Detection and Mitigation of DoS and DDoS Attacks in IoT-Based Stateful SDN: An Experimental Approach

The expected advent of the Internet of Things (IoT) has triggered a large demand of embedded devices, which envisions the autonomous interaction of sensors and actuators while offering all sort of smart services. However, these IoT devices are limited in computation, storage, and network capacity, which makes them easy to hack and compromise. To achieve secure development of IoT, it is necessary to engineer scalable security solutions optimized for the IoT ecosystem. To this end, Software Defined Networking (SDN) is a promising paradigm that serves as a pillar in the fifth generation of mobile systems (5G) that could help to detect and mitigate Denial of Service (DoS) and Distributed DoS (DDoS) threats. In this work, we propose to experimentally evaluate an entropy-based solution to detect and mitigate DoS and DDoS attacks in IoT scenarios using a stateful SDN data plane. The obtained results demonstrate for the first time the effectiveness of this technique targeting real IoT data traffic.

[1]  Antonio Skarmeta,et al.  Security Management Architecture for NFV/SDN-Aware IoT Systems , 2019, IEEE Internet of Things Journal.

[2]  Nick Feamster,et al.  Improving network management with software defined networking , 2013, IEEE Commun. Mag..

[3]  Min Chen,et al.  Software-Defined Network Function Virtualization: A Survey , 2015, IEEE Access.

[4]  Georgios Kambourakis,et al.  Lightweight algorithm for protecting SDN controller against DDoS attacks , 2017, 2017 10th IFIP Wireless and Mobile Networking Conference (WMNC).

[5]  Jingfeng Xue,et al.  Detecting anomalous traffic in the controlled network based on cross entropy and support vector machine , 2019, IET Inf. Secur..

[6]  Mehmet Demirci,et al.  DoS Attack Detection using Packet Statistics in SDN , 2019, 2019 International Symposium on Networks, Computers and Communications (ISNCC).

[7]  Basil S. Maglaris,et al.  Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments , 2014, Comput. Networks.

[8]  Ghufran Ahmed,et al.  Deep Learning based Ensemble Convolutional Neural Network Solution for Distributed Denial of Service Detection in SDNs , 2019, 2019 UK/ China Emerging Technologies (UCET).

[9]  Fernando M. V. Ramos,et al.  Software-Defined Networking: A Comprehensive Survey , 2014, Proceedings of the IEEE.

[10]  Elena Sitnikova,et al.  Towards the Development of Realistic Botnet Dataset in the Internet of Things for Network Forensic Analytics: Bot-IoT Dataset , 2018, Future Gener. Comput. Syst..

[11]  Faqir Zarrar Yousaf,et al.  NFV and SDN—Key Technology Enablers for 5G Networks , 2017, IEEE Journal on Selected Areas in Communications.

[12]  Stefano Giordano,et al.  A SDN-IoT Architecture with NFV Implementation , 2016, 2016 IEEE Globecom Workshops (GC Wkshps).

[13]  DiotChristophe,et al.  Mining anomalies using traffic feature distributions , 2005 .

[14]  Ranyelson Neres Carvalho,et al.  Entropy-Based DoS Attack Identification in SDN , 2019, 2019 IEEE International Parallel and Distributed Processing Symposium Workshops (IPDPSW).

[15]  Nick McKeown,et al.  Reproducible network experiments using container-based emulation , 2012, CoNEXT '12.

[16]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[17]  Ayman I. Kayssi,et al.  IoT survey: An SDN and fog computing perspective , 2018, Comput. Networks.

[18]  Tooska Dargahi,et al.  A Survey on the Security of Stateful SDN Data Planes , 2017, IEEE Communications Surveys & Tutorials.

[19]  Jordi Pérez-Romero,et al.  Technology pillars in the architecture of future 5G mobile networks: NFV, MEC and SDN , 2017, Comput. Stand. Interfaces.

[20]  DaveMayank,et al.  Software-defined Networking-based DDoS Defense Mechanisms , 2019 .

[21]  Mark Crovella,et al.  Mining anomalies using traffic feature distributions , 2005, SIGCOMM '05.

[22]  Mayank Dave,et al.  Software-defined Networking-based DDoS Defense Mechanisms , 2019, ACM Comput. Surv..

[23]  Stanislav Ocovaj,et al.  Application of entropy formulas in detection of denial‐of‐service attacks , 2019, Int. J. Commun. Syst..

[24]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .

[25]  Zhiyuan Tan,et al.  A comprehensive survey of security threats and their mitigation techniques for next‐generation SDN controllers , 2020, Concurr. Comput. Pract. Exp..

[26]  Hongke Zhang,et al.  Accuracy or delay? A game in detecting interest flooding attacks , 2018, Internet Technol. Lett..

[27]  Donald F. Towsley,et al.  Detecting anomalies in network traffic using maximum entropy estimation , 2005, IMC '05.

[28]  Gang Liu,et al.  Efficient DDoS attacks mitigation for stateful forwarding in Internet of Things , 2019, J. Netw. Comput. Appl..

[29]  Andrea Zanella,et al.  IoT: Internet of Threats? A Survey of Practical Security Vulnerabilities in Real IoT Devices , 2019, IEEE Internet of Things Journal.

[30]  Joel J. P. C. Rodrigues,et al.  A comprehensive survey on network anomaly detection , 2018, Telecommunication Systems.

[31]  Gürkan Gür,et al.  JESS: Joint Entropy-Based DDoS Defense Scheme in SDN , 2018, IEEE Journal on Selected Areas in Communications.

[32]  Tarik Taleb,et al.  A Survey on Emerging SDN and NFV Security Mechanisms for IoT Systems , 2019, IEEE Communications Surveys & Tutorials.

[33]  Tanesh Kumar,et al.  Overview of 5G Security Challenges and Solutions , 2018, IEEE Communications Standards Magazine.

[34]  Mathieu Bouet,et al.  DDoS protection with stateful software‐defined networking , 2018, Int. J. Netw. Manag..