Practical extensions to countermeasure DoS attacks in software defined networking

Mohammadi, Reza; Javidan, Reza; Keshtgary, Manijeh; Conti, Mauro; Lal, Chhagan

doi:10.1109/nfv-sdn.2017.8169839

Cited by 8 publications

(13 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [155], the authors address two types of attacks: spoofing route attacks and resource exhaustion attacks. The former deals with a module installed on the OF switch named "selective blocking"; this module extracts information (IP, MAC) when it receives a new request to the network.…”

Section: ) Stateless Data Planementioning

confidence: 99%

A Survey of the Main Security Issues and Solutions for the SDN Architecture

et al. 2021

View full text Add to dashboard Cite

The software-defined networking (SDN) paradigm proposes the decoupling of control and data planes and a centralized software-oriented management approach based on a central controller, easing the development of new applications and services. These design principles pave the way for a more flexible, fast, and dynamic software-controlled network. However, in terms of security, the elements that comprise the SDN architecture present several vulnerabilities, which could be exploited by attackers to carry out malicious actions and thus affect the network and its services. Although for several years, some studies have already focused on identifying the weaknesses of the SDN layer structure, the nature of the attacks, and possible solutions for this paradigm, the literature contains few contributions that review and discuss this topic in an integral fashion. This paper provides a comprehensive, updated, and detailed review of the main security issues and mitigating measures for all layers and interfaces of the SDN architecture, classifying the contributions according to the STRIDE threat modeling methodology categories. Finally, this manuscript identifies, discusses, and synthesizes open challenges and future research directions in this area.

show abstract

Section: ) Stateless Data Planementioning

confidence: 99%

A Survey of the Main Security Issues and Solutions for the SDN Architecture

et al. 2021

View full text Add to dashboard Cite

show abstract

“…In this way, the attackers can quickly halt the functionalities of the OF-switches, ie, cripple the network services by mounting distributed denial of service (DDoS) attack. 34 Furthermore, enhancing the controller's intelligence software may increase its vulnerability and attack surfaces for hackers. Because If attackers have access to the controller, they can damage most of the major aspects of the network and eventually able to shut down the complete network.…”

Section: Opportunities and Research Challengesmentioning

confidence: 99%

“…Later, as a result of the shutdown, all the arriving packets will be discarded by the switch. In this way, the attackers can quickly halt the functionalities of the OF‐switches, ie, cripple the network services by mounting distributed denial of service (DDoS) attack . Furthermore, enhancing the controller's intelligence software may increase its vulnerability and attack surfaces for hackers.…”

Section: Opportunities and Research Challengesmentioning

confidence: 99%

See 1 more Smart Citation

CENSOR: Cloud‐enabled secure IoT architecture over SDN paradigm

Conti

Kaliyar

Lal

2018

Concurrency and Computation

Self Cite

View full text Add to dashboard Cite

The cyber-security threats to low-cost end-user devices could severely undermine the expected deployment of Internet of Thing (IoT) solutions in a range of real-world applications such as environment monitoring, transportation, and manufacturing. Additionally, the huge amount of data generated by these devices posses new challenges concerning tasks such as efficient information acquisition and analysis, decision making, and action implementation. In this paper, we propose CENSOR, a novel cloud-enabled secure IoT network architecture based on SDN paradigm. We discuss the significant benefits as well as challenges that are inherent while performing integration of SDN and IoT in CENSOR. We show that the emerging software-based networking features combined with the cloud computing solutions can significantly improve the security and communication reliability in the target IoT scenarios. In particular, to provide the adequate security measures in the network, CENSOR uses a lightweight and scalable software remote attestation scheme, which ensures the integrity of the software that is being executed by the IoT devices to achieve the application specific goals in the network. We further discuss the improvements in data communication and data overhead that can be achieved in CENSOR due to its convergence with the cloud computing (at back-end) and fog computing services (at edge routers or front-end). A Smart City use-case has been considered as a target IoT scenario to analyze the feasibility and effectiveness of CENSOR concerning the communication security and the network scalability parameters. Additionally, we provide future research directions along with the recent industry initiatives that include open issues in the integration and deployment of cloud-enabled SDN-based IoT networks. KEYWORDScloud computing, internet of things, remote attestation, security, software defined networks INTRODUCTIONWith the advancements in the hardware and the functionalities of smart-devices, a vast array of smart applications are being deployed to create an Internet of Things (IoT) ecosystem. As millions of devices are connecting every day to the Internet, securing and managing such exponentially growing networks is becoming a challenge for network managers. In this context, the Software Defined Networking (SDN), 1 a new networking paradigm, introduces features such as ubiquitous accessibility, dynamic resource management, robust open programmable interfaces, and logically centralized control, to overcome various management and security issues in future generation networks such as Information Centric Networking (ICN) 2 and 5G. SDN separates the control plane and the data plane. The network intelligence and state are logically centralized (by using distributed controllers), and the underlying network infrastructure is abstracted from applications, hence it enables support for heterogeneous device communication. SDN design helps in enhancing network security through global visibility of the network state where the logically centralized c...

show abstract

“…Software-defined networking (SDN) is a network architecture approach that adopted software applications to centrally and intelligently control the network. [1][2][3] This helps operators to efficiently manage the entire network regardless of the underlying network technology. 4 SDN architecture allows the network to be centrally controlled or explicitly programmed using software applications by decoupling the control plane and data plane of the network.…”

Section: Introductionmentioning

confidence: 99%

Throttle: An efficient approach to mitigate distributed denial of service attacks on software‐defined networks

Olakanmi

Odeyemi

2021

Security and Privacy

View full text Add to dashboard Cite

Recently, different approaches such as statistical methods, genetic algorithm, hidden Markov, fuzzy logic, and blockchain have been adopted to detect and prevent distributed denial of services (DDoS) on software-defined networks. However, most of these methods are not only complex but are also not adaptive, therefore adversaries with high computational resources can successfully launch DDoS attacks. In this work, we propose a security scheme capable of detecting DDoS attacks and throttling down traffics coming from the suspected hosts irrespective of their computational power. To achieve this, we develop three essential models for the scheme for predicting the volume of traffics from different hosts, determining the processing load of the network, and throttling down traffics from the suspicious hosts. We also develop a time tracking digital signature for determining the traffic pattern and sources of traffics. The simulation results show that the scheme is adaptive, efficient, and capable of detecting identity theft and resource exhaustion-based DDoS attacks without denying services to a legitimate host.

show abstract

Practical extensions to countermeasure DoS attacks in software defined networking

Cited by 8 publications

References 10 publications

A Survey of the Main Security Issues and Solutions for the SDN Architecture

A Survey of the Main Security Issues and Solutions for the SDN Architecture

CENSOR: Cloud‐enabled secure IoT architecture over SDN paradigm

Throttle: An efficient approach to mitigate distributed denial of service attacks on software‐defined networks

Contact Info

Product

Resources

About