DoS Attack Detection using Packet Statistics in SDN

Denial-of-service (DoS) attacks targeting the controller in software-defined networks (SDN) are dangerous due to the importance of the controller. In this paper, we characterize the effects of flooding attacks in SDN and discuss potential countermeasures. We concentrate on the controller-side effects of flooding attacks and present our experimental results on how packet-in message counts change in a simulation scenario. Our results imply that differentiating hosts based on only packet-in counts may be misleading for detecting attackers. Instead, packet-in to transmitted packet count ratio is better for distinguishing attackers from normal users. In addition, we measure fairness values with different attacker counts. Our results show that Jain's index is better than entropy in terms of detecting anomaly in our simulation environment. We leave utilizing fairness values to better handle packet-in requests as a future study.

[1]  Joongheon Kim,et al.  Adaptive Suspicious Prevention for Defending DoS Attacks in SDN-Based Convergent Networks , 2016, PloS one.

[2]  Lei Xu,et al.  FloodGuard: A DoS Attack Prevention Extension in Software-Defined Networks , 2015, 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[3]  Chuang Lin,et al.  On Denial of Service Attacks in Software Defined Networks , 2016, IEEE Network.

[4]  Athanasios V. Vasilakos,et al.  Security in Software-Defined Networking: Threats and Countermeasures , 2016, Mobile Networks and Applications.

[5]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[6]  Vinod Yegneswaran,et al.  AVANT-GUARD: scalable and vigilant switch flow management in software-defined networks , 2013, CCS.

[7]  Patricia Morreale,et al.  Software-defined networking , 2014 .

[8]  Nabajyoti Medhi,et al.  FlowTrApp: An SDN based architecture for DDoS attack detection and mitigation in data centers , 2016, 2016 3rd International Conference on Signal Processing and Integrated Networks (SPIN).

[9]  Otto Carlos Muniz Bandeira Duarte,et al.  Flowfence: a denial of service defense system for software defined networking , 2015, 2015 Global Information Infrastructure and Networking Symposium (GIIS).

[10]  Nick McKeown,et al.  A network in a laptop: rapid prototyping for software-defined networks , 2010, Hotnets-IX.

[11]  Jie Cui,et al.  TDDAD: Time-Based Detection and Defense Scheme Against DDoS Attack on SDN Controller , 2018, ACISP.

[12]  Shang Gao,et al.  FloodDefender: Protecting data and control plane resources under SDN-aimed DoS attacks , 2017, INFOCOM.

[13]  Shunzheng Yu,et al.  A Collaborative Intrusion Detection System against DDoS for SDN , 2016, IEICE Trans. Inf. Syst..

[14]  Kai Qian,et al.  OpenFlow flow table overflow attacks and countermeasures , 2016, 2016 European Conference on Networks and Communications (EuCNC).

[15]  Laura Galluccio,et al.  OPERETTA: An OPEnflow-based REmedy to mitigate TCP SYNFLOOD Attacks against web servers , 2015, Comput. Networks.

[16]  Ruby B. Lee,et al.  Distributed Denial of Service: Taxonomies of Attacks, Tools, and Countermeasures , 2004, PDCS.

[17]  Jian Zhu,et al.  SD-Anti-DDoS: Fast and efficient DDoS defense in software-defined networks , 2016, J. Netw. Comput. Appl..

[18]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .

[19]  Raj Jain,et al.  A Quantitative Measure Of Fairness And Discrimination For Resource Allocation In Shared Computer Systems , 1998, ArXiv.

[20]  Wenjuan Li,et al.  A survey on OpenFlow-based Software Defined Networks: Security challenges and countermeasures , 2016, J. Netw. Comput. Appl..