article

Defending against Packet-In messages flooding attack under SDN context

Authors:

Chuan Heng Foh,

Han-Chieh ChaoAuthors Info & Claims

Soft Computing - A Fusion of Foundations, Methodologies and Applications, Volume 22, Issue 20

Pages 6797 - 6809

https://doi.org/10.1007/s00500-018-3407-3

Published: 01 October 2018 Publication History

Abstract

Software-defined networking (SDN) is the key outcome of extensive research efforts over the past few decades toward transforming the Internet to a more programmable, configurable, and manageable infrastructure. At the same time, SDN will surely become a new target of cyber attackers. In this paper, we point out one of the critical vulnerabilities in SDNs, the capacity of controller, which is most likely to be attacked. Due to the logical centralized management, the breakdown of a controller may disrupt a whole SDN network, which can be easily occurred by Packet-In messages flooding attack (a network-level DDoS attack). To provide a robust environment in SDN, we propose an effective detection method, which has low overhead and high accuracy. We first classify the potential switches that are compromised using Bayesian Network, which is a supervised learning algorithm. Then, we deploy the anomaly detection on the vulnerable switches to detect the Packet-In messages flooding attack based on fuzzy c-means. Extensive simulations and testbed-based experiments show that the proposed solution can defeat the Packet-In messages flooding attack with low overhead and high accuracy.

References

[1]

Akhunzada A, Ahmed E, Gani A (2015) Securing software defined networks: taxonomy, requirements, and open issues. IEEE Commun Mag 53:36-44.

Digital Library

[2]

Al-Fares M, Loukissas A, Vahdat A (2008) A scalable, commodity data center network architecture. ACM SIGCOMM Comput Commun Rev 38:63-74.

Digital Library

[3]

Benson T, Akella A, Maltz D-A (2010) Network traffic characteristics of data centers in the wild. In: ACM SIGCOMM conference on internet measurement, pp 267-280.

Digital Library

[4]

Borgnat P, Dewaele G, Fukuda K (2009) Seven years and one day: Sketching the evolution of internet traffic. In: IEEE INFOCOM. pp 711-719.

[5]

Braga R, Mota E, Passito A (2010) Lightweight DDoS flooding attack detection using NOX/OpenFlow. In: IEEE conference on local computer networks, pp 408-415.

Digital Library

[6]

D-ITG [Online]. Available: http://traffic.comics.unina.it/software/ITG/. Accessed 2017.

[7]

Dong P, Du X, Zhang H (2016) A detection method for a novel DDoS attack against SDN controllers by vast new low-traffic flows. In: IEEE international conference on communications. pp 1-6.

[8]

Feng Y, Guo R, Wang D (2009) Research on the active DDoS filtering algorithm based on IP flow. In: International conference on natural computation. pp 628-632.

Digital Library

[9]

Handigol N, Heller B, Jeyakumar V (2014) I know what your packet did last hop: using packet histories to troubleshoot networks. In: Usenix conference on networked systems design and implementation. pp 71-85.

Digital Library

[10]

Hong S, Xu L, Wang H (2015) Poisoning network visibility in software defined networks: new attacks and countermeasures. In: Network and distributed system security symposium, pp 1-15.

[11]

Intrusion detection attacks database [Online]. Available: http://www.ll.mit.edu/ideval/docs/attackDB/. Accessed 2017.

[12]

Jain S, Kumar A, Mandal S (2013) B4: experience with a globally-deployed software defined wan. ACM SIGCOMM Comput Commun Rev 43:3-14.

Digital Library

[13]

Jamjoom H, Williams D, Sharma U (2014) Don't call them middle-boxes, call them middlepipes. In: The workshop on hot topics in software defined networking. pp 19-24.

Digital Library

[14]

Jarraya Y, Madi T, Debbabi M (2014) A survey and a layered taxonomy of software-defined networking. IEEE Commun Surv Tutor 16:1955-1980.

[15]

Kim H, Feamster N (2013) Improving network management with software defined networking. IEEE Commun Mag 51:114-119.

[16]

Kluti R, Kotronis V, Smith P (2013) OpenFlow: a security analysis. In: IEEE international conference on network protocols, pp 1-6.

[17]

Kotani D, Okabe Y (2014) A packet-in message filtering mechanism for protection of control plane in openflow networks. In: Tenth ACM/IEEE symposium on architectures for networking and communications systems. pp 29-40.

Digital Library

[18]

Kreutz D, Ramos F-M-V, Esteves Verissimo P (2014) Software-defined networking: a comprehensive survey. Proc IEEE 103:10-13.

