Mitigating SYN flooding Attack and ARP Spoofing in SDN Data Plane

As the number of network devices increases rapidly, it becomes more and more difficult to defend network attacks. Large-scaled attacks, such as SYN flooding, may lead to heavy burden to the switches as well as the controller in a software defined network (SDN). In this paper, we investigate the SYN flooding and Address Resolution Protocol (ARP) spoofing attacks in SDN, and then propose mechanisms to address these two attacks. We also present a new scheme to detect SYN flooding by using only a few forwarding rules. Moreover, we utilize the Programming Protocol-independent Packet Processors (P4) technique to mitigate the burden of the controller.

[1]  W. Buck,et al.  MININET , 1979, Prax. Inf.verarb. Kommun..

[2]  Wesley M. Eddy,et al.  TCP SYN Flooding Attacks and Common Mitigations , 2007, RFC.

[3]  L. Ginsberg,et al.  Cisco Systems , 2003 .

[4]  Patrick D. McDaniel,et al.  TARP: ticket-based address resolution protocol , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[5]  Danilo Bruschi,et al.  S-ARP: a secure address resolution protocol , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[6]  George Varghese,et al.  P4: programming protocol-independent packet processors , 2013, CCRV.