Journal ArticleDOI
Distributed denial of service (DDoS) attack mitigation in software defined network (SDN)-based cloud computing environment
Kriti Bhushan,Brij B. Gupta +1 more
Reads0
Chats0
TLDR
This work discusses various essential features of SDN that makes it a suitable networking technology for cloud computing, and proposes a novel flow-table sharing approach to protect the SDN-based cloud from flow table overloading DDoS attacks.Abstract:
In recent time, software defined networking (SDN) has evolved into a new and promising networking paradigm. In the SDN-based cloud, the essential features of SDN, including global view of the whole network, software-based traffic analysis, centralized control over the network, etc. can greatly improve the DDoS attack detection and mitigation capabilities of the cloud. However, integration of SDN in the cloud itself introduces new DDoS attack vulnerabilities. Limited flow-table size is a vulnerability that can be exploited by the adversaries to perform DDoS attacks on the SDN-based cloud. In this paper, we first discuss various essential features of SDN that makes it a suitable networking technology for cloud computing. In addition, we represent the flow table-space of a switch by using a queuing theory based mathematical model. Further, we propose a novel flow-table sharing approach to protect the SDN-based cloud from flow table overloading DDoS attacks. This approach utilizes idle flow-table of other OpenFlow switches in the network to protect the switch’s flow-table from overloading. Our approach increases the resistance of the cloud system against DDoS attacks with minimal involvement of the SDN controller. Thus, it has very low communication overhead. Our claims are well supported by the extensive simulation-based experiments.read more
Citations
More filters
Journal ArticleDOI
Blockchain-based authentication and authorization for smart city applications
TL;DR: In this article, the authors proposed a solution for distributed management of identity and authorization policies by leveraging on the blockchain technology to hold a global view of the security policies within the system, and integrating it in the FIWARE platform.
Journal ArticleDOI
Performance evaluation of Botnet DDoS attack detection using machine learning
Tong Anh Tuan,Hoang Viet Long,Le Hoang Son,Raghvendra Kumar,Ishaani Priyadarshini,Nguyen Thi Kim Son +5 more
TL;DR: Performance of KDD99 dataset has been experimentally shown to be better as compared to the UNBS-NB 15 dataset, which is significant in computer security and other related fields.
Journal ArticleDOI
A Survey on Distributed Denial of Service (DDoS) Attacks in SDN and Cloud Computing Environments
TL;DR: The state of art of the DDoS attacks in SDN and cloud computing scenarios is presented and the research works and open problems in identifying and tackling theDDoS attacks are overviewed.
Journal ArticleDOI
Detection and mitigation of DDoS attacks in SDN: A comprehensive review, research challenges and future directions
Jagdeep Singh,Sunny Behal +1 more
TL;DR: This paper systematically reviews around 70 prominent DDoS detection and mitigation mechanisms in SDN networks and deliberates on various open research issues, gaps and challenges in the deployment of a secure SDN-based DDoS defence solution.
Journal ArticleDOI
Defense Mechanisms Against DDoS Attacks in a Cloud Computing Environment: State-of-the-Art and Research Challenges
Neha Agrawal,Shashikala Tapaswi +1 more
TL;DR: This paper presents a comprehensive taxonomy of all the possible variants of cloud DDoS attacks solutions with detailed insight into the characterization, prevention, detection, and mitigation mechanisms with a detailed discussion on essential performance metrics to evaluate various defense solutions and their behavior in a cloud environment.
References
More filters
ReportDOI
The NIST Definition of Cloud Computing
Peter Mell,Timothy Grance +1 more
TL;DR: This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.
Journal ArticleDOI
OpenFlow: enabling innovation in campus networks
Nick McKeown,Thomas Anderson,Hari Balakrishnan,Guru Parulkar,Larry L. Peterson,Jennifer Rexford,Scott Shenker,Jonathan S. Turner +7 more
TL;DR: This whitepaper proposes OpenFlow: a way for researchers to run experimental protocols in the networks they use every day, based on an Ethernet switch, with an internal flow-table, and a standardized interface to add and remove flow entries.
Journal ArticleDOI
Software-Defined Networking: A Comprehensive Survey
Diego Kreutz,Fernando M. V. Ramos,Paulo Veríssimo,Christian Esteve Rothenberg,Siamak Azodolmolky,Steve Uhlig +5 more
TL;DR: This paper presents an in-depth analysis of the hardware infrastructure, southbound and northbound application programming interfaces (APIs), network virtualization layers, network operating systems (SDN controllers), network programming languages, and network applications, and presents the key building blocks of an SDN infrastructure using a bottom-up, layered approach.
Posted Content
Software-Defined Networking: A Comprehensive Survey
Diego Kreutz,Fernando M. V. Ramos,Paulo Veríssimo,Christian Esteve Rothenberg,Siamak Azodolmolky,Steve Uhlig +5 more
TL;DR: Software-Defined Networking (SDN) as discussed by the authors is an emerging paradigm that promises to change this state of affairs, by breaking vertical integration, separating the network's control logic from the underlying routers and switches, promoting (logical) centralization of network control, and introducing the ability to program the network.
Proceedings ArticleDOI
DevoFlow: scaling flow management for high-performance networks
Andrew R. Curtis,Jeffrey C. Mogul,Jean Tourrilhes,Praveen Yalagandula,Puneet Sharma,Sujata Banerjee +5 more
TL;DR: DevoFlow is designed and evaluated, a modification of the OpenFlow model which gently breaks the coupling between control and global visibility, in a way that maintains a useful amount of visibility without imposing unnecessary costs.
Related Papers (5)
Security, privacy and trust of different layers in Internet-of-Things (IoTs) framework
Aakanksha Tewari,Brij B. Gupta +1 more
Taxonomy of DoS and DDoS attacks and desirable defense mechanism in a Cloud computing environment
Brij B. Gupta,Omkar P. Badve +1 more