[19]

Li J, Mirkovic J, Wang M (2002) SAVE: source address validity enforcement protocol. In: Joint conference of the IEEE computer and communications societies. pp 1557-1566.

[20]

Mckeown N, Anderson T, Balakrishnan H (2008) OpenFlow: enabling innovation in campus networks. ACM SIGCOMM Comput Commun Rev 38:69-74.

Digital Library

[21]

Mininet [Online]. Available: http://mininet.org/. Accessed 2017.

[22]

Mirkovic J, Reiher P (2004) A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Comput Commun Rev 34:39-53.

Digital Library

[23]

Mousavi S-M, St-Hilaire M (2015) Early detection of DDoS attacks against SDN controllers. In: International conference on computing, networking and communications. pp 77-81.

[24]

Open Networking Foundation [Online]. Available: https://www.opennetworking.org/. Accessed 2017.

[25]

Pal N-R, Bezdek J-C (1995) On cluster validity for the fuzzy c-means model. IEEE Trans Fuzzy Syst 3:370-379.

Digital Library

[26]

Park K, Lee H (2001) On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets. ACM SIGCOMM Comput Commun Rev 31:15-26.

Digital Library

[27]

Peng T, Leckie C, Ramamohanarao K (2007) Survey of network-based defense mechanisms countering the DoS and DDoS problems. ACM Comput Surv 39:3.

Digital Library

[28]

POX [Online]. Available: http://www.noxrepo.org/pox/about-pox/. Accessed 2017.

[29]

Sezer S, Scott-Hayward S, Chouhan P-K (2013) Arewe ready for SDN? Implementation challenges for software-defined networks. IEEE Commun Mag 51:36-43.

[30]

Shin S, Yegneswaran V, Porras P (2013) AVANT-GUARD: scalable and vigilant switch flow management in software-defined networks. In: ACM Sigsac conference on computer and communications security, pp 413-424.

Digital Library

[31]

Silva S, Rgio S-C, Silva R-M-P (2013) Botnets: a survey, computer networks. Int J Comput Telecommun Netw 57:378-403.

Digital Library

[32]

Viegas E, Santin A, Fanca A (2017) Towards an energy-efficient anomaly-based intrusion detection engine for embedded systems. IEEE Trans Comput 66:163-177.

Digital Library

[33]

Wang H, Xu L, Gu G (2015) FloodGuard: a DoS attack prevention extension in software-defined networks. In: IEEE international conference on dependable systems and networks, pp 239-250.

Digital Library

[34]

Xia W, Wen Y, Foh C-H (2015) A survey on software-defined networking. Commun Surv Tutor IEEE 17:27-51.

Digital Library

[35]

Xu T, Gao D, Dong P (2017) Defending against new-flow attack in SDN-based internet of things, In: IEEE Access, p 99.

[36]

Xu Y, Liu Y (2016) DDoS attack detection under SDN context. In: IEEE INFOCOM. pp 1-9.

[37]

Yan Q, Yu F-R, Gong Q (2016) Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: a survey, some research issues, and challenges. IEEE Commun Surv Tutor 18:602-622.

Digital Library

[38]

Yu S, Tian Y, Guo S (2014) Can we beat DDoS attacks in clouds. IEEE Trans Parallel Distrib Syst 25:2245-2254.

[39]

Zargar S-T, Joshi J, Tipper D (2013) A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Commun Surv Tutor 15:2046-2069.

[40]

Zheng K, Wang X, Li L (2014) Joint power optimization of data center network and servers with correlation analysis. In: IEEE INFOCOM. pp 2598-2606.

Cited By

Tang DDai RYan YLi KLiang WQin Z(2024)When SDN Meets Low-rate Threats: A Survey of Attacks and Countermeasures in Programmable NetworksACM Computing Surveys10.1145/370443457:4(1-32)Online publication date: 30-Nov-2024
https://dl.acm.org/doi/10.1145/3704434
Wabi AIdris IOlaniyi OOjeniyi J(2024)DDOS attack detection in SDNComputers and Security10.1016/j.cose.2023.103652139:COnline publication date: 16-May-2024
https://dl.acm.org/doi/10.1016/j.cose.2023.103652
Li FRen J(2024)Suppression of Malicious Code Propagation in Software-Defined NetworkingWireless Personal Communications: An International Journal10.1007/s11277-024-11065-8135:1(493-516)Online publication date: 1-Mar-2024
https://dl.acm.org/doi/10.1007/s11277-024-11065-8
Show More Cited By

