Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

DoSSec: A Reputation-Based DoS Mitigation Mechanism on SDN

  • Conference paper
  • First Online:
Advanced Information Networking and Applications (AINA 2021)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 226))

  • 906 Accesses

Abstract

Denial-of-service (DoS) attacks bring many challenges in software-defined networks (SDN), mainly due to the vulnerabilities present in the communication between the control and data planes. Mitigation mechanisms have been proposed to alleviate these problems with the side effect of blocking legitimate flows. This work presents a DoS attack mitigation mechanism, named DoSSec, which encompasses a flow-based reputation strategy to improve detection of spurious traffic. The results show that DoSSec is able to prioritize and preserve an average of \(95\%\) legitimate traffic compared to state-of-the-art solutions, reducing impacts caused by SYN flood DoS attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Similar content being viewed by others

References

  1. Ambrosin, M., Conti, M., Gaspari, F.D., Poovendran, R.: LineSwitch: tackling control plane saturation attacks in SDN. IEEE/ACM Trans. Networking 25 (2017)

    Google Scholar 

  2. Beitollahi, H., Deconinck, G.: Analyzing well-known countermeasures against distributed denial of service attacks. Comput. Commun. 35(11), 1312–1332 (2012)

    Article  Google Scholar 

  3. Bera, P., Saha, A., Setua, S.K.: DoS in SDN. In: 5th International CCSNT, pp. 497–501, December 2016

    Google Scholar 

  4. Bosshart, P., Daly, D., Gibb, G., Izzard, M., McKeown, N., Rexford, J., Schlesinger, C., Talayco, D., Vahdat, A., Varghese, G., Walker, D.: P4: programming protocol-independent packet processors. SIGCOMM Rev. 44(3), 87–95 (2014)

    Article  Google Scholar 

  5. Carvalho, R.N., Costa, L.R., Bordim, J.L., Alchieri, E.A.P.: New programmable data plane architecture based on P4 OpenFlow agent. In: Barolli, L., Amato, F., Moscato, F., Enokido, T., Takizawa, M. (eds.) AINA. pp, pp. 1355–1367. Springer, Cham (2020)

    Google Scholar 

  6. Dridi, L., Zhani, M.F.: SDN-guard: DoS attacks mitigation in SDN networks. In: 5th International Conference Cloudnet, pp. 212–217, October 2016

    Google Scholar 

  7. Fichera, S., Galluccio, L., Grancagnolo, S.C., Morabito, G.: OPERETTA: an OPEnFlow-based REmedy to mitigate TCP SYNFLOOD Attacks against web servers. Comput. Netw. 92, 89–100 (2015)

    Article  Google Scholar 

  8. Imran, M., Durad, H., Khan, F., Derhab, A.: Toward an optimal solution against DoS attacks in software defined networks. Future Gener. Comput. Syst. 92, 09 (2018)

    Google Scholar 

  9. Kalkan, K., Gür, G., Alagöz, F.: SDNScore: a statistical defense mechanism against DDoS attacks in SDN environment. In 2017 ISCC, pp. 669–675 (2017)

    Google Scholar 

  10. Kuerban, M., Tian, Y., Yang, Q., Jia, Y., Huebert, B.: FlowSec: DoS attack mitigation strategy on SDN controller. In: International CNAS, pp. 1–2, August 2016

    Google Scholar 

  11. Kumar, P., Tripathi, M., Nehra, A., Conti, M., Lal, C.: Safety: early detection and mitigation of TCP SYN flood utilizing entropy in SDN. IEEE Trans. Netw. Serv. Manag. (2018)

    Google Scholar 

  12. Lapolli, A.C., Marques, J.A., Gaspary, L.P.: Offloading real-time DDoS attack detection to programmable data planes. In: IFIP International Symposium on Integrated Network Management (2019)

    Google Scholar 

  13. Lau, F., Rubin, S.H., Smith, M.H., Trajkovic, L.: DDoS attacks, vol. 3, pp. 2275–2280, February 2000

    Google Scholar 

  14. Mohammadi, R., Javidan, R., Conti, M.: SLICOTS: an SDN-based lightweight countermeasure for SYN flooding attacks. IEEE Trans. Netw. Serv. Manag. 14, 487–497 (2017)

    Article  Google Scholar 

  15. Niemiec, M., Jaglarz, P., Jekot, M., Chołda, P., Boryło, P.: Risk assessment approach to secure northbound interface of SDN networks. In: 2019 ICNC, pp. 164–169 (2019)

    Google Scholar 

  16. Nugraha, M., Paramita, I., Choi, D., Cho, B.: Utilizing OpenFlow and sFlow to detect and mitigate SYN flooding attack. J. Korea Multimedia Soc. 8(8) (2014)

    Google Scholar 

  17. Shin, S., Yegneswaran, V., Porras, P., Gu, G.: AVANT-GUARD: scalable and vigilant switch flow management in SDN. In: ACM SIGSAC Conference on Computer, pp. 413–424 (2013)

    Google Scholar 

  18. Sviridov, G., Bonola, M., Giaccone, P., Bianchi, G.: LODGE: LOcal Decisions on Global statEs in progrananaable data planes. In: 4th CNSW, pp. 257–261 (2018)

    Google Scholar 

  19. Wang, Y., Liu, Y., Hu, J., Zhang, M., Wang, X.: Reputation and incentive mechanism for SDN applications. In: 14th International CMASN, pp. 152–157 (2018)

    Google Scholar 

Download references

Acknowledgements

This work is partially supported by the MCTIC/RNP/CTIC (Brazil) through the project P4Sec.

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Brasilia, Brasilia, Brazil

    Ranyelson N. Carvalho, Lucas R. Costa, Jacir L. Bordim & Eduardo Alchieri

Authors
  1. Ranyelson N. Carvalho
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lucas R. Costa
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jacir L. Bordim
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Eduardo Alchieri
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ranyelson N. Carvalho .

Editor information

Editors and Affiliations

  1. Department of Information and Communication Engineering, Fukuoka Institute of Technology, Fukuoka, Japan

    Leonard Barolli

  2. Department of Computer Science, Ryerson University, Toronto, ON, Canada

    Isaac Woungang

  3. Faculty of Business Administration, Rissho University, Tokyo, Japan

    Tomoya Enokido

Rights and permissions

Reprints and permissions

Copyright information

© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Carvalho, R.N., Costa, L.R., Bordim, J.L., Alchieri, E. (2021). DoSSec: A Reputation-Based DoS Mitigation Mechanism on SDN. In: Barolli, L., Woungang, I., Enokido, T. (eds) Advanced Information Networking and Applications. AINA 2021. Lecture Notes in Networks and Systems, vol 226. Springer, Cham. https://doi.org/10.1007/978-3-030-75075-6_62

Download citation

Publish with us

Policies and ethics

Search

Navigation