OverWatch: A Cross-Plane DDoS Attack Defense Framework with Collaborative Intelligence in SDN

Han, Biao; Yang, Xiangrui; Sun, Zhigang; Huang, Jinfeng; Su, Jinshu

doi:10.1155/2018/9649643

Cited by 62 publications

(32 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The third stage is a recovery stage in which the methods are to implement in the victim server to serve its user or to recover from the attacks. Several methods including migration [23] and backup resources [24] are suggested by a few researchers. But at this stage, implementation of any method leads to an overhead of reserved resources and costs to the victim server.…”

Section: Challenge Responsementioning

confidence: 99%

A new framework to alleviate DDoS vulnerabilities in cloud computing

Saravanan¹,

Bama²,

Kadry

et al. 2019

IJECE

View full text Add to dashboard Cite

In the communication age, the Internet has growing very fast and most industries rely on it. An essential part of Internet, Web applications like online booking, e-banking, online shopping, and e-learning plays a vital role in everyday life. Enhancements have been made in this domain, in which the web servers depend on cloud location for resources. Many organizations around the world change their operations and data storage from local to cloud platforms for many reasons especially the availability factor. Even though cloud computing is considered a renowned technology, it has many challenges, the most important one is security. One of the major issue in the cloud security is Distributed Denial of Service attack (DDoS), which results in serious loss if the attack is successful and left unnoticed. This paper focuses on preventing and detecting DDoS attacks in distributed and cloud environment. A new framework has been suggested to alleviate the DDoS attack and to provide availability of cloud resources to its users. The framework introduces three screening tests VISUALCOM, IMGCOM, and AD-IMGCOM to prevent the attack and two queues with certain constraints to detect the attack. The result of our framework shows an improvement and better outcomes and provides a recovered from attack detection with high availability rate. Also, the performance of the queuing model has been analysed.

show abstract

Section: Challenge Responsementioning

confidence: 99%

A new framework to alleviate DDoS vulnerabilities in cloud computing

Saravanan¹,

Bama²,

Kadry

et al. 2019

IJECE

View full text Add to dashboard Cite

show abstract

“…Reference improvement overwatch 13 Though their defense actuators are deployed in the data plane, their forwarding latency has higher latency compared to our datapath, due to optimization with DPDK and kernel memory mapped Netfilter model. Their primary attack classifier algorithm runs on the control plane only and hence prone to control plane saturation and overload.…”

Section: Table 3 Comparison With Selected Workmentioning

confidence: 99%

“…On the other hand, being very suitable for the modern high‐bandwidth applications, SDN will increasingly replace conventional networking in the near future, and then it will rapidly become the main diffusion field for botnets. In recent years, there has been active research in SDN, NFV, and their applications for network security …”

Section: Introductionmentioning

confidence: 99%

“…In recent years, there has been active research in SDN, NFV, and their applications for network security. [7][8][9][10][11][12][13][14] In the SDN paradigm, due to the global view, DDoS attacks can be detected and defeated in early stages. However, existing approaches that build DDoS attack defense applications upon the SDN control plane are challenging to provide high defense performance.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

SDN/NFV security framework for fog‐to‐things computing infrastructure

2019

View full text Add to dashboard Cite

Summary Currently, core networking architectures are facing disruptive developments, due to emergence of paradigms such as Software‐Defined‐Networking (SDN) for control, Network Function Virtualization (NFV) for services, and so on. These are the key enabling technologies for future applications in 5G and locality‐based Internet of things (IoT)/wireless sensor network services. The proliferation of IoT devices at the Edge networks is driving the growth of all‐connected world of Internet traffic. In the Cloud‐to‐Things continuum, processing of information and data at the Edge mandates development of security best practices to arise within a fog computing environment. Service providers are transforming their business using NFV‐based services and SDN‐enabled networks. The SDN paradigm offers an easily programmable model, global view, and control for modern networks, which demand faster response to security incidents and dynamically enforce countermeasures to intrusions and cyberattacks. This article proposes an autonomic multilayer security framework called Distributed Threat Analytics and Response System (DTARS) for a converged architecture of Fog/Edge computing and SDN infrastructures, for emerging applications in IoT and 5G networks. The major detection scheme is deployed within the data plane, consisting of a coarse‐grained behavioral, anti‐spoofing, flow monitoring and fine‐grained traffic multi‐feature entropy‐based algorithms. We developed exemplary defense applications under DTARS framework, on a malware testbed imitating the real‐life DDoS/botnets such as Mirai. The experiments and analysis show that DTARS is capable of detecting attacks in real‐time with accuracy more than 95% under attack intensities up to 50 000 packets/s. The benign traffic forwarding rate remains unaffected with DTARS, while it drops down to 65% with traditional NIDS for advanced DDoS attacks. Further, DTARS achieves this performance without incurring additional latency due to data plane overhead.

show abstract

“…An et al [24] propose a new scheme based on the analysis of the network status in the edge by gathering metrics to extract characteristics and security information of the fog computing infrastructure using Semisupervised Extreme Learning Machines (SS-ELM) algorithm. Hang et al [25] proposed a solution called Overwatch that provided a solution to Distributed Denial of Services (DDoS) attacks. Authors developed a collaborative DDoS attack detection mechanism, which consists in a flow monitoring algorithm on the data plane processing the coarse-grained flows and a fine-grained machine learning classification algorithm on the control plane.…”

Section: Related Workmentioning

confidence: 99%

NFVMon: Enabling Multioperator Flow Monitoring in 5G Mobile Edge Computing

Chirivella‐Perez

Aguado

Calero

et al. 2018

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

With the advances of new-generation wireless and mobile communication systems such as the fifth-generation (5G) mobile networks and Internet of Things (IoT) networks, demanding applications such as Ultra-High-Definition video applications is becoming ever popular. These applications require real-time monitoring and processing to meet the mission-critical quality of service requirements and are expected to be supported by the emerging fog or edge computing paradigms. This paper presents NFVMon, a novel monitoring architecture to enable flow monitoring capabilities of network traffic in a 5G multioperator mobile edge computing environment. The proposed NFVMon is integrated with the management plane of the Cloud Computing. NFVMon has been prototyped and a reference implementation is presented. It provides novel capabilities to provide disaggregated metrics related to the different 5G mobile operators sharing infrastructures and also about the different 5G subscribers of each of such mobile operators. Extensive experiments for evaluating the performance of the system have been conducted on a mid-sized infrastructure testbed.

show abstract

OverWatch: A Cross-Plane DDoS Attack Defense Framework with Collaborative Intelligence in SDN

Cited by 62 publications

References 27 publications

A new framework to alleviate DDoS vulnerabilities in cloud computing

A new framework to alleviate DDoS vulnerabilities in cloud computing

SDN/NFV security framework for fog‐to‐things computing infrastructure

NFVMon: Enabling Multioperator Flow Monitoring in 5G Mobile Edge Computing

Contact Info

Product

Resources

About