On Denial of Service Attacks in Software Defined Networks

Software defined networking greatly simplifies network management by decoupling control functions from the network data plane. However, such a decoupling also opens SDN to various denial of service attacks: an adversary can easily exhaust network resources by flooding short-lived spoofed flows. Toward this issue, we present a comprehensive study of DoS attacks in SDN, and propose multi-layer fair queueing (MLFQ), a simple but effective DoS mitigation method. MLFQ enforces fair sharing of an SDN controller's resources with multiple layers of queues, which can dynamically expand and aggregate according to controller load. Both testbed-based and emulation-based experiments demonstrate the effectiveness of MLFQ in mitigating DoS attacks targeted at SDN controllers.

[1]  F. Richard Yu,et al.  Software-Defined Networking (SDN) and Distributed Denial of Service (DDoS) Attacks in Cloud Computing Environments: A Survey, Some Research Issues, and Challenges , 2016, IEEE Communications Surveys & Tutorials.

[2]  QUTdN QeO,et al.  Random early detection gateways for congestion avoidance , 1993, TNET.

[3]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[4]  Vinod Yegneswaran,et al.  AVANT-GUARD: scalable and vigilant switch flow management in software-defined networks , 2013, CCS.

[5]  Fang Hao,et al.  Scotch: Elastically Scaling up SDN Control-Plane using vSwitch based Overlay , 2014, CoNEXT.

[6]  David K. Y. Yau,et al.  Defending against distributed denial-of-service attacks with max-min fair server-centric router throttles , 2005, IEEE/ACM Transactions on Networking.

[7]  David Walker,et al.  CacheFlow: Dependency-Aware Rule-Caching for Software-Defined Networks , 2016, SOSR.

[8]  Ji Yang,et al.  Design of All Programable Innovation Platform for Software Defined Networking , 2014, ONS.

[9]  Eric Torng,et al.  TCAM Razor: A Systematic Approach Towards Minimizing Packet Classifiers in TCAMs , 2007, 2007 IEEE International Conference on Network Protocols.

[10]  Jiahua Lu Design of All Programmable Innovation Platform for Software Defined Networking , 2014 .

[11]  Lei Xu,et al.  FloodGuard: A DoS Attack Prevention Extension in Software-Defined Networks , 2015, 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[12]  Markku Antikainen,et al.  Denial-of-service attacks in OpenFlow SDN networks , 2015, 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM).