Skip to main content

Advertisement

Springer Nature Link
Log in

Discriminate, locate and mitigate DDoS traffic in presence of Flash Crowd in Software Defined Network

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

Discrimination of Flash crowd and Distributed Denial of Service (DDoS) traffic has been addressed already in legacy network and Software Defined Network (SDN), and remains a challenging task. The nature of Flash crowd and DDoS traffic is similar and becomes more complex to identify when DDoS traffic is generated from legitimate IPs of compromised hosts. Mostly, the works available in the literature are based on Entropy or Machine Learning or Deep Learning techniques to address this complex problem. The accuracy of these techniques depend on features available in datasets, which may vary from network to network. In this paper, our contribution is to devise a model based on behavior and techniques used by attackers to generate Multi-Destination (MD) DDoS traffic targeting SDN controllers. The novelty of the proposed model is to detect, locate, and mitigate MD spoof source IP/MAC and also contribute to defending malicious traffic generated using legitimate IP/MAC addresses.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Similar content being viewed by others

References

  1. Gorkemli B, Parlakisik AM, Civanlar S, Ulas A, Tekalp AM (2016) Dynamic management of control plane performance in software-defined networks. In: Proceedings of the IEEE NetSoft Conference and Workshops, Seoul, South Korea, pp 68–72

  2. Mohammadi R, Javidan R (2016) An adaptive type-2 fuzzy traffic engineering method for video surveillance systems over software defined networks. Multimed Tools Appl 76:1–16

    Google Scholar 

  3. Kreutz D, Ramos FMV, Veríssimo PE, Rothenberg C, Azodolmolky S, Uhlig S (2015) Software-defined networking: a comprehensive survey. Proc IEEE 103(1):14–76

    Article  Google Scholar 

  4. Agarwal S, Kodialam M, Lakshman (2013) Traffic engineering in software defined networks. In: Proceedings IEEE INFOCOM, Italy, pp 2211–2219

  5. Open Networking Foundation. http://www.opennetworking.org. Accessed: Nov 2019

  6. Mittal A, Shrivastava A, Manoria M (2011) A review of DDOS attack and its countermeasures in TCP based networks. Int J Comput Sci Eng Surv (IJCSES) 2:177

    Article  Google Scholar 

  7. Ramadhan G, Kurniawan Y, Kim C (2016) Design of TCP SYN Flood DDoS attack detection using artificial immune systems. In: IEEE International Conference on System Engineering and Technology, Indonesia.

  8. Hu F, Hao Q, Bao K (2014) A survey on software-defined network and openflow: from concept to implementation. IEEE Commun Surv Tutor 16:2181–2206

    Article  Google Scholar 

  9. Conti M, Lal C, Mohammadi R, Rawat U (2019) Lightweight solutions to counter DDoS attacks in software defined networking. Wirel Netw J 25:2751–2768

    Article  Google Scholar 

  10. Wang R, Jia Z, Ju L (2015) An entropy-based distributed DDoS detection mechanism in software-defined networking. In: IEEE Trustcom

  11. Nanda S, Zafari F, DeCusatis C, Wedaa E, Yang B (2016) Predicting network attack patterns in SDN using machine learning approach. In: IEEE Conference on Network Function Virtualization and Software Defined Networks, CA, USA

  12. Zhang J, Qin Z, Ou L, Jiang P, Liu J, Liu A (2010) An advanced entropy-based DDOS detection scheme. In: International Conference on Information, Networking and Automation, China

  13. Sharma S, Sahu S, Jena S (2015) On selection of attributes for entropy based detection of DDoS. In: International Conference on Advances in Computing Communications and Informatics, India

  14. Ujjan R, Pervez Z, Dahal K, Bashir A, Mumtaz R, Gonzalez J (2020) Towards sFlow and adaptive polling sampling for deep learning based DDoS detection in SDN. Future Gener Comput Syst 111:763–779

    Article  Google Scholar 

  15. Fernandes G, Rodrigues JJ, Carvalho LF, Al-Muhtadi JF, Proença ML (2019) A comprehensive survey on network anomaly detection. Telecommun Syst 70(3):447–489

    Article  Google Scholar 

  16. Braga R, Mota E, Passito A (2010) Lightweight DDoS flooding attack detection using NOX/OpenFlow. In: Proceedings on IEEE Local Computer Network Conference, pp 408–415

  17. Chin T, Mountrouidou X, Li X, Xiong K (2015) Selective packet inspection to detect DoS flooding using software defined networking. In: Proceedings on IEEE 35th International Conference on Distributed Computing Systems Workshops, Columbus, OH, USA, pp 95–99

  18. Shin S, Yegneswaran V, Porras P, Gu G (2013) AVANT-GUARD: scalable and vigilant switch flow management in software-defined networks. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, Berlin, Germany, pp. 413–424.

