LineSwitch: Tackling Control Plane Saturation Attacks in Software-Defined Networking

Ambrosin, Moreno; Conti, Mauro; Gaspari, Fabio De; Poovendran, Radha

doi:10.1109/tnet.2016.2626287

Cited by 98 publications

(57 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…On the other hand, the potential advantages in exploiting collaborative intelligence of SDN have not been well investigated as effective DDoS attack defense requires extremely accurate detection and rapid reaction in both. Otherwise, it may result in SDN controller saturation attack in the worst case, as discussed in [16,17].…”

Section: Introductionmentioning

confidence: 99%

OverWatch: A Cross-Plane DDoS Attack Defense Framework with Collaborative Intelligence in SDN

Han

Yang

Sun

et al. 2018

Security and Communication Networks

View full text Add to dashboard Cite

Distributed Denial of Service (DDoS) attacks are one of the biggest concerns for security professionals. Traditional middle-box based DDoS attack defense is lack of network-wide monitoring flexibility. With the development of software-defined networking (SDN), it becomes prevalent to exploit centralized controllers to defend against DDoS attacks. However, current solutions suffer with serious southbound communication overhead and detection delay. In this paper, we propose a cross-plane DDoS attack defense framework in SDN, called OverWatch, which exploits collaborative intelligence between data plane and control plane with high defense efficiency. Attack detection and reaction are two key procedures of the proposed framework. We develop a collaborative DDoS attack detection mechanism, which consists of a coarse-grained flow monitoring algorithm on the data plane and a finegrained machine learning based attack classification algorithm on the control plane. We propose a novel defense strategy offloading mechanism to dynamically deploy defense applications across the controller and switches, by which rapid attack reaction and accurate botnet location can be achieved. We conduct extensive experiments on a real-world SDN network. Experimental results validate the efficiency of our proposed OverWatch framework with high detection accuracy and real-time DDoS attack reaction, as well as reduced communication overhead on SDN southbound interface.

show abstract

Section: Introductionmentioning

confidence: 99%

OverWatch: A Cross-Plane DDoS Attack Defense Framework with Collaborative Intelligence in SDN

Han

Yang

Sun

et al. 2018

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…The major issues of contention are: (1) TCP connection‐migration proxy technique may break the end‐to‐end semantics of TCP/IP client and server paradigm and (2) large volume of completed TCP handshakes from legit users may incapacitate the stateful connection‐migration mechanism, filling up the translation table and also limiting simultaneous connections for migration. We believe that some of the works that proposed solutions based on the proxy/firewall techniques, did not consider the finer aspects of the system and hence that opened up vulnerabilities and protocol violations. In our DTARS antispoofing system, we attempted to solve the above issues to a large extent by applying a probabilistic model to select connections for proxying and consequent connection‐migration for TCP/IP services in an SDN‐enabled network.…”

Section: Discussionmentioning

confidence: 99%

“…The goal is to avoid the control channel choking (“switch‐to‐controller”), communication overhead, and a delayed response for newflow connections. There are some exemplary works that proposed adding intelligence to SDN switches . The primary goal for this design is to keep the packet inspection and defensive actions within the data plane.…”

Section: Related Workmentioning

confidence: 99%

“…Thus, the controller needs to poll flow statistics or packets from data plane switches frequently for attack detection and botnet locations, which increases southbound overhead and detection delay significantly. On the other hand, the potential advantages in exploiting collaborative intelligence of SDN have not been well investigated, as effective DDoS attack defense requires extremely accurate detection and rapid reaction in both, to avoid controller saturation attack as the worst case . The two critical problems of the existing SDN‐based defense methods are as follows: (1) As both detection and mitigation of attacks require forwarding all the packets including malicious traffic from switch to controller, the control channel becomes saturated and also overload the controller process; and (2) if the controller processes each packet, then it defeats the original SDN paradigm where a controller enforces flow level logic and data plane deal with packets.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

SDN/NFV security framework for fog‐to‐things computing infrastructure

2019

View full text Add to dashboard Cite

Summary Currently, core networking architectures are facing disruptive developments, due to emergence of paradigms such as Software‐Defined‐Networking (SDN) for control, Network Function Virtualization (NFV) for services, and so on. These are the key enabling technologies for future applications in 5G and locality‐based Internet of things (IoT)/wireless sensor network services. The proliferation of IoT devices at the Edge networks is driving the growth of all‐connected world of Internet traffic. In the Cloud‐to‐Things continuum, processing of information and data at the Edge mandates development of security best practices to arise within a fog computing environment. Service providers are transforming their business using NFV‐based services and SDN‐enabled networks. The SDN paradigm offers an easily programmable model, global view, and control for modern networks, which demand faster response to security incidents and dynamically enforce countermeasures to intrusions and cyberattacks. This article proposes an autonomic multilayer security framework called Distributed Threat Analytics and Response System (DTARS) for a converged architecture of Fog/Edge computing and SDN infrastructures, for emerging applications in IoT and 5G networks. The major detection scheme is deployed within the data plane, consisting of a coarse‐grained behavioral, anti‐spoofing, flow monitoring and fine‐grained traffic multi‐feature entropy‐based algorithms. We developed exemplary defense applications under DTARS framework, on a malware testbed imitating the real‐life DDoS/botnets such as Mirai. The experiments and analysis show that DTARS is capable of detecting attacks in real‐time with accuracy more than 95% under attack intensities up to 50 000 packets/s. The benign traffic forwarding rate remains unaffected with DTARS, while it drops down to 65% with traditional NIDS for advanced DDoS attacks. Further, DTARS achieves this performance without incurring additional latency due to data plane overhead.

show abstract

“…Similarly, [168] also consider DoS attacks against the SDN control channel. The authors introduce LineSwitch, which is a mitigation approach based probabilistic proxying and blacklisting.…”

Section: Related Workmentioning

confidence: 99%

Security in software defined networks

Alharbi¹

View full text Add to dashboard Cite

Software Defined Networking (SDN) is an emerging computer network paradigm and represents one of the most promising technologies to simplify network management and configuration through increased network programmability and abstraction. In contrast to traditional networks, in SDN, the control plane, which makes decisions on how to forward traffic, is separated from the data plane, which transmits traffic to selected destinations. That makes network control (via the SDN controller) more programmable, dynamic and centralised. With the higher level of abstraction that SDN provides, network administrators can more easily configure network services and manage traffic flows without having to configure a large number of individual network devices (switches and routers). The great potential of SDN has led to significant deployments in data centres, wide area networks, etc., and it is growing at a rapid pace.Security is a critical aspect of networking in general and is particularly vital in SDN. Due to its fundamentally new architecture, SDN presents new potential security vulnerabilities and risks. Security in SDN has not received much attention yet, given that it is very distinct and unique.The goal of this PhD was to address this gap and analyse the security of the SDN infrastructure, identify vulnerabilities and weaknesses, and propose corresponding solutions and improvements. The focus was on the fundamental aspects and components of SDN, in particular the building blocks of the control plane components include Topology Discovery, Address Resolution Protocol (ARP) Handling and Virtualisation Layer. Finally, the thesis thoroughly explored and investigated the most common and effective attacks against the SDN architecture.

show abstract

LineSwitch: Tackling Control Plane Saturation Attacks in Software-Defined Networking

Cited by 98 publications

References 14 publications

OverWatch: A Cross-Plane DDoS Attack Defense Framework with Collaborative Intelligence in SDN

OverWatch: A Cross-Plane DDoS Attack Defense Framework with Collaborative Intelligence in SDN

SDN/NFV security framework for fog‐to‐things computing infrastructure

Security in software defined networks

Contact Info

Product

Resources

About