Multi-defense Mechanism against DDoS in SDN Based CDNi

Lately enhancing the capability of network services automatically and dynamically through SDN and CDN/CDNi networks has become a recent topic of research. While, in one hand, these systems can be very beneficial to control and optimize the overall network services that studies the topology, traffic paths, packet handling and such others, on the other hand, the servers in such architectures can also be a potential target for DoS and/or DDoS attacks. We, therefore, propose a mechanism for the SDN based CDNi networks to securely deliver services with a multi-defense strategy against DDoS attacks. Addition of ALTO like servers in such architectures enables mapping a very big network to provide a bird's eye view. We propose an additional marking path map in the ALTO server to trace the request packets. The next defense is a protection switch to protect the main servers. A Management Information Base (MIB) is also proposed in the SDN controller to compare and assess the request traffic coming to the protection switches.

[1]  Saverio Niccolini,et al.  Evaluation of ALTO-enhanced request routing for CDN interconnection , 2013, 2013 IEEE International Conference on Communications (ICC).

[2]  Marshall T. Rose,et al.  Management Information Base for network management of TCP/IP-based internets , 1990, RFC.

[3]  Rajkumar Buyya,et al.  Content Delivery Networks , 2008 .

[4]  Megumi Shibuya,et al.  ISP-friendly peer selection mechanism with ALTO-like server , 2011, 2011 13th Asia-Pacific Network Operations and Management Symposium.

[5]  V. Kamakshi Prasad,et al.  Detecting and Preventing IP-spoofed DDoS Attacks by Encrypted Marking Based Detection and Filtering (EMDAF) , 2009, 2009 International Conference on Advances in Recent Technologies in Communication and Computing.

[6]  T. V. Lakshman,et al.  Abstracting network state in Software Defined Networks (SDN) for rendezvous services , 2012, 2012 IEEE International Conference on Communications (ICC).

[7]  Yi Lin,et al.  Preventing DDoS attacks by identifier/locator separation , 2013, IEEE Network.

[8]  Toktam Mahmoodi,et al.  5G and Software-defined Networking (SDN) , 2015 .

[9]  Francois Le Faucheur,et al.  Content Distribution Network Interconnection (CDNI) Problem Statement , 2012, RFC.

[10]  Saman Taghavi Zargar,et al.  A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks , 2013, IEEE Communications Surveys & Tutorials.

[11]  Keith McCloghrie,et al.  Management Information Base for network management of TCP/IP-based internets , 1990, RFC.