Detection of DDoS Attacks Against Wireless SDN Controllers Based on the Fuzzy Synthetic Evaluation Decision-making Model

Software Defined Networking (SDN) is a new network architecture that separates the control plane and the data plane and provides logically central control over the whole network. Because SDN controller combines the upper application layer and the underlying infrastructure layer, it may face the problem of single-point failure. If it is made unreachable by a Distributed Denial of Service (DDoS) attacks, the whole network may not work normally. Especially for wireless SDN controllers, due to the secure channel for the control protocol in communication between wireless SDN controller and wireless SDN devices is exposed in the attacker’s field of vision, the attack range of DDoS attackers will be expanded. To mitigate this threat, this paper introduces a solution based on fuzzy synthetic evaluation decision-making model that is effective and lightweight in terms of the resources that it uses. Importantly, it takes many factors that can be used to detect DDoS attacks into consideration and makes a comprehensive judgment according to multifactors. To test the solution, the paper also proposes three kinds of DDoS attacks specialized for SDN network and presents two kinds of DDoS attacks inherited from traditional network. Every attack has been tested with the detection method. Finally, we also make a comparable experiment to show its advantage to other DDoS detection algorithm based on single factor. The results show its efficiency in detecting most of the DDoS attacks.

[1]  Marc St-Hilaire,et al.  Early detection of DDoS attacks against SDN controllers , 2015, 2015 International Conference on Computing, Networking and Communications (ICNC).

[2]  H. Kim,et al.  A SDN-oriented DDoS blocking scheme for botnet-based attacks , 2014, 2014 Sixth International Conference on Ubiquitous and Future Networks (ICUFN).

[3]  Soung Chang Liew,et al.  Applying Physical-Layer Network Coding in Wireless Networks , 2009, EURASIP J. Wirel. Commun. Netw..

[4]  F. Richard Yu,et al.  Energy-Efficient Resource Allocation for Heterogeneous Cognitive Radio Networks with Femtocells , 2012, IEEE Transactions on Wireless Communications.

[5]  Yong Jiang,et al.  Maximum Multiflow in Wireless Network Coding , 2013, IEICE Trans. Commun..

[6]  F. Richard Yu,et al.  Biologically inspired consensus-based spectrum sensing in mobile Ad Hoc networks with cognitive radios , 2010, IEEE Network.

[7]  Laizhong Cui,et al.  When big data meets software-defined networking: SDN for big data and big data for SDN , 2016, IEEE Network.

[8]  Qiuzhen Lin,et al.  A novel micro-population immune multiobjective optimization algorithm , 2013, Comput. Oper. Res..

[9]  Qiuzhen Lin,et al.  Application of Novel Clonal Algorithm in Multiobjective Optimization , 2010, Int. J. Inf. Technol. Decis. Mak..

[10]  F. Richard Yu,et al.  Distributed denial of service attacks in software-defined networking with cloud computing , 2015, IEEE Communications Magazine.

[11]  F. Richard Yu,et al.  Software-Defined Networking (SDN) and Distributed Denial of Service (DDoS) Attacks in Cloud Computing Environments: A Survey, Some Research Issues, and Challenges , 2016, IEEE Communications Surveys & Tutorials.

[12]  Peter Xiaoping Liu,et al.  When the Smart Grid Meets Energy-Efficient Communications: Green Wireless Cellular Networks Powered by the Smart Grid , 2012, IEEE Transactions on Wireless Communications.

[13]  Song Guo,et al.  Byzantine-Resilient Secure Software-Defined Networks with Multiple Controllers in Cloud , 2014, IEEE Transactions on Cloud Computing.

[14]  F. Richard Yu,et al.  Wireless Network Virtualization: A Survey, Some Research Issues and Challenges , 2015, IEEE Communications Surveys & Tutorials.

[15]  Yu-Kwong Kwok,et al.  A game theoretic approach to balancing energy consumption in heterogeneous wireless sensor networks , 2015, Wirel. Commun. Mob. Comput..

[16]  Rodrigo Braga,et al.  Lightweight DDoS flooding attack detection using NOX/OpenFlow , 2010, IEEE Local Computer Network Conference.

[17]  LinLin Shen,et al.  An Immune-Inspired Evolution Strategy for Constrained Optimization Problems , 2011, Int. J. Artif. Intell. Tools.

[18]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[19]  Sungrae Cho,et al.  A feasible method to combat against DDoS attack in SDN network , 2015, 2015 International Conference on Information Networking (ICOIN).

[20]  Athanasios V. Vasilakos,et al.  A Survey of Security Challenges in Cognitive Radio Networks: Solutions and Future Research Directions , 2012, Proceedings of the IEEE.

[21]  Min Zhu,et al.  B4: experience with a globally-deployed software defined wan , 2013, SIGCOMM.

[22]  Meikang Qiu,et al.  Informer homed routing fault tolerance mechanism for wireless sensor networks , 2013, J. Syst. Archit..

[23]  Saman Taghavi Zargar,et al.  A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks , 2013, IEEE Communications Surveys & Tutorials.

[24]  Gang Liu,et al.  Approximation algorithm for minimizing relay node placement in wireless sensor networks , 2010, Science China Information Sciences.

[25]  Victor C. M. Leung,et al.  Mobility-based predictive call admission control and bandwidth reservation in wireless cellular networks , 2002, Comput. Networks.

[26]  Jim Esch,et al.  Software-Defined Networking: A Comprehensive Survey , 2015, Proc. IEEE.

[27]  Guofei Gu,et al.  Attacking software-defined networks: a first feasibility study , 2013, HotSDN '13.

[28]  F. Richard Yu,et al.  Optimal Joint Session Admission Control in Integrated WLAN and CDMA Cellular Networks with Vertical Handoff , 2007, IEEE Transactions on Mobile Computing.

[29]  J. Liu Analyze the Influencing Factors of Food Security by Bidirectional Analytic Hierarchy Process , 2010, 2010 International Conference on Computing, Control and Industrial Engineering.

[30]  Zhiqiang Li,et al.  A Distributed Consensus-Based Cooperative Spectrum-Sensing Scheme in Cognitive Radios , 2010, IEEE Transactions on Vehicular Technology.

[31]  Meikang Qiu,et al.  Selecting proper wireless network interfaces for user experience enhancement with guaranteed probability , 2012, J. Parallel Distributed Comput..

[32]  Qiuzhen Lin,et al.  A double-module immune algorithm for multi-objective optimization problems , 2015, Appl. Soft Comput..

[33]  Victor C. M. Leung,et al.  A new method to support UMTS/WLAN vertical handover using SCTP , 2003, 2003 IEEE 58th Vehicular Technology Conference. VTC 2003-Fall (IEEE Cat. No.03CH37484).

[34]  F. Richard Yu,et al.  Software-Defined Device-to-Device (D2D) Communications in Virtual Wireless Networks With Imperfect Network State Information (NSI) , 2016, IEEE Transactions on Vehicular Technology.

[35]  Fernando M. V. Ramos,et al.  Towards secure and dependable software-defined networks , 2013, HotSDN '13.

[36]  Szymon Szott,et al.  SDN@home: A method for controlling future wireless home networks , 2016, IEEE Communications Magazine.

[37]  Qiuzhen Lin,et al.  A novel hybrid multi-objective immune algorithm with adaptive differential evolution , 2015, Comput. Oper. Res..