Detection and Prevention of DDoS attacks on Software Defined Networks Controllers for Smart Grid

With the evolution of smart grid, the operations, planning and maintenance of an electric grid have improved. On the contrary, smart grid totally relies on the computer network so there is a need of complex and efficient network management. Software defined networks (SDN) is a completely new modern architecture that allows the network to be centrally controlled or explicitly programmed using software applications. Traditionally in computer networks, the routing and switching decisions are implemented on a dedicated hardware. This hardware can be a switch or a router. But with the evolution of Software defined networks, the routing and switching function has been separated and is classified in Control and data planes respectively. Generally, in SDN, the control plane is centralized and is responsible to make a decision on what to do with the incoming packet. Once the decision is made, it is saved in the forwarding table of a switch on the data plane. While Software Defined Network (SDN) has its advantages of central management, programmability, agility and vendor neutrality, they carry a high risk of Distributed Denial of Service attack (DDoS). Centralized nature of the control plane in SDN is a huge risk factor because the attacker may bombard the control plane with malicious packets resulting in a single point of failure of the control plane. If the control plane fails, the entire smart grid network will collapse resulting in a massive outage and financial loss to the stakeholders. In this paper, we have devised a distributed approach, using blockchains, to detect and prevent DDoS attacks on the centralized control plane of SDN. We have simulated our approach using AnyLogic simulator and the results show that the proposed approach is more efficient as compared the existing techniques as it substantially reduces the risk of DDoS attacks and SDN controller overhead.

[1]  Lei Xu,et al.  FloodGuard: A DoS Attack Prevention Extension in Software-Defined Networks , 2015, 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[2]  Gregory Blanc,et al.  ArOMA: An SDN based autonomic DDoS mitigation framework , 2017, Comput. Secur..

[3]  F. Richard Yu,et al.  A Multi-Level DDoS Mitigation Framework for the Industrial Internet of Things , 2018, IEEE Communications Magazine.

[4]  F. Richard Yu,et al.  Distributed denial of service attacks in software-defined networking with cloud computing , 2015, IEEE Communications Magazine.

[5]  H. Kim,et al.  A SDN-oriented DDoS blocking scheme for botnet-based attacks , 2014, 2014 Sixth International Conference on Ubiquitous and Future Networks (ICUFN).

[6]  Chung-Horng Lung,et al.  Detection and prevention of DoS attacks in Software-Defined Cloud networks , 2017, 2017 IEEE Conference on Dependable and Secure Computing.

[7]  Frank Kargl,et al.  SDN-Assisted Network-Based Mitigation of Slow DDoS Attacks , 2018, SecureComm.

[8]  Kiwon Hong,et al.  SDN-Assisted Slow HTTP DDoS Attack Defense Method , 2018, IEEE Communications Letters.

[9]  Izzat Alsmadi,et al.  Identifying cyber-attacks on software defined networks: An inference-based intrusion detection approach , 2017, J. Netw. Comput. Appl..

[10]  Chuang Lin,et al.  On Denial of Service Attacks in Software Defined Networks , 2016, IEEE Network.

[11]  Athanasios V. Vasilakos,et al.  Security in Software-Defined Networking: Threats and Countermeasures , 2016, Mobile Networks and Applications.

[12]  Yao Zheng,et al.  DDoS Attack Protection in the Era of Cloud Computing and Software-Defined Networking , 2014, 2014 IEEE 22nd International Conference on Network Protocols.

[13]  Lei Wei,et al.  FlowRanger: A request prioritizing algorithm for controller DoS attacks in Software Defined Networks , 2015, 2015 IEEE International Conference on Communications (ICC).

[14]  Chuan Heng Foh,et al.  Opportunities for Software-Defined Networking in Smart Grid , 2013, 2013 9th International Conference on Information, Communications & Signal Processing.

[15]  G. A. Dhomane,et al.  Smart Grid , 2021, Virtual Power Plant System Integration Technology.

[16]  C. Zou,et al.  Denial-of-Service Attack , 2007 .

[17]  Min Chen,et al.  Software-Defined Mobile Networks Security , 2016, Mobile Networks and Applications.

[18]  Hamid Sharif,et al.  A Survey on Cyber Security for Smart Grid Communications , 2012, IEEE Communications Surveys & Tutorials.