Recommendations

Defending SDN against packet injection attacks using deep learning
Abstract
The (logically) centralized architecture of software-defined networks makes them an easy target for packet injection attacks. In these attacks, the attacker injects malicious packets into the SDN network to affect the services and ...
Traceback-based Bloomfilter IPS in defending SYN flooding attack
WiCOM'09: Proceedings of the 5th International Conference on Wireless communications, networking and mobile computing

Recently, the key of network security is turning from passive detection to active defense. However, most works focused on how fast it can detect the DDoS attack and start defence, and existing methods for differentiating DDoS attack packets, especially ...
External Device to Protect the Software-Defined Network Performance in Case of a Malicious Attack
ICFNDS '19: Proceedings of the 3rd International Conference on Future Networks and Distributed Systems

Many security analyses argue that the Software-Defined Network (SDNs) framework has many vulnerabilities because SDN provides malicious users an easy opportunity to overload network resources. Typically, the malicious user directs the attack towards the ...

Comments

Information & Contributors

Information

Published In

cover image Soft Computing - A Fusion of Foundations, Methodologies and Applications

Soft Computing - A Fusion of Foundations, Methodologies and Applications Volume 22, Issue 20

October 2018

331 pages

ISSN:1432-7643

EISSN:1433-7479

Issue’s Table of Contents

Copyright © Copyright © 2018 Springer-Verlag GmbH Germany, part of Springer Nature.

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 01 October 2018

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

13
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 07 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Tang DDai RYan YLi KLiang WQin Z(2024)When SDN Meets Low-rate Threats: A Survey of Attacks and Countermeasures in Programmable NetworksACM Computing Surveys10.1145/370443457:4(1-32)Online publication date: 30-Nov-2024
https://dl.acm.org/doi/10.1145/3704434
Wabi AIdris IOlaniyi OOjeniyi J(2024)DDOS attack detection in SDNComputers and Security10.1016/j.cose.2023.103652139:COnline publication date: 16-May-2024
https://dl.acm.org/doi/10.1016/j.cose.2023.103652
Li FRen J(2024)Suppression of Malicious Code Propagation in Software-Defined NetworkingWireless Personal Communications: An International Journal10.1007/s11277-024-11065-8135:1(493-516)Online publication date: 1-Mar-2024
https://dl.acm.org/doi/10.1007/s11277-024-11065-8
Lahlou SMoukafih YSebbar AZkik KBoulmalf MGhogho M(2022)TD-RA policy-enforcement framework for an SDN-based IoT architectureJournal of Network and Computer Applications10.1016/j.jnca.2022.103390204:COnline publication date: 1-Aug-2022
https://dl.acm.org/doi/10.1016/j.jnca.2022.103390
Stepanov MPavlenko ELavrova D(2021)Detecting Network Attacks on Software Configured Networks Using the Isolating Forest AlgorithmAutomatic Control and Computer Sciences10.3103/S014641162108030755:8(1039-1050)Online publication date: 1-Dec-2021
https://dl.acm.org/doi/10.3103/S0146411621080307
Cui YQian QGuo CShen GTian YXing HYan L(2021)Towards DDoS detection mechanisms in Software-Defined NetworkingJournal of Network and Computer Applications10.1016/j.jnca.2021.103156190:COnline publication date: 15-Sep-2021
https://dl.acm.org/doi/10.1016/j.jnca.2021.103156
Peng JCui YQian QGuo CJiang CLi S(2021)ADVICEJournal of Information Security and Applications10.1016/j.jisa.2021.10301763:COnline publication date: 1-Dec-2021
https://dl.acm.org/doi/10.1016/j.jisa.2021.103017
Kaur SKumar KAggarwal NSingh G(2021)A comprehensive survey of DDoS defense solutions in SDNComputers and Security10.1016/j.cose.2021.102423110:COnline publication date: 1-Nov-2021
https://dl.acm.org/doi/10.1016/j.cose.2021.102423
Shohani RMostafavi SHakami V(2021)A Statistical Model for Early Detection of DDoS Attacks on Random Targets in SDNWireless Personal Communications: An International Journal10.1007/s11277-021-08465-5120:1(379-400)Online publication date: 1-Sep-2021
https://dl.acm.org/doi/10.1007/s11277-021-08465-5
Masdari MKhezri H(2020)Towards fuzzy anomaly detection-based security: a comprehensive reviewFuzzy Optimization and Decision Making10.1007/s10700-020-09332-x20:1(1-49)Online publication date: 23-Jul-2020
https://dl.acm.org/doi/10.1007/s10700-020-09332-x
Show More Cited By

View Options

View options

Figures

Tables

Media

View Issue’s Table of Contents