Mitigating DDoS Attacks Using OpenFlow-Based Software Defined Networking
نویسندگان
چکیده
Over the last years, Distributed Denial-of-Service (DDoS) attacks have become an increasing threat on the Internet, with recent attacks reaching traffic volumes of up to 500 Gbps. To make matters worse, web-based facilities that offer “DDoS-as-a-service” (i.e., Booters) allow for the layman to launch attacks in the order of tens of Gbps in exchange for only a few euros. A recent development in networking is the principle of Software Defined Networking (SDN), and related technologies such as OpenFlow. In SDN, the control plane and data plane of the network are decoupled. This has several advantages, such as centralized control over forwarding decisions, dynamic updating of forwarding rules, and easier and more flexible network configuration. Given these advantages, we expect SDN to be well-suited for DDoS attack mitigation. Typical mitigation solutions, however, are not built using SDN. In this paper we propose to design and to develop an OpenFlow-based mitigation architecture for DDoS attacks. The research involves looking at the applicability of OpenFlow, as well as studying existing solutions built on other technologies. The research is as yet in its beginning phase and will contribute towards a Ph.D. thesis after four years.
منابع مشابه
Bohatei: Flexible and Elastic DDoS Defense
DDoS defense today relies on expensive and proprietary hardware appliances deployed at fixed locations. This introduces key limitations with respect to flexibility (e.g., complex routing to get traffic to these “chokepoints”) and elasticity in handling changing attack patterns. We observe an opportunity to address these limitations using new networking paradigms such as softwaredefined networki...
متن کاملMitigating High-Rate Application Layer DDoS Attacks in Software Defined Networks
Differently from previous attacks, many recent DDoS attacks have not been carried out over the network layer, but over the application layer. The main difference is that in the latter, an attacker can target a particular application of the server, while leaving the remaining applications still available, thus generating less traffic and being harder to detect. Recently, we have proposed the use...
متن کاملSoftware-Defined Networking with DDoS Attacks in Cloud Computing
Although software-defined networking (SDN) brings numerous benefits by decoupling the control plane from the data plane, there is a contradictory relationship between SDN and distributed denial-of-service (DDoS) attacks. On one hand, the capabilities of SDN make it easy to detect and to react to DDoS attacks. On the other hand, the separation of the control plane from the data plane of SDN intr...
متن کاملTowards Autonomic DDoS Mitigation using Software Defined Networking
Distributed Denial of Service attacks (DDoS) have remained as one of the most destructive attacks in the Internet for over two decades. Despite tremendous efforts on the design of DDoS defense strategies, few of them have been considered for widespread deployment due to strong design assumptions on the Internet infrastructure, prohibitive operational costs and complexity. Recently, the emergenc...
متن کاملVulnerability Bandwidth Depletion Attack on Distributed Cloud Computing Network: A QoS Perspective
A previous work on Airport Information Resource Management System (AIRMS) established that sophisticated attacks in the form of Denial of Service (DoS), Distributed DoS (DDoS), and related attacks are becoming the most effective schemes used by cyber terrorists on such enterprise systems. Similarly, a novel Smart Green Energy Management Distributed Cloud Computing Network (SGEM-DCCN) was develo...
متن کامل