DeMONS: A DDoS Mitigation NFV Solution

Distributed Denial of Service (DDoS) attacks become increasingly sophisticated and massive in traffic volume. These attacks can be mainly classified as IP Spoofing or Real Source IP. In special, Real Source IP attacks are characterized by the use of malware-infected hosts to simulate real network traffic. Those attacks are constantly evolving, new and sophisticated infection methods are always being employed by attackers. To deal with such constant change, the research community is always searching for advanced approaches to mitigate, or even eliminate, those threats. One of these new approaches, is the use of Network Function Virtualization (NFV). This new paradigm supports the creation of more scalable and flexible, thus resilient, network infrastructures. We, therefore, propose a DDoS mitigation system - called DeMONS - that uses NFV concept together both a dynamic allocation and a reputation mechanisms. The results demonstrate that the employed techniques are a feasible solution to reach higher utilization rates.

[1]  Thomas D. Nadeau,et al.  Problem Statement for Service Function Chaining , 2015, RFC.

[2]  K. K. Ramakrishnan,et al.  OpenNetVM: A Platform for High Performance Network Service Chains , 2016, HotMiddlebox@SIGCOMM.

[3]  Vyas Sekar,et al.  Making middleboxes someone else's problem: network processing as a cloud service , 2012, SIGCOMM '12.

[4]  Luigi Rizzo,et al.  netmap: A Novel Framework for Fast Packet I/O , 2012, USENIX ATC.

[5]  Woosik Lee,et al.  Study on Virtual Service Chain for Secure Software-Defined Networking , 2013, ICCA 2013.

[6]  David Wetherall,et al.  TVA: a DoS-limiting network architecture , 2008, TNET.

[7]  Fulvio Risso,et al.  Research Directions in Network Service Chaining , 2013, 2013 IEEE SDN for Future Networks and Services (SDN4FNS).

[8]  Talal Alharbi,et al.  Holistic DDoS mitigation using NFV , 2017, 2017 IEEE 7th Annual Computing and Communication Workshop and Conference (CCWC).

[9]  Aikaterini Mitrokotsa,et al.  DDoS attacks and defense mechanisms: classification and state-of-the-art , 2004, Comput. Networks.

[10]  Carol J. Fung,et al.  VGuard: A distributed denial of service attack mitigation method using network function virtualization , 2015, 2015 11th International Conference on Network and Service Management (CNSM).

[11]  Lee Garber,et al.  Denial-of-Service Attacks Rip the Internet , 2000, Computer.

[12]  Wei Yang,et al.  VFence: A Defense against Distributed Denial of Service Attacks Using Network Function Virtualization , 2016, 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC).

[13]  Elisa Bertino,et al.  A Collaborative DDoS Defence Framework Using Network Function Virtualization , 2017, IEEE Transactions on Information Forensics and Security.

[14]  Esraa Alomari,et al.  Botnet-based Distributed Denial of Service (DDoS) Attacks on Web Servers: Classification and Art , 2012, ArXiv.

[15]  Lisandro Zambenedetti Granville,et al.  Click-on-OSv: A platform for running Click-based middleboxes , 2017, 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM).