Mitigating Crossfire Attacks Using SDN-Based Moving Target Defense

Recent research demonstrated that software defined networking (SDN) can be leveraged to enable moving target defense (MTD) to mitigate distributed denial of service (DDoS) attacks. The network states are continuously changed in MTD by effectively collecting information from the network and enforcing certain security measures on the fly in order to deceive the attackers. Being motivated from the success of SDN-based maneuvering, this work targets an emerging type of DDoS attacks, called Crossfire, and proposes an SDN-based MTD mechanism to defend against such attacks. We analyze Crossfire attack planning and utilize the analyzed results to develop the defense mechanism which in turn reorganize the routes in such a way that the congested links are avoided during packet forwarding. The detection and mitigation techniques are implemented using Mininet emulator and Floodlight SDN controller. The evaluation results show that the route mutation can effectively reduce the congestion in the targeted links without making any major disruption on network services.

[1]  Ehab Al-Shaer,et al.  An Effective Address Mutation Approach for Disrupting Reconnaissance Attacks , 2015, IEEE Transactions on Information Forensics and Security.

[2]  Virgil D. Gligor,et al.  The Crossfire Attack , 2013, 2013 IEEE Symposium on Security and Privacy.

[3]  Xenofontas A. Dimitropoulos,et al.  A novel framework for modeling and mitigating distributed link flooding attacks , 2016, IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications.

[4]  Craig A. Shue,et al.  The SDN Shuffle: Creating a Moving-Target Defense using Host-based Software-Defined Networking , 2015, MTD@CCS.

[5]  Ehab Al-Shaer,et al.  Openflow random host mutation: transparent moving target defense using software defined networking , 2012, HotSDN '12.

[6]  Saman Taghavi Zargar,et al.  A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks , 2013, IEEE Communications Surveys & Tutorials.

[7]  Sean Peisert,et al.  Techniques for the dynamic randomization of network attributes , 2015, 2015 International Carnahan Conference on Security Technology (ICCST).

[8]  Lei Xue,et al.  Towards Detecting Target Link Flooding Attack , 2014, LISA.

[9]  Adrian Perrig,et al.  The Coremelt Attack , 2009, ESORICS.

[10]  Virgil D. Gligor,et al.  CoDef: collaborative defense against large-scale link-flooding attacks , 2013, CoNEXT.

[11]  Iwao Sasase,et al.  Fast target link flooding attack detection scheme by analyzing traceroute packets flow , 2015, 2015 IEEE International Workshop on Information Forensics and Security (WIFS).

[12]  Harry G. Perros,et al.  SDN-based solutions for Moving Target Defense network protection , 2014, Proceeding of IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks 2014.

[13]  Thomas E. Carroll,et al.  Analysis of network address shuffling as a moving target defense , 2014, 2014 IEEE International Conference on Communications (ICC).