Low-rate TCP DDoS Attack Model in the Southbound Channel of Software Defined Networks

Balarezo, Juan Fernando; Wang, Song; Chavez, Karina Gomez; Al‐Hourani, Akram; Fu, Jing; Kandeepan, Sithamparanathan

doi:10.1109/icspcs50536.2020.9310040

Cited by 6 publications

(6 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Large-scale DDoS attacks involve threats from multiple categories, usually requiring multi-pronged defense mechanisms combining several defense approaches [29]. The efficiency of DDoS attacks depends on different aspects, one of the most important is the size of the botnet used to launch an attack [26]. Botnets creation process relies upon malware dissemination dynamics, accordingly, understanding such behaviour becomes relevant.…”

Section: Related Workmentioning

confidence: 99%

“…If the DDoS traffic is generated by the forwarding devices or even the controllers, it would make the attack stealthier, increasing the probabilities of success. Also as proven in [26], the number of compromised devices is crucial when launching a DDoS attack. Attackers would seek to infect as many SDN devices as possible, then modelling the infection processes is essential.…”

Section: Sdn Epidemic Modelmentioning

confidence: 99%

“…DDoS traffic generated by the forwarding devices or even the controllers, would make the attack more difficult to be detected and mitigated. And the number of compromised devices is crucial when launching a DDoS attack [26]. Hence, modelling the infection processes in SDN is essential since attackers would seek to infect as many devices as possible.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Dynamics of Botnet Propagation in Software Defined Networks Using Epidemic Models

et al. 2021

Self Cite

View full text Add to dashboard Cite

During COVID-19 the new normal became an increased reliance on remote connectivity, and that fact is far away to change any time soon. The increasing number of networked devices connected to the Internet is causing an exponential growth of botnets. Subsequently, the number of DDoS (Distributed Denial of Service) attacks registered around the world also increased, especially during the pandemic lockdown. Therefore, it is crucial to understand how botnets are formed and how bots propagate within networks. In particular, analytic modelling of the botnets epidemic process is an essential component for understanding DDoS attacks, and thus mitigate their impact. In this paper, we propose two analytic epidemic models; (i) the first one for enterprise Software Define Networks (SDN) based on the SEIRS (Susceptible -Exposed -Infected -Recovered) approach, while (ii) the second model is designed for service providers' SDN, and it is based on a novel extension of a SEIRS-SEIRS vector-borne approach. Both models illustrate how bots spread in different types of SDN networks. We found that bot infection behaves in a similar way to human epidemics, such as the novel COVID-19 outbreak. We present the calculation of the basic reproduction number R o for both models and we test the system stability using the next generation matrix approach. We have validated the models using the final value theorem (FVT), with which we can determine the steadystate values that provide a better understanding of the propagation process.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Sdn Epidemic Modelmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Dynamics of Botnet Propagation in Software Defined Networks Using Epidemic Models

et al. 2021

Self Cite

View full text Add to dashboard Cite

show abstract

“…Ping flood attack packets on the POX controller can be prevented by detecting anomalies using machine learning [23]. Balarezo et al carried out an experiment on denial-of-service attacks using TCP's retransmission timeout to the southbound interface via OpenFlow, and they proposed a durable model by revealing the vulnerabilities of the system [24].…”

Section: Introductionmentioning

confidence: 99%

A comparative analysis of software-defined network controllers in terms of network forensics processes and capabilities

ÇİL

2024

Sigma J Eng Nat Sci - Sigma Müh Fen Bil Derg

View full text Add to dashboard Cite

The proliferation of software-defined networks (SDN) increases the necessity of security and forensic research in this field. Network forensics is of particular importance considering the ever-increasing traffic density and variety of devices, and SDN has great potential for improved forensic processes thanks to its ability to provide a centralized view and control of the network. This article's motivation is the lack of a standard forensic process in SDN. The main objective of this study is to examine the differences in the forensic processes of different SDN controllers, whether the southbound interface data is sufficient for the forensic processes, and whether it is possible to choose the best controller in terms of forensics. Four of the most widely used controllers have been selected and tested under seven different scenarios to observe how the results were obtained in terms of forensics. During the tests, in addition to the routine data accesses, attack preparation tools and denial-of-service attack tools were used to expand the scope. Experiments in which each scenario was applied for four different controllers demonstrated that different controllers have different characteristics in network forensics parameters, such as attack type detection, attacker information, service interruptions, packet size, and the number of packets. Experiments proved that southbound interface data is sufficient for forensic processes, different controllers have different characteristics in forensic processes, none of the most used controllers is the best to cover all forensic processes, and a standard forensic method is required for software-defined network forensics.

show abstract

“…The following year, Perez-Diaz et al have used six machine learning algorithms[122] in their IDS inside an SDN simulated environment. Still in 2020, Balarezo et al have investigated the feasibility and mitigation of LDoS shrew attacks on the control plane connections of an SDN network[123]. Several other papers related to SDN appeared in 2021.…”

mentioning

confidence: 99%

Detection and Mitigation of Low-Rate Denial-of-Service Attacks: A Survey

et al. 2022

View full text Add to dashboard Cite

The potential for being the target of Denial of Service (DoS) attacks is one of the most severe security threats on the Internet. Attackers have been modifying their attack format over the years, damaging specific conditions of operating systems and protocols in an attempt to deny or diminish the quality of the service provided to legitimate users. Nowadays, attacks are stealthier and mimic legitimate user traffic in such a way that detection mechanisms against High-rate DoS attacks are no longer sufficient. This evolving type of attack, known as LDoS (Low-rate Denial of Service) attacks, has the potential to produce more damage than its predecessor due to its stealth nature and the lack of suitable detection and defense methods. This survey summarizes and complements previous studies and surveys related to this specific type of attack. First, we propose a taxonomy of the LDoS attacks, which were divided into three broad categories based on their modus operandi: QoS attacks, Slow rate attacks, and Service queue attacks. Next, we detail numerous detection mechanisms and counter-measures available against eight types of LDoS attacks. More specifically, we describe the methods used to throttle the attack traffic. Finally, we provide a feature comparison table for some existing attack tools. This survey aims at providing an extensive review of the literature for helping researchers and network administrators find up-to-date knowledge on LDoS attacks.

show abstract

Low-rate TCP DDoS Attack Model in the Southbound Channel of Software Defined Networks

Cited by 6 publications

References 18 publications

Dynamics of Botnet Propagation in Software Defined Networks Using Epidemic Models

Dynamics of Botnet Propagation in Software Defined Networks Using Epidemic Models

A comparative analysis of software-defined network controllers in terms of network forensics processes and capabilities

Detection and Mitigation of Low-Rate Denial-of-Service Attacks: A Survey

Contact Info

Product

Resources

About