Cyberpulse: A Machine Learning Based Link Flooding Attack Mitigation System for Software Defined Networks

Software-defined networking (SDN) offers a novel paradigm for effective network management by decoupling the control plane from the data plane thereby allowing a high level of manageability and programmability. However, the notion of a centralized controller becomes a bottleneck by opening up a host of vulnerabilities to various types of attacks. One of the most harmful, stealthy, and easy to launch attacks against networked systems is the link flooding attack (LFA). In this paper, we demonstrate the vulnerability of the SDN control layer to LFA and how the attack strategy differs when targeting traditional networks which primarily involves attacking the links directly. In LFA, the attacker employs bots to surreptitiously send low rate legitimate traffic on the control channel which ultimately results in disconnecting control plane from the data plane. Mitigating LFA on the control channel remains a challenge in the network security paradigm with the use of network traffic filtering only. To address this challenge, we propose CyberPulse, a novel effective countermeasure, underpinning a machine learning-based classifier to alleviate LFA in SDN. CyberPulse performs network surveillance by classifying network traffic using deep learning techniques and is implemented as an extension module in the Floodlight controller. CyberPulse was evaluated for its accuracy, false positive rate, and effectiveness as compared to competing approaches on realistic networks generated using Mininet. The results show that CyberPulse can classify malicious flows with high accuracy and mitigate them effectively.

[1]  Vyas Sekar,et al.  SPIFFY: Inducing Cost-Detectability Tradeoffs for Persistent Link-Flooding Attacks , 2016, NDSS.

[2]  A. Murat Tekalp,et al.  Dynamic management of control plane performance in software-defined networks , 2016, 2016 IEEE NetSoft Conference and Workshops (NetSoft).

[3]  Narmeen Zakaria Bawany,et al.  DDoS Attack Detection and Mitigation Using SDN: Methods, Practices, and Solutions , 2017, Arabian Journal for Science and Engineering.

[4]  Xenofontas A. Dimitropoulos,et al.  A novel framework for modeling and mitigating distributed link flooding attacks , 2016, IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications.

[5]  Guangping Zeng,et al.  Classification of Medical Consultation Text Using Mobile Agent System Based on Naïve Bayes Classifier , 2017, 5GWN.

[6]  Lei Xue,et al.  LinkScope: Toward Detecting Target Link Flooding Attacks , 2018, IEEE Transactions on Information Forensics and Security.

[7]  Lei Wei,et al.  FlowRanger: A request prioritizing algorithm for controller DoS attacks in Software Defined Networks , 2015, 2015 IEEE International Conference on Communications (ICC).

[8]  Reza Mohammadi,et al.  An adaptive type-2 fuzzy traffic engineering method for video surveillance systems over software defined networks , 2017, Multimedia Tools and Applications.

[9]  Lei Xu,et al.  Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures , 2015, NDSS.

[10]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[11]  Jim Esch,et al.  Software-Defined Networking: A Comprehensive Survey , 2015, Proc. IEEE.

[12]  David R. Karger,et al.  Tackling the Poor Assumptions of Naive Bayes Text Classifiers , 2003, ICML.

[13]  Mauro Conti,et al.  SLICOTS: An SDN-Based Lightweight Countermeasure for TCP SYN Flooding Attacks , 2017, IEEE Transactions on Network and Service Management.

[14]  Ehab Al-Shaer,et al.  Agile virtualized infrastructure to proactively defend against cyber attacks , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[15]  Iwao Sasase,et al.  Fast target link flooding attack detection scheme by analyzing traceroute packets flow , 2015, 2015 IEEE International Workshop on Information Forensics and Security (WIFS).

[16]  Xenofontas A. Dimitropoulos,et al.  On the Interplay of Link-Flooding Attacks and Traffic Engineering , 2016, CCRV.

[17]  Murali S. Kodialam,et al.  Traffic engineering in software defined networks , 2013, 2013 Proceedings IEEE INFOCOM.

[18]  Paul Goransson,et al.  The OpenFlow Specification , 2014 .

[19]  Arno De Caigny,et al.  A new hybrid classification algorithm for customer churn prediction based on logistic regression and decision trees , 2018, Eur. J. Oper. Res..

[20]  Seungwon Shin,et al.  Software-Defined HoneyNet: Towards Mitigating Link Flooding Attacks , 2017, 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W).

[21]  Bo An,et al.  Protecting internet infrastructure against link flooding attacks: A techno-economic perspective , 2019, Inf. Sci..

[22]  Jianping Wu,et al.  Towards mitigating Link Flooding Attack via incremental SDN deployment , 2016, 2016 IEEE Symposium on Computers and Communication (ISCC).

[23]  Kemal Akkaya,et al.  Mitigating Crossfire Attacks Using SDN-Based Moving Target Defense , 2016, 2016 IEEE 41st Conference on Local Computer Networks (LCN).

[24]  Bo Yang,et al.  Is every flow on the right track?: Inspect SDN forwarding with RuleScope , 2016, IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications.

[25]  Virgil D. Gligor,et al.  CoDef: collaborative defense against large-scale link-flooding attacks , 2013, CoNEXT.

[26]  Ahmed Toumanari,et al.  Survey of Security in Software-Defined Network , 2017 .

[27]  Qi Hao,et al.  A Survey on Software-Defined Network and OpenFlow: From Concept to Implementation , 2014, IEEE Communications Surveys & Tutorials.

[28]  Heejo Lee,et al.  Flooding DDoS mitigation and traffic management with software defined networking , 2015, 2015 IEEE 4th International Conference on Cloud Networking (CloudNet).

[29]  Zhiyang Li,et al.  An Efficient DDoS Detection with Bloom Filter in SDN , 2016, 2016 IEEE Trustcom/BigDataSE/ISPA.

[30]  Lei Xue,et al.  Towards Detecting Target Link Flooding Attack , 2014, LISA.

[31]  Bo Yang,et al.  SDNShield: Reconciliating Configurable Application Permissions for SDN App Markets , 2016, 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).