SDN/NFV-Based Moving Target DDoS Defense Mechanism

The rapid development of internet technology makes the hacker’s attack more mature and diversified. One of the most serious security problems is distributed denial of service (DDoS) attack. In order to cope with information security issues, a new form of defensive thinking, moving target defense (MTD), has been proposed. The emergence of new network architecture software defined network (SDN) and network function virtualization (NFV) - has also changed the future of network security schemes. In this paper, an SDN/NFV-based moving target DDoS defense mechanism using multiple fuzzy systems and a proxy virtual network function (VNF) is proposed to achieve DDoS detection and mitigation. The experimental results show that the proposed mechanism can redirect suspicious traffic and quarantine it, thereby shifting the attack surface.

[1]  Scott A. DeLoach,et al.  Investigating the application of moving target defenses to network security , 2013, 2013 6th International Symposium on Resilient Control Systems (ISRCS).

[2]  Gopinath Ganapathy,et al.  A Fuzzy Logic Based Defense Mechanism against Distributed Denial of Services Attack in Cloud Environment , 2014, Int. J. Commun. Networks Inf. Secur..

[3]  Angelos Stavrou,et al.  MOTAG: Moving Target Defense against Internet Denial of Service Attacks , 2013, 2013 22nd International Conference on Computer Communication and Networks (ICCCN).

[4]  Scott A. DeLoach,et al.  A Theory of Cyber Attacks: A Step Towards Analyzing MTD Systems , 2015, MTD@CCS.

[5]  Settimo Termini,et al.  On Fuzziness - A Homage to Lotfi A. Zadeh - Volume 1 , 2013, On Fuzziness.

[6]  Tao Ban,et al.  A neural network model for detecting DDoS attacks using darknet traffic features , 2016, 2016 International Joint Conference on Neural Networks (IJCNN).

[7]  Walter Fuertes,et al.  Software-based computing platform as an experimental topology assembled to detect and mitigate DDoS attacks using virtual environments , 2016, 2016 International Symposium on Performance Evaluation of Computer and Telecommunication Systems (SPECTS).

[8]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[9]  Nilima M. Dongre,et al.  Study of Dynamic Defense technique to overcome drawbacks of moving target defense , 2015, 2015 International Conference on Information Processing (ICIP).

[10]  Lotfi A. Zadeh,et al.  Fuzzy Sets , 1996, Inf. Control..

[11]  DAVE MCDYSAN Software defined networking opportunities for transport , 2013, IEEE Communications Magazine.

[12]  Jin B. Hong,et al.  Assessing the Effectiveness of Moving Target Defenses Using Security Models , 2016, IEEE Transactions on Dependable and Secure Computing.

[13]  H.C.J. Lee,et al.  Port hopping for resilient networks , 2004, IEEE 60th Vehicular Technology Conference, 2004. VTC2004-Fall. 2004.

[14]  Wang Xiaofeng,et al.  Research and Development of Moving Target Defense Technology , 2016 .

[15]  Christopher N. Gutierrez,et al.  Denial of Service Elusion (DoSE): Keeping Clients Connected for Less , 2015, 2015 IEEE 34th Symposium on Reliable Distributed Systems (SRDS).

[16]  Alan Marshall,et al.  A multi-criteria-based DDoS-attack prevention solution using software defined networking , 2015, 2015 International Conference on Advanced Technologies for Communications (ATC).

[17]  Evangelos P. Markatos,et al.  Defending against hitlist worms using network address space randomization , 2005, WORM '05.