TY - JOUR
T1 - Detection and mitigation of DoS attacks in software defined networks
AU - Gao, Shang
AU - Peng, Zhe
AU - Xiao, Bin
AU - Hu, Aiqun
AU - Song, Yubo
AU - Ren, Kui
N1 - Funding Information:
Manuscript received April 11, 2017; revised January 9, 2018, August 28, 2018, and December 10, 2019; accepted March 22, 2020; approved by IEEE/ACM TRANSACTIONS ON NETWORKING Editor Y. Guan. Date of publication April 15, 2020; date of current version June 18, 2020. This work was supported in part by the HK RGC GRF under Grant PolyU 152124/19E. (Corresponding author: Bin Xiao.) Shang Gao and Bin Xiao are with the Department of Computing, The Hong Kong Polytechnic University, Hong Kong (e-mail: cssgao@ comp.polyu.edu.hk; [email protected]).
PY - 2020/6
Y1 - 2020/6
N2 - The introduction of software-defined networking (SDN) has emerged as a new network paradigm for network innovations. By decoupling the control plane from the data plane in traditional networks, SDN provides high programmability to control and manage networks. However, the communication between the two planes can be a bottleneck of the whole network. SDN-aimed DoS attacks can cause long packet delay and high packet loss rate by using massive table-miss packets to jam links between the two planes. To detect and mitigate SDN-aimed DoS attacks, this paper presents FloodDefender, an efficient and protocol-independent defense framework for SDN/OpenFlow networks. FloodDefender stands between the controller platform and other controller apps, and conforms to the OpenFlow policy without additional devices. The detection module in FloodDefender utilizes new frequency features to precisely identify SDN-aimed DoS attacks. The mitigation module uses three new techniques to efficiently mitigate attack traffic: table-miss engineering to prevent the communication bandwidth from being exhausted; packet filter to filter out attack traffic and save computational resources of the control plane; and flow rule management to eliminate most of useless flow entries in the switch flow table. Our evaluation on a prototype implementation of FloodDefender shows that the defense framework can precisely identify and efficiently mitigate the SDN-aimed DoS attacks with very little overhead.
AB - The introduction of software-defined networking (SDN) has emerged as a new network paradigm for network innovations. By decoupling the control plane from the data plane in traditional networks, SDN provides high programmability to control and manage networks. However, the communication between the two planes can be a bottleneck of the whole network. SDN-aimed DoS attacks can cause long packet delay and high packet loss rate by using massive table-miss packets to jam links between the two planes. To detect and mitigate SDN-aimed DoS attacks, this paper presents FloodDefender, an efficient and protocol-independent defense framework for SDN/OpenFlow networks. FloodDefender stands between the controller platform and other controller apps, and conforms to the OpenFlow policy without additional devices. The detection module in FloodDefender utilizes new frequency features to precisely identify SDN-aimed DoS attacks. The mitigation module uses three new techniques to efficiently mitigate attack traffic: table-miss engineering to prevent the communication bandwidth from being exhausted; packet filter to filter out attack traffic and save computational resources of the control plane; and flow rule management to eliminate most of useless flow entries in the switch flow table. Our evaluation on a prototype implementation of FloodDefender shows that the defense framework can precisely identify and efficiently mitigate the SDN-aimed DoS attacks with very little overhead.
KW - attack detection
KW - flow rule management
KW - packet filter
KW - SDN
KW - SDN-aimed DoS attacks
KW - table-miss engineering
UR - http://www.scopus.com/inward/record.url?scp=85086894930&partnerID=8YFLogxK
U2 - 10.1109/TNET.2020.2983976
DO - 10.1109/TNET.2020.2983976
M3 - Journal article
AN - SCOPUS:85086894930
SN - 1063-6692
VL - 28
SP - 1419
EP - 1433
JO - IEEE/ACM Transactions on Networking
JF - IEEE/ACM Transactions on Networking
IS - 3
M1 - 9068479
ER -