Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

On Profiling, Benchmarking and Behavioral Analysis of SDN Architecture Under DDoS Attacks

  • Published:
Journal of Network and Systems Management Aims and scope Submit manuscript

Abstract

Software-Defined Networking (SDN) has attracted much attention from research and industrial communities recently as it is more agile and flexible compared to conventional networking technology in offering new network functions and services. By separating the network control functions from the forwarding devices and placing them in a centralized, softwarized and programmable SDN controller, new network functions and services can be easily added into the network in an on-demand manner. However, the centralized control paradigm and the flow-based forwarding principle make the SDN architecture more fragile and vulnerable to malicious actions, such as cyber hijacking or DDoS attacks. In this paper, we focus on analyzing and evaluating negative impacts of DDoS attacks on the SDN architecture. By performing stress tests, the performance of such common SDN controllers as POX, Ryu and Floodlight under DDoS attacks is benchmarked, along with their impacts on the SDN switch and OpenFlow channel. We also address some new threats and vulnerabilities introduced by the nature of SDN.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13

Similar content being viewed by others

Data Availibility

All of data and materials are owned by the authors and/or no permissions are required

Code Availibility

All of code availability is owned by the authors and/or no permissions are required.

References

  1. McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., Shenker, S., Turner, J.: OpenFlow: enabling innovation in campus networks. ACM SIGCOMM Comput. Commun. Rev. 38(2), 69–74 (2008)

    Article  Google Scholar 

  2. Foundation, O.N.: Software-defined networking: the new norm for networks. ONF White Paper 2(2–6), 11 (2012)

    Google Scholar 

  3. Malik, M., Singh, Y.: A review: DoS and DDoS attacks. Int. J. Comput. Sci. Mob. Computing 4(6), 260–265 (2015)

    Google Scholar 

  4. Mahjabin, T., Xiao, Y., Sun, G., Jiang, W.: A survey of distributed denial-of-service attack, prevention, and mitigation techniques. Int. J. Distrib. Sens. Netw. 13(12), 1550147717741463 (2017)

    Article  Google Scholar 

  5. Mininet. http://mininet.org/. Accessed 25 March 2023

  6. Ryu. https://ryu-sdn.org/. Accessed 25 March 2023

  7. POX. https://noxrepo.github.io/pox-doc/html/. Accessed 25 March 2023

  8. Floodlight. https://floodlight.atlassian.net/wiki/spaces/floodlightcontroller/overview. Accessed 25 March 2023

  9. Dixit, A., Hao, F., Mukherjee, S., Lakshman, T., Kompella, R.R.: ElastiCon; An Elastic Distributed SDN Controller. In: 2014 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS), pp. 17–27. IEEE (2014)

  10. Macedo, R., de Castro, R., Santos, A., Ghamri-Doudane, Y., Nogueira, M.: Self-organized SDN Controller Cluster Conformations Against DDoS Attacks Effects. In: 2016 IEEE Global Communications Conference (GLOBECOM), pp. 1–6. IEEE (2016)

  11. Wang, Y., Hu, T., Tang, G., Xie, J., Lu, J.: SGS: safe-guard scheme for protecting control plane against ddos attacks in software-defined networking. IEEE Access 7, 34699–34710 (2019)

    Article  Google Scholar 

  12. El Houda, Z.A., Hafid, A.S., Khoukhi, L.: A novel machine learning framework for advanced attack detection using sdn. In: 2021 IEEE Global Communications Conference (GLOBECOM), pp. 1–6. IEEE (2021)

  13. Tuan, N.N., Nghia, N.D., Hung, P.H., Tuyen, D.K., Hieu, N.M., Hung, N.T., Thanh, N.H.: An Abnormal Network Traffic Detection Scheme Using Local Outlier Factor in SDN. In: 2020 IEEE Eighth International Conference on Communications and Electronics (ICCE), pp. 141–146. IEEE (2021)

  14. Abou El Houda, Z., Khoukhi, L., Hafid, A.S.: Bringing intelligence to software defined networks: mitigating ddos attacks. IEEE Trans. Netw. Serv. Manag. 17(4), 2523–2535 (2020)

    Article  Google Scholar 

  15. Tuan, N.N., Hung, P.H., Nghia, N.D., Tho, N.V., Trung, P.V., Thanh, N.H.: A DDoS attack mitigation scheme in ISP networks using machine learning based on SDN. Electronics (Networks Section) 9(3), 413 (2020)

    Google Scholar 

  16. Abou El Houda, Z., Hafid, A.S., Khoukhi, L.: Cochain-sc,: an intra-and inter-domain ddos mitigation scheme based on blockchain using sdn and smart contract. IEEE Access 7, 98893–98907 (2019)

    Article  Google Scholar 

  17. Khattak, Z.K., Awais, M., Iqbal, A.: Performance Evaluation of OpenDaylight SDN Controller. In: 2014 20th IEEE International Conference on Parallel and Distributed Systems (ICPADS), pp. 671–676. IEEE (2014)

  18. Zhu, L., Karim, M.M., Sharif, K., Xu, C., Li, F., Du, X., Guizani, M.: SDN controllers: a comprehensive analysis and performance evaluation study. ACM Computing Surveys (CSUR) 53(6), 1–40 (2020)

    Article  Google Scholar 

  19. Mostafavi, S., Hakami, V., Paydar, F.: Performance evaluation of software-defined networking controllers: a comparative study. Comput. Knowl. Eng. 2(2), 63–73 (2020)

    Google Scholar 

  20. Bholebawa, I.Z., Dalal, U.D.: Performance analysis of SDN/openflow controllers: POX versus floodlight. Wirel. Pers. Commun. 98(2), 1679–1699 (2018)

    Article  Google Scholar 

  21. Abdullah, M.Z., Al-Awad, N.A., Hussein, F.W.: Performance evaluation and comparison of software defined networks controllers. Int. J. Sci. Eng. Sci. 2(11), 45–50 (2018)

    Google Scholar 

  22. Zhao, Y., Iannone, L., Riguidel, M.: On The Performance of SDN Controllers: A Reality Check. In: 2015 IEEE Conference on Network Function Virtualization and Software Defined Network (NFV-SDN), pp. 79–85. IEEE (2015)

  23. Nguyen-Ngoc, A., Lange, S., Gebert, S., Zinner, T., Tran-Gia, P., Jarschel, M.: Performance Evaluation Mechanisms for Flowmod Message Processing in Openflow Switches. In: 2016 IEEE Sixth International Conference on Communications and Electronics (ICCE), pp. 40–45. IEEE (2016)

  24. He, K., Khalid, J., Gember-Jacobson, A., Das, S., Prakash, C., Akella, A., Li, L.E., Thottan, M.: Measuring Control Plane Latency in SDN-enabled Switches. In: Proceedings of the 1st ACM SIGCOMM Symposium on Software Defined Networking Research, pp. 1–6 (2015)

  25. Aliyu, A.L., Bull, P., Abdallah, A.: Performance Implication and Analysis of The OpenFlow SDN Protocol. In: 2017 31st International Conference on Advanced Information Networking and Applications Workshops (WAINA), pp. 391–396. IEEE (2017)

  26. Bianco, A., Birke, R., Giraudo, L., Palacin, M.: Openflow Switching: Data Plane Performance. In: 2010 IEEE International Conference on Communications, pp. 1–5. IEEE (2010)

  27. Costa, L.C., Vieira, A.B., e Silva, E.D., Macedo, D.F., Vieira, L.F., Vieira, M.A., Junior, M.D., Batista, G.F., Polizer, A.H., Goncalves, A.V., Gomes, G.: OpenFlow data planes performance evaluation. Perform. Eval. 147, 1021 (2021)

    Article  Google Scholar 

  28. Kuźniar, M., Perešíni, P., Kostić, D., Canini, M.: Methodology, measurement and analysis of flow table update characteristics in hardware openflow switches. Comput. Netw. 136, 22–36 (2018)

    Article  Google Scholar 

  29. Rygielski, P., Seliuchenko, M., Kounev, S., Klymash, M.: Performance Analysis of SDN Switches With Hardware and Software Flow Tables. In: VALUETOOLS (2016)

  30. Siddiqui, A.J., Boukerche, A.: On The Impact of DDoS Attacks on Software-defined Internet-of-vehicles Control Plane. In: 2018 14th International Wireless Communications & Mobile Computing Conference (IWCMC), pp. 1284–1289. IEEE (2018)

