Shan-Hsiang Shen
Abstract
With growing services running in clouds, it is critical to defence the services from Distributed Denial of Service (DDoS) attacks. To this end, network traffic should be monitored to detect malicious traffic. Software-defined Networking (SDN) provides a flexible platform for the network monitoring and relies on a central controller to ask switches for traffic statistic to get a global traffic view for security. However, the control plane resources are limited in SDN in terms of controller capacity, network bandwidth, and switch performance. Thus, too much network monitoring will affect data plane traffic performance. To address this issue, we propose SDN-Monitor, which carefully selects switches to monitor to reduce the resource consumption. Moreover, SDN-Monitorre-routes network traffic to further reduce the number of monitored switches.With growing services running in clouds, it is critical to defence the services from Distributed Denial of Service (DDoS) attacks. To this end, network traffic should be monitored to detect malicious traffic. Software-defined Networking (SDN) provides a flexible platform for the network monitoring and relies on a central controller to ask switches for traffic statistic to get a global traffic view for security. However, the control plane resources are limited in SDN in terms of controller capacity, network bandwidth, and switch performance. Thus, too much network monitoring will affect data plane traffic performance. To address this issue, we propose SDN-Monitor, which carefully selects switches to monitor to reduce the resource consumption. Moreover, SDN-Monitorre-routes network traffic to further reduce the number of monitored switches.
- 2018. Akamai,state of the internet Q4 2017 security report, https://www.akamai.com/us/en/multimedia/documents/state-of-theinternet/ q4--2017-state-of-the-internet-security-report.pdf. (2018).Google Scholar
- 2018. OpenFlow Switch Specification Version 1.5.1 , https://www.opennetworking.org/wp-content/uploads/2014/10/openflowswitch- v1.5.1.pdf. (2018).Google Scholar
- Andrew R. Curtis, Jefferey C.Mogul, Jean Tourrilhes, Praveen Yalagandula, Puneet Sharma, and Sujata Banerjee. 2011. DevoFlow: Scaling Flow Management for High-performance Networks. In ACM SIGCOMM '11. 254--265. Google ScholarDigital Library
- Nick McKeown, Tom Anderson, Hari Balakrishnan, Guru Parulkar, Larry Peterson, Jennifer Rexford, Scott Shenker, and Jonathan Turner. 2008. OpenFlow: Enabling Innovation in Campus Networks. ACM SIGCOMM Computer Communication Review 38, 2 (March 2008), 69--74. Google ScholarDigital Library
Index Terms
- An Efficient Network Monitor for SDN Networks
Recommendations
Auto-Configuration of SDN Switches in SDN/Non-SDN Hybrid Network
AINTEC '15: Proceedings of the 11th Asian Internet Engineering ConferenceThis paper proposes an auto-configuration mechanism for a newly attached SDN (Software-defined Networking) switch and intermediate switches in an SDN/non-SDN hybrid network. Automation of initial configuration of SDN switches brings the benefit of ...
A roadmap for traffic engineering in SDN-OpenFlow networks
Software Defined Networking (SDN) is an emerging networking paradigm that separates the network control plane from the data forwarding plane with the promise to dramatically improve network resource utilization, simplify network management, reduce ...
Leveraging SDN for Efficient Anomaly Detection and Mitigation on Legacy Networks
EWSDN '14: Proceedings of the 2014 Third European Workshop on Software Defined NetworksIn this paper, we investigate the applicability of Software-Defined Networking (SDN), and specifically the use of the OpenFlow protocol as a means to enhance the legacy Remote Triggered Black-Hole (RTBH) routing approach, towards Distributed Denial of ...
Comments