Interactive analysis of SDN-driven defence against distributed denial of service attacks

Koning, Ralph; Graaff, B. de; Laat, Cees de; Meijer, Robert; Grosso, Paola

doi:10.1109/netsoft.2016.7502489

Cited by 8 publications

(15 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Finally, we found that the approach proposed by Koning et al 76 can be considered interdependent, since it offers a platform for orchestrating external cloud resources (OpenStack), SDNs (OpenFlow), and network circuits. Daemons are used to monitor and control external nodes and maintain secure connections between nodes and the network controller over TLS secured connections.…”

Section: Cooperation Degreementioning

confidence: 99%

“…Finally, we found that the approach proposed by Koning et al 76 . can be considered interdependent, since it offers a platform for orchestrating external cloud resources (OpenStack), SDNs (OpenFlow), and network circuits.…”

Section: Solutions Focused On the Application Planementioning

confidence: 99%

“…The framework uses OpenFlow to configure and monitor countermeasures to these attacks. Koning et al 76 . propose an SDN‐driven defense mechanism to DDoS attacks called SARNET, demonstrating that real‐time monitoring is possible even in a virtualized network.…”

Section: Solutions Focused On the Application Planementioning

confidence: 99%

“…et al 76 propose an SDN-driven defense mechanism to DDoS attacks called SARNET, demonstrating that realtime monitoring is possible even in a virtualized network. Statistics are collected from the data plane and fed into the mechanism.…”

Section: Activity Levelmentioning

confidence: 99%

See 3 more Smart Citations

A systematic review on distributed denial of service attack defense mechanisms in programmable networks

Dalmazo¹,

Marques

Costa

et al. 2021

Int J Network Mgmt

View full text Add to dashboard Cite

Summary Design flaws and vulnerabilities inherent to network protocols, devices, and services make Distributed Denial of Service (DDoS) a persisting threat in the cyberspace, despite decades of research efforts in the area. The historical vertical integration of traditional IP networks limited the solution space, forcing researchers to tweak network protocols while maintaining global compatibility and proper service to legitimate flows. The advent of Software‐Defined Networking (SDN) and advances in Programmable Data Planes (PDP) changed the state of affairs and brought novel possibilities to deal with such attacks. In summary, the ability of bringing together network intelligence to a control plane, and offloading flow processing tasks to the forwarding plane, opened up interesting opportunities for network security researchers unlike ever. In this article, we dive into recent research that relies on SDN and PDP to detect, mitigate, and prevent DDoS attacks. Our literature review takes into account the SDN layered view as defined in RFC7426 and focuses on the data, control, and application planes. We follow a systematic methodology to capture related articles and organize them into a taxonomy of DDoS defense mechanisms focusing on three facets: activity level, deployment location, and cooperation degree. From the analysis of existing work, we also highlight key research gaps that may foster future research in the field.

show abstract

Section: Cooperation Degreementioning

confidence: 99%

Section: Solutions Focused On the Application Planementioning

confidence: 99%

Section: Solutions Focused On the Application Planementioning

confidence: 99%

Section: Activity Levelmentioning

confidence: 99%

See 2 more Smart Citations

A systematic review on distributed denial of service attack defense mechanisms in programmable networks

Dalmazo¹,

Marques

Costa

et al. 2021

Int J Network Mgmt

View full text Add to dashboard Cite

show abstract

“…Though the classifier in [87] is trained only for the DNS amplification attack, both DNS and NTP amplification attacks are blocked with great accuracy. Koning et al [103] concludes that in the SDN architecture it is possible to achieve high effectiveness of response by carefully choosing a relatively minor number of actions.…”

Section: ) Network Attacks Detectionmentioning

confidence: 99%

A Survey of Networking Applications Applying the Software Defined Networking Concept Based on Machine Learning

et al. 2019

View full text Add to dashboard Cite

The main task of future networks is to build, as much as possible, intelligent networking architectures for intellectualization, activation, and customization. Software-defined networking (SDN) technology breaks the tight coupling between the control plane and the data plane in the traditional network architecture, making the controllability, security, and economy of network resources into a reality. As one of the important actualization methods of artificial intelligence (AI), machine learning (ML), combined with SDN architecture will have great potential in areas, such as network resource management, route planning, traffic scheduling, fault diagnosis, and network security. This paper presents the network applications combined with SDN concepts based on ML from two perspectives, namely the perspective of ML algorithms and SDN network applications. From the perspective of ML algorithms, this paper focuses on the applications of classical ML algorithms in SDN-based networks, after a characteristic analysis of algorithms. From the other perspective, after classifying the existing network applications based on the SDN architecture, the related ML solutions are introduced. Finally, the future development of the ML algorithms and SDN concepts is discussed and analyzed. This paper occupies the intersection of the AI, big data, computer networking, and other disciplines; the AI itself is a new and complex interdisciplinary field, which causes the researchers in this field to often have different professional backgrounds and, sometimes, divergent research purposes. This paper is necessary and helpful for researchers from different fields to accurately master the key issues.INDEX TERMS Artificial intelligence, machine learning, network management, software-defined networking.

show abstract

Removing Undesirable Flows by Edge Deletion

Polevoy

Trajanovski

Grosso

et al. 2018

Combinatorial Optimization and Applications

Self Cite

View full text Add to dashboard Cite

Consider mitigating the effects of denial of service or of malicious traffic in networks by deleting edges. Edge deletion reduces the DoS or the number of the malicious flows, but it also inadvertently removes some of the desired flows. To model this important problem, we formulate two problems: (1) remove all the undesirable flows while minimizing the damage to the desirable ones and (2) balance removing the undesirable flows and not removing too many of the desirable flows. We prove these problems are equivalent to important theoretical problems, thereby being important not only practically but also theoretically, and very hard to approximate in a general network. We employ reductions to nonetheless approximate the problem and also provide a greedy approximation. When the network is a tree, the problems are still MAX SNP-hard, but we provide a greedy-based 2l-approximation algorithm, where l is the longest desirable flow. We also provide an algorithm, approximating the first and the second problem within 2 2 |E| and 2 2(|E| + |undesirable flows|), respectively, where E is the set of the edges of the network. We also provide a fixed-parameter tractable (FPT) algorithm. Finally, if the tree has a root such that every flow in the tree flows on the path from the root to a leaf, we solve the problem exactly using dynamic programming.

show abstract

Interactive analysis of SDN-driven defence against distributed denial of service attacks

Abstract: You will be contacted as soon as possible.

Cited by 8 publications

References 9 publications

A systematic review on distributed denial of service attack defense mechanisms in programmable networks

A systematic review on distributed denial of service attack defense mechanisms in programmable networks

A Survey of Networking Applications Applying the Software Defined Networking Concept Based on Machine Learning

Removing Undesirable Flows by Edge Deletion

Contact Info

Product

Resources

About