论文信息 - SDN-based network security functions for effective DDoS attack mitigation

SDN-based network security functions for effective DDoS attack mitigation

Distributed Denial of Service (DDoS) attack has been bringing serious security concerns on banks, finance incorporation, public institutions, and data centers. Also, the emerging wave of Internet of Things (IoT) raises new concerns on the smart devices. Software Defined Networking (SDN) and Network Functions Virtualization (NFV) have provided a new paradigm for network security. In this paper, we propose a new method to efficiently prevent DDoS attacks, based on a SDN/NFV framework. To resolve the problem that normal packets are blocked due to the inspection on suspicious packets, we developed a threshold-based method that provides a client with an efficient, fast DDoS attack mitigation. In addition, we use open source code to develop the security functions in order to implement our solution for SDN-based network security functions. The source code is based on NETCONF protocol [1] and YANG Data Model [2].

[1] Jung-Soo Park,et al. SDN-based security services using interface to network security functions , 2015, 2015 International Conference on Information and Communication Technology Convergence (ICTC).

[2] Jung-Soo Park,et al. A Framework for Security Services Based on Software-Defined Networking , 2015, 2015 IEEE 29th International Conference on Advanced Information Networking and Applications Workshops.

[3] Susan Hares,et al. I2NSF Network Security Functions Facing Interface YANG Data Model , 2016 .

[4] Robert Moskowitz,et al. I2NSF Capability YANG Data Model , 2018 .

[5] Rakesh Kumar,et al. Framework for Interface to Network Security Functions , 2018, RFC.

[6] A. Neeraja,et al. Licensed under Creative Commons Attribution Cc by Improving Network Management with Software Defined Networking , 2022 .

[7] Martin Bjorklund,et al. YANG - A Data Modeling Language for the Network Configuration Protocol (NETCONF) , 2010 .