Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content

DoSSec: A Reputation-Based DoS Mitigation Mechanism on SDN

  • Conference paper
  • First Online:
Advanced Information Networking and Applications (AINA 2021)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 226))

Abstract

Denial-of-service (DoS) attacks bring many challenges in software-defined networks (SDN), mainly due to the vulnerabilities present in the communication between the control and data planes. Mitigation mechanisms have been proposed to alleviate these problems with the side effect of blocking legitimate flows. This work presents a DoS attack mitigation mechanism, named DoSSec, which encompasses a flow-based reputation strategy to improve detection of spurious traffic. The results show that DoSSec is able to prioritize and preserve an average of \(95\%\) legitimate traffic compared to state-of-the-art solutions, reducing impacts caused by SYN flood DoS attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Ambrosin, M., Conti, M., Gaspari, F.D., Poovendran, R.: LineSwitch: tackling control plane saturation attacks in SDN. IEEE/ACM Trans. Networking 25 (2017)

    Google Scholar 

  2. Beitollahi, H., Deconinck, G.: Analyzing well-known countermeasures against distributed denial of service attacks. Comput. Commun. 35(11), 1312–1332 (2012)

    Article  Google Scholar 

  3. Bera, P., Saha, A., Setua, S.K.: DoS in SDN. In: 5th International CCSNT, pp. 497–501, December 2016

    Google Scholar 

  4. Bosshart, P., Daly, D., Gibb, G., Izzard, M., McKeown, N., Rexford, J., Schlesinger, C., Talayco, D., Vahdat, A., Varghese, G., Walker, D.: P4: programming protocol-independent packet processors. SIGCOMM Rev. 44(3), 87–95 (2014)

    Article  Google Scholar 

  5. Carvalho, R.N., Costa, L.R., Bordim, J.L., Alchieri, E.A.P.: New programmable data plane architecture based on P4 OpenFlow agent. In: Barolli, L., Amato, F., Moscato, F., Enokido, T., Takizawa, M. (eds.) AINA. pp, pp. 1355–1367. Springer, Cham (2020)

    Google Scholar 

  6. Dridi, L., Zhani, M.F.: SDN-guard: DoS attacks mitigation in SDN networks. In: 5th International Conference Cloudnet, pp. 212–217, October 2016

    Google Scholar 

  7. Fichera, S., Galluccio, L., Grancagnolo, S.C., Morabito, G.: OPERETTA: an OPEnFlow-based REmedy to mitigate TCP SYNFLOOD Attacks against web servers. Comput. Netw. 92, 89–100 (2015)

    Article  Google Scholar 

  8. Imran, M., Durad, H., Khan, F., Derhab, A.: Toward an optimal solution against DoS attacks in software defined networks. Future Gener. Comput. Syst. 92, 09 (2018)

    Google Scholar 

  9. Kalkan, K., Gür, G., Alagöz, F.: SDNScore: a statistical defense mechanism against DDoS attacks in SDN environment. In 2017 ISCC, pp. 669–675 (2017)

    Google Scholar 

  10. Kuerban, M., Tian, Y., Yang, Q., Jia, Y., Huebert, B.: FlowSec: DoS attack mitigation strategy on SDN controller. In: International CNAS, pp. 1–2, August 2016

    Google Scholar 

  11. Kumar, P., Tripathi, M., Nehra, A., Conti, M., Lal, C.: Safety: early detection and mitigation of TCP SYN flood utilizing entropy in SDN. IEEE Trans. Netw. Serv. Manag. (2018)

    Google Scholar 

  12. Lapolli, A.C., Marques, J.A., Gaspary, L.P.: Offloading real-time DDoS attack detection to programmable data planes. In: IFIP International Symposium on Integrated Network Management (2019)

    Google Scholar 

  13. Lau, F., Rubin, S.H., Smith, M.H., Trajkovic, L.: DDoS attacks, vol. 3, pp. 2275–2280, February 2000

    Google Scholar 

  14. Mohammadi, R., Javidan, R., Conti, M.: SLICOTS: an SDN-based lightweight countermeasure for SYN flooding attacks. IEEE Trans. Netw. Serv. Manag. 14, 487–497 (2017)

    Article  Google Scholar 

  15. Niemiec, M., Jaglarz, P., Jekot, M., Chołda, P., Boryło, P.: Risk assessment approach to secure northbound interface of SDN networks. In: 2019 ICNC, pp. 164–169 (2019)

    Google Scholar 

  16. Nugraha, M., Paramita, I., Choi, D., Cho, B.: Utilizing OpenFlow and sFlow to detect and mitigate SYN flooding attack. J. Korea Multimedia Soc. 8(8) (2014)

    Google Scholar 

  17. Shin, S., Yegneswaran, V., Porras, P., Gu, G.: AVANT-GUARD: scalable and vigilant switch flow management in SDN. In: ACM SIGSAC Conference on Computer, pp. 413–424 (2013)

    Google Scholar 

  18. Sviridov, G., Bonola, M., Giaccone, P., Bianchi, G.: LODGE: LOcal Decisions on Global statEs in progrananaable data planes. In: 4th CNSW, pp. 257–261 (2018)

    Google Scholar 

  19. Wang, Y., Liu, Y., Hu, J., Zhang, M., Wang, X.: Reputation and incentive mechanism for SDN applications. In: 14th International CMASN, pp. 152–157 (2018)

    Google Scholar 

Download references

Acknowledgements

This work is partially supported by the MCTIC/RNP/CTIC (Brazil) through the project P4Sec.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Ranyelson N. Carvalho .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Carvalho, R.N., Costa, L.R., Bordim, J.L., Alchieri, E. (2021). DoSSec: A Reputation-Based DoS Mitigation Mechanism on SDN. In: Barolli, L., Woungang, I., Enokido, T. (eds) Advanced Information Networking and Applications. AINA 2021. Lecture Notes in Networks and Systems, vol 226. Springer, Cham. https://doi.org/10.1007/978-3-030-75075-6_62

Download citation

Publish with us

Policies and ethics