Network security through software defined networking

Jérôme, François; Dolberg, Lautaro; Festor, Olivier; Engel, Thomas

doi:10.1145/2670386.2670390

Cited by 19 publications

(8 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this section we highlight relevant research work done in the domain of DDoS defense with SDN (other than [10], discussed in Section 1). This work can roughly be divided into DDoS defense mechanisms against the core SDN infrastructure and the approaches that leverage SDN against DDoS attacks [15].…”

Section: Related Workmentioning

confidence: 99%

SDN Based Collaborative Scheme for Mitigation of DDoS Attacks

Hameed

Khan

2018

Future Internet

View full text Add to dashboard Cite

Software Defined Networking (SDN) has proved itself to be a backbone in the new network design and is quickly becoming an industry standard. The idea of separation of control plane and data plane is the key concept behind SDN. SDN not only allows us to program and monitor our networks but it also helps in mitigating some key network problems. Distributed denial of service (DDoS) attack is among them. In this paper we propose a collaborative DDoS attack mitigation scheme using SDN. We design a secure controller-to-controller (C-to-C) protocol that allows SDN-controllers lying in different autonomous systems (AS) to securely communicate and transfer attack information with each other. This enables efficient notification along the path of an ongoing attack and effective filtering of traffic near the source of attack, thus saving valuable time and network resources. We also introduced three different deployment approaches i.e., linear, central and mesh in our testbed. Based on the experimental results we demonstrate that our SDN based collaborative scheme is fast and reliable in efficiently mitigating DDoS attacks in real time with very small computational footprints. Thing (IoT) devices (such as printers, cameras, home routers and baby monitors) were used to generate a DDoS attack involving malicious domain name system (DNS) lookup requests from tens of millions of IP addresses [4]. This attack is considered the largest of its kind in history with an unprecedented rate of 1.2 Tbps. The main target of the attack was the servers of Dyn Inc., a company that controls much of the Internet's DNS infrastructure [5]. Study of recent attacks reveal that with little effort, next generation attack tools would be able to enact DDoS attacks that are thousand times stronger than the ones we see today [6]. A popular defense practice against DDoS is to deploy detection and response mechanisms at the destination hosts due to higher accuracy and cheaper cost. On the downside, destination based mechanisms alone cannot mitigate attack on the paths to the victim and waste resources. This calls for an efficient mitigation strategy to ease out network resources along the transit path of an attack from source to victim. SDN bring us a new approach to deal with DDoS attacks [7][8][9]. The separation of control and data plane in SDN allows us to write the control logic and instruct the forwarding plane to behave accordingly. This programmability gives us more control of the network traffic which was Future Internet 2018, 10, 23 2 of 18 not possible before the advent of SDN. In [10], Giotis et al. proposed a DDoS mitigation scheme across multiple SDN domains or networks (Domain(s) and Network(s) are used interchangeably throughout this paper). The mitigation process starts from the victim network and propagates along the way towards the source. They extended the border gateway protocol (BGP) to embed the incident report as URIs within BGP signals. This reliance on BGP has some ramifications. First of all, BGP is very complex and hard to maste...

show abstract

Section: Related Workmentioning

confidence: 99%

SDN Based Collaborative Scheme for Mitigation of DDoS Attacks

Hameed

Khan

2018

Future Internet

View full text Add to dashboard Cite

show abstract

“…Complementarily, Scott et al [22] investigate possible new security issues introduced through SDN and identify the affected layers. Focusing on network security approaches using SDN capabilities, François et al [10] reviews recent research efforts and provides a qualitative comparison, complementary to our analytical and empirical evaluation. Furthermore, existing work has been focusing on more specific attacks and their mitigation.…”

Section: Related Workmentioning

confidence: 99%

Analysis and Evaluation of OpenFlow Message Usage for Security Applications

Seeber

Rodosek

Hurel

et al. 2016

Management and Security in the Age of Hyperconnectivity

View full text Add to dashboard Cite

“…Besides this Scott et al [16] investigated possible new security issues introduced through SDN and identified affected layers. François et al [11] reviewed SDN security approaches according to their scope, practicability and advantages.…”

Section: Related Workmentioning

confidence: 99%

Towards an Adaptive and Effective IDS Using OpenFlow

Seeber

Rodosek

2015

Intelligent Mechanisms for Network Configuration and Security

View full text Add to dashboard Cite

Abstract. Processing huge amounts of traffic from core network components with respect to security remains a challenging task, since the amounts of data increase continuously. Therefore, new approaches need to be investigated to detect and handle attacks already in high-speed environments. In this PhD research, we will develop a new approach for detecting network attacks by processing data from core network components taking advantage of properties of OpenFlow in an SDN environment. Using this, we can collect metadata about forwarded traffic in an immediate and effective way. In addition, our solution will enable dynamic and adaptive redirection of traffic to various IDSs including cloud-based IDS solutions.

show abstract

Network security through software defined networking

Cited by 19 publications

References 23 publications

SDN Based Collaborative Scheme for Mitigation of DDoS Attacks

SDN Based Collaborative Scheme for Mitigation of DDoS Attacks

Analysis and Evaluation of OpenFlow Message Usage for Security Applications

Towards an Adaptive and Effective IDS Using OpenFlow

Contact Info

Product

Resources

About