SDN-Assisted Network-Based Mitigation of Slow DDoS Attacks

Lukaseder, Thomas; Maile, Lisa; Erb, Benjamin; Kargl, Frank

doi:10.1007/978-3-030-01704-0_6

Cited by 25 publications

(22 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The design goal of our system is the ease of deployment in a given software-defined network with low overhead and without changing the network topology. We base our system on our prior work introduced in 2017 [8] and extended in 2018 [9]. Two components are required to implement this…”

Section: Methodsmentioning

confidence: 99%

An SDN-based Approach For Defending Against Reflective DDoS Attacks

Lukaseder

Stölzle

Kleber

et al. 2018

2018 IEEE 43rd Conference on Local Computer Networks (LCN)

Self Cite

View full text Add to dashboard Cite

Distributed Reflective Denial of Service (DRDoS) attacks are an immanent threat to Internet services. The potential scale of such attacks became apparent in March 2018 when a memcached-based attack peaked at 1.7 Tbps. Novel services built upon UDP increase the need for automated mitigation mechanisms that react to attacks without prior knowledge of the actual application protocols used. With the flexibility that software-defined networks offer, we developed a new approach for defending against DRDoS attacks; it not only protects against arbitrary DRDoS attacks but is also transparent for the attack target and can be used without assistance of the target host operator. The approach provides a robust mitigation system which is protocol-agnostic and effective in the defense against DRDoS attacks.

show abstract

Section: Methodsmentioning

confidence: 99%

An SDN-based Approach For Defending Against Reflective DDoS Attacks

Lukaseder

Stölzle

Kleber

et al. 2018

2018 IEEE 43rd Conference on Local Computer Networks (LCN)

Self Cite

View full text Add to dashboard Cite

show abstract

“…During the attack, attackers may exhibit an ON-OFF attack pattern which comprises consecutive periods of inactivity (called offtime) and activity (called on-time). Once a stealthy DoS attack has seized all memory space for active connections in a Web server, the attacker tries to keep these connections open as long as possible by exploiting the characteristics of either a specific protocol (e.g., HTTP, DNS) or the application software (e.g., PHP, SOAP) [7], [8].…”

Section: A Basic Principlementioning

confidence: 99%

Q-MIND: Defeating Stealthy DoS Attacks in SDN with a Machine-Learning Based Defense Framework

Gias

Islam

Hương

et al. 2019

2019 IEEE Global Communications Conference (GLOBECOM)

View full text Add to dashboard Cite

Software Defined Networking (SDN) enables flexible and scalable network control and management. However, it also introduces new vulnerabilities that can be exploited by attackers. In particular, low-rate and slow or stealthy Denial-of-Service (DoS) attacks are recently attracting attention from researchers because of their detection challenges. In this paper, we propose a novel machine learning based defense framework named Q-MIND, to effectively detect and mitigate stealthy DoS attacks in SDN-based networks. We first analyze the adversary model of stealthy DoS attacks, the related vulnerabilities in SDN-based networks and the key characteristics of stealthy DoS attacks. Next, we describe and analyze an anomaly detection system that uses a Reinforcement Learning-based approach based on Q-Learning in order to maximize its detection performance. Finally we outline the complete Q-MIND defense framework that incorporates the optimal policy derived from the Q-Learning agent to efficiently defeat stealthy DoS attacks in SDN-based networks. An extensive comparison of the Q-MIND framework and currently existing methods shows that significant improvements in attack detection and mitigation performance are obtained by Q-MIND.

show abstract

“…Slow action/attack is ignored in this fast-moving world and creates more vulnerability in all aspects. The more difficult part is to identify legitimate and illegitimate users [22] [23]. For this purpose, T. Lukaseder et.al.…”

Section: Figure 2: Taxonomy Of Ddos Mitigation In Sdnmentioning

confidence: 99%

“…For this purpose, T. Lukaseder et.al. in [22] proposes a framework to mitigate slow DDoS attack by continuously measuring packet rate and its distance. Researchers elaborate all attack possibilities and their possible solutions in a sophisticated manner.…”

Section: Figure 2: Taxonomy Of Ddos Mitigation In Sdnmentioning

confidence: 99%

Detection and Prevention of DDoS attacks on Software Defined Networks Controllers for Smart Grid

Ahmed¹,

Afaqui²,

Humayun³

2019

IJCA

View full text Add to dashboard Cite

With the evolution of smart grid, the operations, planning and maintenance of an electric grid have improved. On the contrary, smart grid totally relies on the computer network so there is a need of complex and efficient network management. Software defined networks (SDN) is a completely new modern architecture that allows the network to be centrally controlled or explicitly programmed using software applications. Traditionally in computer networks, the routing and switching decisions are implemented on a dedicated hardware. This hardware can be a switch or a router. But with the evolution of Software defined networks, the routing and switching function has been separated and is classified in Control and data planes respectively. Generally, in SDN, the control plane is centralized and is responsible to make a decision on what to do with the incoming packet. Once the decision is made, it is saved in the forwarding table of a switch on the data plane. While Software Defined Network (SDN) has its advantages of central management, programmability, agility and vendor neutrality, they carry a high risk of Distributed Denial of Service attack (DDoS). Centralized nature of the control plane in SDN is a huge risk factor because the attacker may bombard the control plane with malicious packets resulting in a single point of failure of the control plane. If the control plane fails, the entire smart grid network will collapse resulting in a massive outage and financial loss to the stakeholders. In this paper, we have devised a distributed approach, using blockchains, to detect and prevent DDoS attacks on the centralized control plane of SDN. We have simulated our approach using AnyLogic simulator and the results show that the proposed approach is more efficient as compared the existing techniques as it substantially reduces the risk of DDoS attacks and SDN controller overhead.

show abstract

SDN-Assisted Network-Based Mitigation of Slow DDoS Attacks

Cited by 25 publications

References 10 publications

An SDN-based Approach For Defending Against Reflective DDoS Attacks

An SDN-based Approach For Defending Against Reflective DDoS Attacks

Q-MIND: Defeating Stealthy DoS Attacks in SDN with a Machine-Learning Based Defense Framework

Detection and Prevention of DDoS attacks on Software Defined Networks Controllers for Smart Grid

Contact Info

Product

Resources

About