An SDN approach to detect targeted attacks in P2P fully connected overlays

Medina-López, Cristóbal; Casado, Leocadio G.; González-Ruiz, Vicente; Qiao, Yuansong

doi:10.1007/s10207-020-00499-3

Cited by 4 publications

(4 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Hyder and Ismail [22] used port and IP shuffling to improve the security of SDN. Medina-López et al [23] used MTD approaches, by which when the messages are exchanged between hosts, their IP address is changed. So, the intermediary hosts are unaware of the real address.…”

Section: Related Workmentioning

confidence: 99%

SCEMA: An SDN-Oriented Cost-Effective Edge-Based MTD Approach

Javadpour

Ja’fari

Taleb

et al. 2023

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

Protecting large-scale networks, especially Software-Defined Networks (SDNs), against distributed attacks in a costeffective manner plays a prominent role in cybersecurity. One of the pervasive approaches to plug security holes and prevent vulnerabilities from being exploited is Moving Target Defense (MTD), which can be efficiently implemented in SDN as it needs comprehensive and proactive network monitoring. The critical key in MTD is to shuffle the least number of hosts with an acceptable security impact and keep the shuffling frequency low. In this paper, we have proposed an SDN-oriented Cost-effective Edge-based MTD Approach (SCEMA) to mitigate Distributed Denial of Service (DDoS) attacks at a lower cost by shuffling an optimized set of hosts that have the highest number of connections to the critical servers. These connections are named edges from a graph-theoretical point of view. We have proposed a three-layer mathematical model for the network that can easily calculate the attack cost. We have also designed a system based on SCEMA and simulated it in Mininet. The results show that SCEMA has lower complexity than the previous related MTD field with acceptable performance.

show abstract

Section: Related Workmentioning

confidence: 99%

SCEMA: An SDN-Oriented Cost-Effective Edge-Based MTD Approach

Javadpour

Ja’fari

Taleb

et al. 2023

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

show abstract

“…Medina et al proposed an SDN approach to detect targeted attacks in P2P fully connected overlays [5]. Luo proposes a secure routing protocol, Symmetric-Chord [6], which obtains multiple query results by querying both forward and reverse directions on the chord ring.…”

Section: Related Workmentioning

confidence: 99%

A High-Feasibility Secure Routing against Malicious Peer in Structured P2P

Wang

Xuan

2022

Mathematical Problems in Engineering

View full text Add to dashboard Cite

As applications based on the structured peer-to-peer network have increased, the importance of security is increasing. Routing is the core of the structured peer-to-peer network, naturally which becomes the primary target of malicious nodes. The current attacks on the routing by malicious nodes are mainly sybil attacks, eclipse attacks, and routing table poisoning. In previous studies of defending above attacks, either adding redundancy to achieve security or sacrificing network scalability for security. So we establish a mathematical model of the routing process, and through the model, we analyze sybil attacks, eclipse attacks, and routing table poisoning. The same essence is found that these attacks all undermine the original convergence of the query path, and with the convergence detection, we propose the security mechanism HFS-Routing, and we design experiments and analyze the results. The results show that HFS-Routing has a lower overhead, better scalability, and higher detection rates for the malicious nodes, which is a highly feasibility mechanism.

show abstract

“…Evaluation Metrics Cost DDoS [5] Attack success rate ✗ ✓ [6] Delay ✗ ✓ [7] Cost, packet loss ✓ ✓ TGCESA [8] Delay, packet loss, CPU load ✓ ✓ [9] Delay, attack probability ✗ ✗ [10] Response time, service rate ✗ ✓ [11] Threat score, service risk value ✓ ✗ [12] Delay, information disclosure ✗ ✗ [13] Packet loss, attack success rate ✓ ✓ [14] Defender's success rate ✓ ✗ [15] Detection probability ✓ ✗ [16] Latency, reconnaissance cost ✓ ✓ [17] Attack graph generation time ✓ ✗ BAP [18] Delay, complexity, success rate ✓ ✗ SCEMA Complexity, adversary's success rate, compromised servers rate…”

Section: Referencementioning

confidence: 99%

“…Port shuffling and IP shuffling are employed to prevent reconnaissance attacks in data plane. Medina-López et al [15] used MTD to find malicious nodes in the peer to peer overlay SDN. When messages are exchanged between peers, their destination IP address is changed.…”

Section: Related Workmentioning

confidence: 99%

A Cost-Effective MTD Approach for DDoS Attacks in Software-Defined Networks

Javadpour

Ja’fari

Taleb

et al. 2022

GLOBECOM 2022 - 2022 IEEE Global Communications Conference

View full text Add to dashboard Cite

Protecting large-scale networks, especially Software-Defined Networks (SDNs), against distributed attacks in a costeffective manner plays a prominent role in cybersecurity. One of the pervasive approaches to plug security holes and prevent vulnerabilities from being exploited is Moving Target Defense (MTD), which can be efficiently implemented in SDN as it needs comprehensive and proactive network monitoring. The critical key in MTD is to shuffle the least number of hosts with an acceptable security impact and keep the shuffling frequency low. In this paper, we have proposed an SDN-oriented Cost-effective Edge-based MTD Approach (SCEMA) to mitigate Distributed Denial of Service (DDoS) attacks with a lower cost by shuffling an optimized set of hosts have the highest number of connections to the critical servers. These connections are named edges from a graph-theoretical point of view. We have designed a system based on SCEMA and simulated it in Mininet. The results show that SCEMA has lower (52.58 52.58 52.58%) complexity than the previous related MTD methods with improving the security level by 14.32 14.32 14.32%.

show abstract

An SDN approach to detect targeted attacks in P2P fully connected overlays

Cited by 4 publications

References 19 publications

SCEMA: An SDN-Oriented Cost-Effective Edge-Based MTD Approach

SCEMA: An SDN-Oriented Cost-Effective Edge-Based MTD Approach

A High-Feasibility Secure Routing against Malicious Peer in Structured P2P

A Cost-Effective MTD Approach for DDoS Attacks in Software-Defined Networks

Contact Info

Product

Resources

About