Mitigation of DoS in SDN Using Path Randomization

SDN is a recent blooming architecture which provides greater flexibility for the network professionals. SDN decouples the control logic from the forwarding devices, and the centralized controllers decide the forwarding rules in the network. In spite of the flexibility provided, it is vulnerable to many kinds of attacks. Our focus is on mitigating the denial-of-service attack on flow tables which can result in severe degradation of the network switches. In order to address this issue, we propose a path randomization technique and flow aggregation algorithm. The performance of the system has been evaluated in a simulation environment which has shown a positive result.

[1]  Hu Aiqun,et al.  FloodDefender: Protecting data and control plane resources under SDN-aimed DoS attacks , 2017, IEEE INFOCOM 2017 - IEEE Conference on Computer Communications.

[2]  Frédéric Giroire,et al.  Optimizing rule placement in software-defined networks for energy-aware routing , 2014, 2014 IEEE Global Communications Conference.

[3]  Markku Antikainen,et al.  Denial-of-service attacks in OpenFlow SDN networks , 2015, 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM).

[4]  Song Guo,et al.  Joint Optimization of Rule Placement and Traffic Engineering for QoS Provisioning in Software Defined Network , 2015, IEEE Transactions on Computers.

[5]  David Walker,et al.  Optimizing the "one big switch" abstraction in software-defined networks , 2013, CoNEXT.

[6]  Fernando M. V. Ramos,et al.  Software-Defined Networking: A Comprehensive Survey , 2014, Proceedings of the IEEE.

[7]  Chuang Lin,et al.  On Denial of Service Attacks in Software Defined Networks , 2016, IEEE Network.

[8]  Yun Tian,et al.  FlowSec: DOS Attack Mitigation Strategy on SDN Controller , 2016, 2016 IEEE International Conference on Networking, Architecture and Storage (NAS).

[9]  Mohamed Faten Zhani,et al.  SDN-Guard: DoS Attacks Mitigation in SDN Networks , 2016, 2016 5th IEEE International Conference on Cloud Networking (Cloudnet).

[10]  Kouji Hirata,et al.  Routing method with flow entry aggregation for software-defined networking , 2017, 2017 International Conference on Information Networking (ICOIN).