  31. Iperf. https://iperf.fr/. Accessed 25 March 2023

  32. Fontes, R.R., Afzal, S., Brito, S.H., Santos, M.A., Rothenberg, C.E.: Mininet-WiFi: Emulating Software-defined Wireless Networks. In: 2015 11th International Conference on Network and Service Management (CNSM), pp. 384–389. IEEE (2015)

  33. Sangodoyin, A., Sigwele, T., Pillai, P., Hu, Y.F., Awan, I., Disso, J.: DoS Attack Impact Assessment on Software Defined Networks. In: International Conference on Wireless and Satellite Systems, pp. 11–22. Springer (2017)

  34. Abdullah, A.F., Salem, F.M., Tammam, A., Azeem, M.H.A.: Performance analysis and evaluation of software defined networking controllers against denial of service attacks. J. Phys.: Conf. Ser. 1447, 012007 (2020)

    Google Scholar 

  35. Dayal, N., Srivastava, S.: Analyzing Behavior of DDoS Attacks to Identify DDoS Detection Features in SDN. In: 2017 9th International Conference on Communication Systems and Networks (COMSNETS), pp. 274–281. IEEE (2017)

  36. Alharbi, T., Layeghy, S., Portmann, M.: Experimental Evaluation of The Impact of DoS Attacks in SDN. In: 2017 27th International Telecommunication Networks and Applications Conference (ITNAC), pp. 1–6. IEEE (2017)

  37. Mladenov, B.: Studying the DDoS Attack Effect over SDN Controller Southbound Channel. In: 2019 X National Conference with International Participation (ELECTRONICA), pp. 1–4. IEEE (2019)

  38. Kandoi, R., Antikainen, M.: Denial-of-service Attacks in OpenFlow SDN Networks. In: 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM), pp. 1322–1326. IEEE (2015)

  39. Pascoal, T.A., Fonseca, I.E., Nigam, V.: Slow denial-of-service attacks on software defined networks. Comput. Netw. 173, 107223 (2020)

    Article  Google Scholar 

  40. Singh, M.P., Bhandari, A.: New-flow based DDoS attacks in SDN: taxonomy, rationales, and research challenges. Comput. Commun. 154, 509–527 (2020)

    Article  Google Scholar 

  41. Singh, J., Behal, S.: Detection and mitigation of DDoS attacks in SDN: a comprehensive review, research challenges and future directions. Comput. Sci. Rev. 37, 100279 (2020)

    Article  MATH  Google Scholar 

  42. Lin, C., Wu, C., Huang, M., Wen, Z., Zheng, Q.: Performance evaluation for SDN deployment: an approach based on stochastic network calculus. China Commun. 13(Supplement 1), 98–106 (2016)

    Article  Google Scholar 

  43. Ambrosin, M., Conti, M., De Gaspari, F., Devarajan, N.: Amplified Distributed Denial of Service Attack in Software Defined Networking. In: 2016 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS), pp. 1–4. IEEE (2016)

  44. Sun, X.S., Agarwal, A., Ng, T.E.: Controlling race conditions in openflow to accelerate application verification and packet forwarding. IEEE Trans. Netw. Serv. Manage. 12(2), 263–277 (2015)

    Article  Google Scholar 

  45. TCPReplay. https://tcpreplay.appneta.com/. Accessed 25 March 2023

  46. Bonesi. https://github.com/Markus-Go/bonesi. Accessed 25 March 2023

  47. Candela. https://www.candelatech.com/. Accessed 25 March 2023

  48. CAIDA traffic traces. https://www.caida.org/catalog/datasets/ddos-20070804_dataset/. Accessed 25 March 2023

  49. DDoS Evaluation Dataset (CIC-DDoS) (2019). https://www.unb.ca/cic/datasets/ddos-2019.html. Accessed 25 March 2023

  50. Rohith, R., Moharir, M., Shobha, G., : SCAPY-A powerful interactive packet manipulation program. In: 2018 International Conference on Networking, Embedded and Wireless Systems (ICNEWS), pp. 1–5. IEEE (2018)

