORKINGLAB/flowvisor/wiki
OpenDayLight SDN Controller. https://docs.opendaylight.org/en/stable-oxygen/getting-started-guide/introduction.html
Low Orbit Ion Canon. https://github.com/NewEraCracker/LOIC
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Agrawal, N., Tapaswi, S. An SDN-Assisted Defense Mechanism for the Shrew DDoS Attack in a Cloud Computing Environment. J Netw Syst Manage 29, 12 (2021). https://doi.org/10.1007/s10922-020-09580-7
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10922-020-09580-7