Journal ArticleDOI
Toward secure software-defined networks against distributed denial of service attack
Reads0
Chats0
TLDR
An information distance-based flow discriminator framework has been discussed, which can discriminate the DDoS traffic during flash events, a similar looking legitimate traffic, in SDN environment and can detect the traffic at the edge switch so that the attack alert can be raised at the earliest.Abstract:
The newly emerged software-defined networking (SDN) paradigm provides a flexible network management by decoupling the network control logic from the data plane, which could effectively resolve many security issues of legacy networks. One of such security issues is distributed denial of service (DDoS) attack, which is a rapidly growing network threat. This is usually performed on a target system to make an online service unavailable to the users. SDN can easily detect the DDoS attack due to the centralized control provisioning and network visibility. At the same time, the changes of fundamental architecture and the developments of various design entities pose a severe DDoS threat to the SDN platform. This paper presents a concise up-to-date review of security concerns of SDN, possible DDoS attack in individual layers of SDN and ongoing research efforts on SDN-enabled DDoS detection solutions. Based on the findings, an information distance-based flow discriminator framework has been discussed, which can discriminate the DDoS traffic during flash events, a similar looking legitimate traffic, in SDN environment. The information distance metric is used to describe the variations of traffic behavior of such events. The simulation results show that the information distance metric can effectively identify the DDoS traffic in comparison with other metrics with a higher detection rate. The proposed solution can detect the traffic at the edge switch so that the attack alert can be raised at the earliest.read more
Citations
More filters
Journal ArticleDOI
An Evolutionary SVM Model for DDOS Attack Detection in Software Defined Networks
Kshira Sagar Sahoo,Bata Krishna Tripathy,Kshirasagar Naik,Somula Ramasubbareddy,Balamurugan Balusamy,Manju Khari,Daniel Burgos +6 more
TL;DR: The experimental results show that compared to single-SVM, the proposed model achieves more accurate classification with better generalization, and can be embedded within the controller to define security rules to prevent possible attacks by the attackers.
Journal ArticleDOI
A Deep CNN Ensemble Framework for Efficient DDoS Attack Detection in Software Defined Networks
Shahzeb Haider,Adnan Akhunzada,Iqra Mustafa,Tanil Bharat Patel,Amanda Fernandez,Kim-Kwang Raymond Choo,Javed Iqbal +6 more
TL;DR: A deep convolutional neural network (CNN) ensemble framework for efficient DDoS attack detection in SDNs is proposed and is evaluated on a current state-of-the-art Flow-based dataset under established benchmarks.
Journal ArticleDOI
Software-Defined Cloud Computing: A Systematic Review on Latest Trends and Developments
Aaqif Afzaal Abbasi,Almas Abbasi,Shahaboddin Shamshirband,Anthony T. Chronopoulos,Valerio Persico,Antonio Pescape +5 more
TL;DR: A survey on software-defined cloud computing, which introduces SDCC environments and explains its main architectural components, and identifies the essential contributions of various developments to this field and discusses the implementation challenges and limitations faced in their adoption.
Journal ArticleDOI
Vulnerability retrospection of security solutions for software-defined Cyber–Physical System against DDoS and IoT-DDoS attacks
Manish Snehi,Abhinav Bhandari +1 more
TL;DR: A comprehensive survey on vulnerability analysis of security solutions for Software-defined Cyber–Physical System and recommends amalgamation of Fog Computing as one of the architectural layers for overcoming a number of vulnerabilities is presented.
SDNShield: Towards more comprehensive defense against DDoS attacks on SDN control plane
TL;DR: SDNShield as mentioned in this paper deploys specialized software boxes to improve the scalability of ingress SDN switches to accommodate control plane workload surges, and further incorporates a two-stage filtering scheme to protect the centralized controller.
References
More filters
Journal ArticleDOI
A taxonomy of DDoS attack and DDoS defense mechanisms
Jelena Mirkovic,Peter Reiher +1 more
TL;DR: This paper presents two taxonomies for classifying attacks and defenses in distributed denial-of-service (DDoS) and provides researchers with a better understanding of the problem and the current solution space.
Journal ArticleDOI
A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks
TL;DR: The primary intention for this work is to stimulate the research community into developing creative, effective, efficient, and comprehensive prevention, detection, and response mechanisms that address the DDoS flooding problem before, during and after an actual attack.
Proceedings ArticleDOI
ONOS: towards an open, distributed SDN OS
Pankaj Vishwanath Berde,Matteo Gerola,Jonathan Hart,Yuta Higuchi,Masayoshi Kobayashi,Toshio Koide,Bob Lantz,Brian O'Connor,Pavlin Radoslavov,William Snow,Guru Parulkar +10 more
TL;DR: This work identifies additional steps that will be required for ONOS to support use cases such as core network traffic engineering and scheduling, and to become a usable open source, distributed network OS platform that the SDN community can build upon.
Journal ArticleDOI
A Survey on Software-Defined Networking
TL;DR: A generally accepted definition for SDN is presented, including decoupling the control plane from the data plane and providing programmability for network application development, and its three-layer architecture is dwelled on, including an infrastructure layer, a control layer, and an application layer.
Journal ArticleDOI
Frenetic: a network programming language
Nate Foster,Rob Harrison,Michael J. Freedman,Christopher Monsanto,Jennifer Rexford,Alec Story,David Walker +6 more
TL;DR: Frenetic provides a declarative query language for classifying and aggregating network traffic as well as a functional reactive combinator library for describing high-level packet-forwarding policies, which facilitates modular reasoning and enables code reuse.