Detecting and mitigating denial of service attacks against the data plane in software defined networks

Durner, Raphael; Lorenz, Claas; Wiedemann, Michael; Kellerer, Wolfgang

doi:10.1109/netsoft.2017.8004229

Cited by 23 publications

(32 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The results show that proposed method performs effectively by reducing the attack rate. [68] introduced DoS attacks against data plane and their effects in SDN. Authors proposed a statistical approach to detect attacks and a lightweight mitigation method to stop the malicious flows.…”

Section: Defense Against Attack On Data Planementioning

confidence: 99%

Software-defined Networking-based DDoS Defense Mechanisms

2019

View full text Add to dashboard Cite

Distributed Denial of Service attack (DDoS) is recognized to be one of the most catastrophic attacks against various digital communication entities. Software-defined networking (SDN) is an emerging technology for computer networks that uses open protocols for controlling switches and routers placed at the network edges by using specialized open programmable interfaces. In this article, a detailed study on DDoS threats prevalent in SDN is presented. First, SDN features are examined from the perspective of security, and then a discussion on SDN security features is done. Further, two viewpoints on protecting networks against DDoS attacks are presented. In the first view, SDN utilizes its abilities to secure conventional networks. In the second view, SDN may become a victim of the threat itself because of the centralized control mechanism. The main focus of this research work is on discovering critical security implications in SDN while reviewing the current ongoing research studies. By emphasizing the available state-of-the-art techniques, an extensive review of the advancement of SDN security is provided to the research and IT communities.

show abstract

Section: Defense Against Attack On Data Planementioning

confidence: 99%

Software-defined Networking-based DDoS Defense Mechanisms

2019

View full text Add to dashboard Cite

show abstract

“…But, data plane is equally vulnerable. In [4] separation of the planes in SDN network introduces new network security issues. SDN processes in two modes: proactive and reactive.…”

Section: Literature Surveymentioning

confidence: 99%

“…A countermeasure to check the severity of these DoS attacks is use of extended table size. To deal with the threat [4] states countermeasures like specific detection mechanism on data plane, light weighted measure to stop flow attack is a novel way of evaluating the analytic means and simulation. In [5] machine learning algorithms are used for monitoring and detection of the malicious actions in SDN data plane Statistics and features of the network traffic are generated and a network workload test data is required.…”

Section: Literature Surveymentioning

confidence: 99%

Proposed approach to detect distributed denial of service attacks in software defined network using machine learning algorithms

Banerjee¹,

Chakraborty²,

2018

IJET

View full text Add to dashboard Cite

SDN (Software Defined Network) is rapidly gaining importance of 'programmable network' infrastructure. The SDN architecture separates the Data plane (forwarding devices) and Control plane (controller of the SDN). This makes it easy to deploy new versions to the infrastructure and provides straightforward network virtualization. Distributed Denial-of-Service attack is a major cyber security threat to the SDN. It is equally vulnerable to both data plane and control plane. In this paper, machine learning algorithms such as Naïve Bayesian, KNN, K Means, K-Medoids, Linear Regression, use to classify the incoming traffic as usual or unusual. Above mentioned algorithms are measured using the two metrics: accuracy and detection rate. The best fit algorithm is applied to implement the signature IDS which forms the module 1 of the proposed IDS. Second Module uses open connections to state the exact node which is an attacker and to block that particular IP address by placing it in Access Control List (ACL), thus increasing the processing speed of SDN as a whole.

show abstract

“…Machine learning based defense mechanismsRochak Swami, Mayank Dave, and Virender Ranga Durner et al[68] introduced DoS attacks against data plane and their effects in SDN. Authors proposed a statistical approach to detect attacks and a lightweight mitigation method to stop the malicious flows.…”

mentioning

confidence: 99%

Software-defined Networking Based DDoS Defense Mechanisms

Swami¹,

Dave²,

Ranga³

2020

Preprint

View full text Add to dashboard Cite

Distributed Denial of Service attack (DDoS) is recognized to be one of the catastrophic attacks against various digital communication entities. Software-defined networking (SDN) is an emerging technology for computer networks that uses open protocols for controlling switches and routers placed at the network edges by using specialized open programmable interfaces. In this paper, a detailed study on DDoS threats prevalent in SDN is presented. Firstly, SDN features are examined from the perspective of security, and then, a discussion on assessment of SDN security features is done. Further, two viewpoints towards protecting the networks against DDoS attacks are elaborated. In the first view, SDN utilizes its abilities to secure the conventional networks. In the second view, SDN may become a victim of the threats itself because of the centralized control mechanism. The main focus of this research work is towards discovering critical security implications in SDN while reviewing the current ongoing research studies. By emphasizing the available state of the art techniques, an extensive review towards the advancement of the SDN security is provided to the researchers and IT communities.

show abstract

Detecting and mitigating denial of service attacks against the data plane in software defined networks

Cited by 23 publications

References 12 publications

Software-defined Networking-based DDoS Defense Mechanisms

Software-defined Networking-based DDoS Defense Mechanisms

Proposed approach to detect distributed denial of service attacks in software defined network using machine learning algorithms

Software-defined Networking Based DDoS Defense Mechanisms

Contact Info

Product

Resources

About