A reputation-based collaborative schema for the mitigation of distributed attacks in SDN domains

In this paper, we investigate collaborative schemes to mitigate Distributed Denial of Service attacks in multi-domain Software Defined Networks (SDNs). The mitigation process itself is distributed, initiated by the domain of the victim, and involving all domains in the path of an attack (transit domains). We emphasize on filtering malicious flows as close to the attack sources as possible. We propose a modular and scalable approach that leverages on the SDNi (SDN interface) protocol, as the enabler for information exchange between adjacent SDN domains. We extend this protocol by publishing and exchanging pointers to incident reports, formatted according to the IETF IODEF standards and exposed through domain SDN Controllers. Thus, an SDN domain hosting the victim of the attack is able to notify the recipients about the malicious flows that they forward, requesting their filtering until the attack ceases. In order to motivate close cooperation of SDN domains governed by diverse authorities, we implemented and evaluated a reputation mechanism, whereby domains historically assess the behavior of their neighbors, discouraging assistance in case the domain of the victim has a poor cooperation track record.

[1]  S. Buchegger,et al.  A Robust Reputation System for Mobile Ad-hoc Networks , 2003 .

[2]  Saman Taghavi Zargar,et al.  A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks , 2013, IEEE Communications Surveys & Tutorials.

[3]  Mostafa H. Ammar,et al.  Prefix-preserving IP address anonymization: measurement-based security evaluation and a new cryptography-based scheme , 2004, Comput. Networks.

[4]  Jan Medved,et al.  OpenDaylight: Towards a Model-Driven SDN Controller architecture , 2014, Proceeding of IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks 2014.

[5]  Adrian Farrel,et al.  North-Bound Distribution of Link-State and TE Information using BGP , 2012 .

[6]  Haiyong Xie,et al.  SDNi: A Message Exchange Protocol for Software Defined Networks (SDNS) across Multiple Domains , 2012 .

[7]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[8]  Martín Casado,et al.  Extending Networking into the Virtualization Layer , 2009, HotNets.

[9]  Sujata Banerjee,et al.  DevoFlow: scaling flow management for high-performance networks , 2011, SIGCOMM.

[10]  Audun Jøsang,et al.  A survey of trust and reputation systems for online service provision , 2007, Decis. Support Syst..

[11]  Lixin Gao On inferring autonomous system relationships in the internet , 2001, TNET.

[12]  Katerina J. Argyraki,et al.  Scalable network-layer defense against internet bandwidth-flooding attacks , 2003, TNET.

[13]  Hector Garcia-Molina,et al.  The Eigentrust algorithm for reputation management in P2P networks , 2003, WWW '03.

[14]  J. Berger Statistical Decision Theory and Bayesian Analysis , 1988 .

[15]  John G. Scudder,et al.  Capabilities Advertisement with BGP-4 , 2002, RFC.

[16]  Brian Trammell Expert Review for Incident Object Description Exchange Format (IODEF) Extensions in IANA XML Registry , 2012, RFC.

[17]  Damien Magoni,et al.  Analysis of the autonomous system network topology , 2001, CCRV.

[18]  Basil S. Maglaris,et al.  Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments , 2014, Comput. Networks.

[19]  Basil S. Maglaris,et al.  Leveraging SDN for Efficient Anomaly Detection and Mitigation on Legacy Networks , 2014, 2014 Third European Workshop on Software Defined Networks.