Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking (SDN)

A virtual network is a computer network which does not contain any physical link between two computational nodes instead they connect through the virtual links. In recent years the virtual network is managed by Software Defined Network (SDN). SDN is one of the most emerging network technologies in the current trends. Most of the companies configure their networks in SDN. It has been found important to understand the security issues that are being raised in any large scale developments from any new technologies that have been raised in recent years. Though the system acquires lot of benefits from SDN the system have to do some little work in security phase. This work confers four kinds of Denial-of-Service (DoS) attacks that are specific to networks in the OpenFlow SDN in different layers. Those attacks are Ping of Death, HTTP Unbearable Load King, SYN flood and Smurf attack. We introduced these attacks in SDN. These have been emulated on Mininet and an analysis is provided that was obtained on the consequence of these attacks. The DoS attack that is more severe than others has been found out and a suitable prevention techniques for that DoS attack is suggested.

show abstract

“…(1). The Bandwidth Exhaustion [18] of the DoS attack is the exhaustion of the bandwidth that occurs during the attack of an intruder.…”

Section: Performance Analysismentioning

confidence: 99%

“…The field of cloud computing [1,2,4] has expanded in a wide range with a speedy acceptance for the few years. It has been so as company sought more well-organized and operative ways in exploiting its IT investment.…”

Section: Cloud Computingmentioning

confidence: 99%

Impact of DoS Attack in Software Defined Network for Virtual Network

Ramachandran¹,

Shanmugam

2016

Wireless Pers Commun

View full text Add to dashboard Cite

show abstract

“…Furthermore, the study of IDS has been an important aspect of network security. There have been numerous developments of IDS solutions to deter malicious traffic [7,8,14,15,30,33,37,42], but they heavily rely on user-space detection.…”

Section: Related Workmentioning

confidence: 99%

Kernel-Space Intrusion Detection Using Software-Deﬁned Networking

Chin¹,

Xiong²,

Rahouti³

2018

ICST Transactions on Security and Safety

Self Cite

View full text Add to dashboard Cite

Software-Defined Networking (SDN) has encountered serious Denial of Service (DoS) attacks. However, existing approaches cannot sufficiently address the serious attacks in the real world because they often present significant overhead and they require long detection and mitigation time. In this paper, we propose a lightweight kernel-level intrusion detection and prevention framework called KernelDetect, which leverages modular string searching and filtering mechanisms with SDN techniques. In KernelDetect, we sufficiently utilize the strengths of the Aho-Corasick and Bloom filter to design KernelDetect by using SDN. We further experimentally compare it with SNORT and BROS, two conventional and popular Intrusion Detection and Prevention System (IDPS) on the Global Environment for Networking Innovations (GENI), a real-world testbed. Our comprehensive studies through experimental data and analysis show that KernelDetect is more efficient and effective than SNORT and BROS.

show abstract

“…Furthermore, existing proposals leverage either a centralized IDS, ie, a single IDS that analyzes the traffic of the whole network, or a distributed IDS where multiple IDSs are spread across the network and sending alerts to a centralized server for further analysis. () In this work, we focus on proposals that use a single IDS to analyze the traffic of the whole network and the solutions they proposed to reduce the amount of inspected traffic. For instance, Androulidakis et al proposed to analyze only small flows, as they assume that small flows are predominant in malicious traffic.…”

Section: Related Workmentioning

confidence: 99%

A holistic approach to mitigating DoS attacks in SDN networks

Dridi

Zhani

2017

Int J Network Mgmt

View full text Add to dashboard Cite

SummarySoftware-defined networking (SDN) has recently emerged as a new networking technology offering an unprecedented programmability that allows network operators to dynamically manage their infrastructures. However, despite these benefits, deny-of-service (DoS) attacks are considered a major threat to such networks, as they can easily overload the SDN controller and flood switch forwarding tables, resulting in a critical degradation of the network performance. To address this issue, we propose SDN-Guard, a novel holistic approach to protect SDN networks against DoS attacks. Software-defined networking-Guard leverages an intrusion detection system (IDS) to detect potential DoS attacks and then efficiently mitigate their impact by dynamically (1) rerouting malicious traffic, (2) adjusting flow time-outs, and (3) aggregating flow rules. This paper extends our previous work by proposing solutions to minimize the switch-to-IDS traffic without impacting the IDS accuracy. We hence propose to use sampling techniques and devise an integer linear program to find the optimal placement for the IDS and to determine the switches that should mirror the flows towards it so as to minimize network bandwidth consumption. Extensive experiments using Mininet show that SDN-Guard maintains network performance during DoS attacks and succeeds in reducing by up to 32% their impact on controller performance, usage of switch forwarding tables, and control plane bandwidth. Furthermore, our results show that carefully placing the IDS and selecting the switches mirroring, the traffic can reduce by up to 90% the switch-to-IDS traffic. They also show that the IDS accuracy remains at 100% by analyzing only 11% of the network traffic.

show abstract

Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking (SDN)

Cited by 67 publications

References 6 publications

Impact of DoS Attack in Software Defined Network for Virtual Network

Impact of DoS Attack in Software Defined Network for Virtual Network

Kernel-Space Intrusion Detection Using Software-Deﬁned Networking

A holistic approach to mitigating DoS attacks in SDN networks

Contact Info

Product

Resources

About