Mitigation of DDoS attack instigated by compromised switches on SDN controller by analyzing the flow rule request traffic

  • Abstract
  • Keywords
  • References
  • PDF
  • Abstract

    Software Defined Network (SDN) is a new network architecture which separates the data plane from the control plane. The SDN controller implements the control plane and switches implement the data plane. Many papers discuss about DDoS attacks on primary servers present in SDN and how they can be mitigated with the help of controller. In our paper we show how DDoS attack can be instigated on the SDN controller by manipulating the flow table entries of switches, such that they send continuous requests to the controller and exhaust its resources. This is a new, but one of the possible way in which a DDoS attack can be performed on controller. We show the vulnerability of SDN for this kind of attack. We further propose a solution for mitigating it, by running a DDoS Detection module which uses variation of flow entry request traffic from all switches in the network to identify compromised switches and blocks them completely.

  • Keywords

    Controller;DDoS; flow table; hard time out; idle timeout; SDN.

  • References

      [1] ] Goransson, Paul, Chuck Black, and Timothy Culver. Software defined networks: a comprehensive approach. Morgan Kaufmann, 2016.

      [2] Fan, Yinghong, Hossam Hassanein, and Pat Martin. "Proactively defeating distributed denial of service attacks." In Electrical and Computer Engineering, 2003. IEEE CCECE 2003. Canadian Conference on, vol. 2, pp. 1047-1050. IEEE, 2003.

      [3] Mousavi, Seyed Mohammad, and Marc St-Hilaire. "Early detection of DDoS attacks against SDN controllers." In Computing, Networking and Communications (ICNC), 2015 International Conference on, pp. 77-81. IEEE, 2015.

      [4] Safko, Gregory. "Defending against Denial of Service Attacks using a Modified Priority Queue: Bouncer." In SoutheastCon, 2006. Proceedings of the IEEE, pp. 114-119. IEEE, 2005.

      [5] Jantila, Saksit, and KornchawalChaipah. "A Security Analysis of a Hybrid Mechanism to Defend DDoS Attacks in SDN."Procedia Computer Science 86 (2016): 437-440.

      [6] Yoon, MyungKeun. "Using whitelisting to mitigate DDoS attacks on critical internet sites." IEEE Communications Magazine 48, no. 7 (2010).




Article ID: 10065
DOI: 10.14419/ijet.v7i2.6.10065

Copyright © 2012-2015 Science Publishing Corporation Inc. All rights reserved.