  19. Nugraha M, Paramita I, Musa A, Choi D, Cho B (2014) Utilizing openflow and sFlow to detect and mitigate SYN flooding attack. J Korea Multimed Soc 17(8):988–994

    Article  Google Scholar 

  20. Wang H, Xu L, Gu G (2015) Floodguard: a DoS attack prevention extension in software-defined networks. In: Proceedings on 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, Rio de Janeiro, Brazil, pp 239–250

  21. Dhawan M, Poddar R, Mahajan K, Mann V (2015) Sphinx: detecting security attacks in software-defined networks. In: Proceedings on NDSS, San Diego, CA, USA

  22. Fichera S, Galluccio L, Grancagnolo SC, Morabito G, Palazzo S (2015) OPERETTA: an openflow-based remedy to mitigate TCP SYN FLOOD attacks against web servers. Comput Netw 92(1):89–100

    Article  Google Scholar 

  23. Kumar P, Tripathi M, Nehra A, Conti M, Lal C (2018) SAFETY: Early detection and mitigation of TCPSYN flood utilizing entropy in SDN. IEEE Trans 15(4):1545–1559

    Google Scholar 

  24. David J, Thomas C (2021) Discriminating flash crowds from DDoS attacks using efficient thresholding algorithm. J Parallel Distrib Comput 152:79–87

    Article  Google Scholar 

  25. Dehkordi A, Soltanaghaei M, Boroujeni F (2021) The DDoS attacks detection through machine learning and statistical methods in SDN. J Supercomput 77:2383–2415

    Article  Google Scholar 

  26. Ahuja N, Singal G, Mukhopadhyay D, Kumar N (2021) Automated DDOS attack detection in software defined networking. J Netw Comput Appl 187:103108

    Article  Google Scholar 

  27. Mininet. http://www.mininet.org/. accessed March 2021

  28. POX. https://openflow.stanford.edu/display/ONL/POX. Accessed April 2021

  29. Pfaff B, Lantz B, Heller B (2012) Openflow switch specification. Version 1.3. 0, Open Networking Foundation

  30. Oswald A (2017) Setting up the environment in software-defined networking with OpenFlow. Chapter 5, 2nd edn. Packt Publishing, Peters, Birmingham, pp 1667–1823

    Google Scholar 

  31. Kalkan K, Gur G, Alagoz F (2017) SDNScore: a statistical defense mechanism against DDoS attacks in SDN environment. In: IEEE Symposium on Computers and Communications, Greece

  32. Mousavi M, Hilaire M (2016) Early detection of DDoS attacks against SDN controllers. In: IEEE International Conference on Computing, Networking and Communications

  33. Garcia L, Villa A (2014) Distributed denial of service attacks defenses and OpenFlow: implementing denial-of-service defense mechanisms with software defined networking

  34. Dong P, Du X, Zhang H, Xu T (2016) A detection method for a novel DDoS attack against SDN controllers by vast new low-traffic flows. In: IEEE International Conference on Communications, pp 1–6

Download references

Author information

Authors and Affiliations

  1. Raja Ramanna Centre for Advanced Technology, Indore-13, India

    Jitendra Patil, Alpana Rajan & Anil Rawat

  2. Institute of Engineering and Technology, Devi Ahilya Vishwavidyalaya, Indore-17, India

    Vrinda Tokekar

Authors
  1. Jitendra Patil
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Vrinda Tokekar
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. Alpana Rajan
    View author publications

    You can also search for this author inPubMed Google Scholar

  4. Anil Rawat
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to Jitendra Patil.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Patil, J., Tokekar, V., Rajan, A. et al. Discriminate, locate and mitigate DDoS traffic in presence of Flash Crowd in Software Defined Network. J Supercomput 78, 16770–16793 (2022). https://doi.org/10.1007/s11227-022-04538-9

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-022-04538-9

Keywords