Aim-SDN

Dixit, Vaibhav Hemant; Doupé, Adam; Shoshitaishvili, Yan; Zhao, Ziming; Ahn, Gail-Joon

doi:10.1145/3243734.3243799

Cited by 17 publications

(9 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Alternatively to the reactive techniques presented above, preventive methods focus on preventing the effects of attacks from causing degradation or unavailability in the network or services. Next, we discuss the studies that implement different preventive techniques in the control plane 114 …”

Section: Solutions Focused On the Control Planementioning

confidence: 99%

See 1 more Smart Citation

A systematic review on distributed denial of service attack defense mechanisms in programmable networks

Dalmazo¹,

Marques

Costa

et al. 2021

Int J Network Mgmt

View full text Add to dashboard Cite

Summary Design flaws and vulnerabilities inherent to network protocols, devices, and services make Distributed Denial of Service (DDoS) a persisting threat in the cyberspace, despite decades of research efforts in the area. The historical vertical integration of traditional IP networks limited the solution space, forcing researchers to tweak network protocols while maintaining global compatibility and proper service to legitimate flows. The advent of Software‐Defined Networking (SDN) and advances in Programmable Data Planes (PDP) changed the state of affairs and brought novel possibilities to deal with such attacks. In summary, the ability of bringing together network intelligence to a control plane, and offloading flow processing tasks to the forwarding plane, opened up interesting opportunities for network security researchers unlike ever. In this article, we dive into recent research that relies on SDN and PDP to detect, mitigate, and prevent DDoS attacks. Our literature review takes into account the SDN layered view as defined in RFC7426 and focuses on the data, control, and application planes. We follow a systematic methodology to capture related articles and organize them into a taxonomy of DDoS defense mechanisms focusing on three facets: activity level, deployment location, and cooperation degree. From the analysis of existing work, we also highlight key research gaps that may foster future research in the field.

show abstract

Section: Solutions Focused On the Control Planementioning

confidence: 99%

“…Most of these studies are fully deployed on the SDN controller to protect both the controller and the network switches 128 . The controller can then monitor the entire network and apply different prevention, detection, or mitigation techniques 58,67,69,85,89,98,114,145‐147,152‐155 …”

Section: Solutions Focused On the Control Planementioning

confidence: 99%

A systematic review on distributed denial of service attack defense mechanisms in programmable networks

Dalmazo¹,

Marques

Costa

et al. 2021

Int J Network Mgmt

View full text Add to dashboard Cite

show abstract

“…For example, controllers such as OpenDayLight and ONOS use network management data storage architecture (NMDA) as the basic storage component. [23] found that a semantic gap problem in NMDA may lead to a risk of attackers tampering with the data in the controller. Spoofing and tampering are often intertwined and interdependent because deceiving network elements and controllers are the main motivations for tampering.…”

Section: Tamperingmentioning

confidence: 99%

“…A DoS attack against an SDN controller is a serious security threat, which may cause the controller to be unavailable and jeopardize network stability. PACKET_IN message flooding attack is a basic DoS attack method [23,24].…”

Section: Packet_in Message Flooding Attackmentioning

confidence: 99%

See 1 more Smart Citation

A Systematic Treat Model for Software-Defined Networking

2021

KSII TIIS

View full text Add to dashboard Cite

Software-Defined Networking (SDN) has three key features: separation of control and forwarding, centralized control, and network programmability. While improving network management flexibility, SDN has many security issues. This paper systemizes the security threats of SDN using spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege (STRIDE) model to understand the current security status of SDN. First, we introduce the network architecture and data flow of SDN. Second, we analyze security threats of the six types given in the STRIDE model, aiming to reveal the vulnerability mechanisms and assess the attack surface. Then, we briefly describe the corresponding defense technologies. Finally, we summarize the work of this paper and discuss the trends of SDN security research.

show abstract