  51. NOX. https://github.com/noxrepo/nox-classic. Accessed 25 March 2023

  52. Open vSwitch. https://www.openvswitch.org/. Accessed 25 March 2023

  53. OpenStack. https://www.openstack.org/. Accessed 25 March 2023

  54. Aruba 2920. https://www.arubanetworks.com/products/switches/access/. Accessed 25 March 2023

  55. Ching-Hao, C., Lin, Y.-D.: OpenFlow Version Roadmap. Technical report, tech. rep. (2015). http://speed.cis.nctu.edu.twydlin/miscpub

  56. Jawaharan, R., Mohan, P.M., Das, T., Gurusamy, M.: Empirical Evaluation of SDN Controllers Using Mininet/Wireshark and Comparison with Cbench. In: 2018 27th International Conference on Computer Communication and Networks (icccn), pp. 1–2. IEEE (2018)

  57. Transmission Control Protocol. RFC Editor (1981). https://doi.org/10.17487/RFC0793. https://www.rfc-editor.org/info/rfc793. Accessed 25 March 2023

  58. ONF: OpenFlow Switch Specification v1.3.0. https://opennetworking.org/wp-content/uploads/2014/10/openflow-spec-v1.3.0.pdf. Accessed 25 March 2023

  59. Semke, J., Mahdavi, J., Mathis, M.: Automatic TCP buffer tuning. In: Proceedings of the ACM SIGCOMM’98 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, pp. 315–323. (1998)

  60. Nainar, N.K., Ramdoss, Y., Orzach, Y.: Network Analysis Using Wireshark 2 Cookbook: Practical Recipes to Analyze and Secure Your Network Using Wireshark 2. Packt Publishing, Birmingham (2018)

    Google Scholar 

  61. Bauer, R.: Flow delegation: Flow table capacity bottleneck mitigation for software-defined networks. PhD thesis, Karlsruher Institut für Technologie (KIT) (2020). https://doi.org/10.5445/IR/1000122318. Accessed 25 March 2023.

  62. Aruba: Limiting the usage of hardware resources. https://techhub.hpe.com/eginfolib/Aruba/16.10/5200-6771/index.html#s_Limiting_the_usage_of_hardware_resources.html. Accessed 25 March 2023

  63. Intel: Open vSwitch* Enables SDN and NFV Transformation. https://networkbuilders.intel.com/docs/open-vswitch-enables-sdn-and-nfv-transformation-paper.pdf. Accessed 25 March 2023

Download references

Funding

No funding

Author information

Author notes

  1. Nguyen Ngoc Tuan, Dang Anh Khoa, Le Cong Tuan, Nguyen Trung Kien, Nguyen Xuan Dung and Ngo Quynh Thu have contributed equally to this work.

Authors and Affiliations

  1. Hanoi University of Science And Technology, 1 Dai Co Viet, Hanoi, 11657, Vietnam

    Nguyen Huu Thanh, Nguyen Ngoc Tuan, Dang Anh Khoa, Le Cong Tuan, Nguyen Xuan Dung & Ngo Quynh Thu

  2. University of Würzburg, Sanderring 2, Würzburg, 97070, Germany

    Nguyen Trung Kien

  3. Lucerne University of Applied Sciences and Arts, Suurstoffi 1, Rotkreuz, 6343, Switzerland

    Florian Wamser

Authors
  1. Nguyen Huu Thanh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nguyen Ngoc Tuan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Dang Anh Khoa
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Le Cong Tuan
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Nguyen Trung Kien
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Nguyen Xuan Dung
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Ngo Quynh Thu
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Florian Wamser
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

All authors contributed equally to this work

Corresponding author

Correspondence to Nguyen Huu Thanh.

Ethics declarations

Conflict of interest

I declare that the authors have no competing interests as defined by Springer, or other interests that might be perceived to influence the results and/or discussion reported in this paper.

Ethical Approval

Not applicable

Consent to Participate

Not applicable

Consent for Publication

Not applicable

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Thanh, N.H., Tuan, N.N., Khoa, D.A. et al. On Profiling, Benchmarking and Behavioral Analysis of SDN Architecture Under DDoS Attacks. J Netw Syst Manage 31, 43 (2023). https://doi.org/10.1007/s10922-023-09732-5

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s10922-023-09732-5

Keywords

Search

Navigation