A holistic approach to mitigating DoS attacks in SDN networks

Dridi, Lobna; Zhani, Mohamed Faten

doi:10.1002/nem.1996

Cited by 18 publications

(3 citation statements)

References 18 publications

(21 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Dridi et al [80] proposed an approach named SDN-Guard to protect the SDN network against DoS attacks. It attempts to reduce the effects of DoS attacks on SDN controller, controller-switch bandwidth, and switch memory usage.…”

Section: Integrated Mechanisms For Ddos Mitigationmentioning

confidence: 99%

Software-defined Networking-based DDoS Defense Mechanisms

2019

View full text Add to dashboard Cite

Distributed Denial of Service attack (DDoS) is recognized to be one of the most catastrophic attacks against various digital communication entities. Software-defined networking (SDN) is an emerging technology for computer networks that uses open protocols for controlling switches and routers placed at the network edges by using specialized open programmable interfaces. In this article, a detailed study on DDoS threats prevalent in SDN is presented. First, SDN features are examined from the perspective of security, and then a discussion on SDN security features is done. Further, two viewpoints on protecting networks against DDoS attacks are presented. In the first view, SDN utilizes its abilities to secure conventional networks. In the second view, SDN may become a victim of the threat itself because of the centralized control mechanism. The main focus of this research work is on discovering critical security implications in SDN while reviewing the current ongoing research studies. By emphasizing the available state-of-the-art techniques, an extensive review of the advancement of SDN security is provided to the research and IT communities.

show abstract

Section: Integrated Mechanisms For Ddos Mitigationmentioning

confidence: 99%

Software-defined Networking-based DDoS Defense Mechanisms

2019

View full text Add to dashboard Cite

show abstract

“…Recently, research is focused more on mitigating DoS attacks directed against both infrastructure of SDN itself and devices behind it [13][14][15][16][17][18]. However, below we review the papers that are most related to our contribution, i.e., [19][20][21][22].…”

Section: Related Workmentioning

confidence: 99%

Network Threats Mitigation Using Software-Defined Networking for the 5G Internet of Radio Light System

Cabaj

Gregorczyk

Mazurczyk

et al. 2019

Security and Communication Networks

View full text Add to dashboard Cite

Currently 5G communication networks are envisioned to offer in a near future a wide range of high-quality services and unfaltering user experiences. In order to achieve this, several issues including security, privacy, and trust aspects need to be solved so that the 5G networks can be widely welcomed and accepted. Considering above, in this paper, we take a step towards these requirements by proposing a dedicated SDN-based integrated security framework for the Internet of Radio Light (IoRL) system that is following 5G architecture design. In particular, we present how TCP SYN-based scanning activities and DHCP-related network threats like Denial of Service (DoS), traffic eavesdropping, etc. can be detected and mitigated using such an approach. Enclosed experimental results prove that the proposed security framework is effective and efficient and thus can be considered as a promising defensive solution.

show abstract

“…Nowadays, DDoS attacks 4‐6 are one of the most critical cyber security challenges 7 . The goal of DDoS attack is to overload network links by aggressively flooding them with a few malformed packets or with many seemingly legitimate packets until service is no longer accessible for legitimate users 8 …”

Section: Introductionmentioning

confidence: 99%

Detecting and analyzing border gateway protocol blackholing activity

Farasat

Khan

2020

Int J Network Mgmt

View full text Add to dashboard Cite

Summary DDoS attack is a traditional malicious attempt to make an authorized system or service inaccessible. Currently, BGP blackholing is an operational countermeasure that builds upon the capabilities of BGP to protect from DDoS attacks. BGP enables blackholing by leveraging the BGP community attribute. This paper presents the analysis of BGP blackholing activity and propose a machine learning‐based mechanism to detect BGP blackholing activity. In BGP blackholing analysis, we find that many networks, including Internet service providers (ISPs) and Internet exchange points (IXPs), offer BGP blackholing service to their customers. We collect networks' blackhole communities and make BGP blackhole communities dictionary. Within 3‐month period (from August to October, 2018), we find a significant number of BGP blackhole announcements (97,532) and distinct blackhole prefixes (8,120). Most of the blackhole prefixes are IPv4 (99.1%). Among IPv4 blackhole prefixes, mostly are /32 (79.9%). The daily patterns of BGP blackholing highlight that there is a variable number of blackhole announcements and distinct blackhole prefixes every day. Furthermore, we apply machine learning techniques to design a BGP blackholing detection mechanism based on support vector machine (SVM), decision tree, and long short‐term memory (LSTM) classifiers. The results are compared based on accuracy and F‐score. Experimental results show that LSTM achieves the best classification accuracy of 95.9% and F‐score of 97.2%. This work provides insights for network operators and researchers interested in BGP blackholing service and DDoS mitigation in the Internet.

show abstract

A holistic approach to mitigating DoS attacks in SDN networks

Cited by 18 publications

References 18 publications

Software-defined Networking-based DDoS Defense Mechanisms

Software-defined Networking-based DDoS Defense Mechanisms

Network Threats Mitigation Using Software-Defined Networking for the 5G Internet of Radio Light System

Detecting and analyzing border gateway protocol blackholing activity

Contact Info

Product

Resources

About