SD-WAN Flood Tracer: Tracking the entry points of DDoS attack flows in WAN

Dayal, Neelam; Srivastava, Shashank

doi:10.1016/j.comnet.2021.107813

Cited by 7 publications

(7 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Sahay et al [31] addressed the problem of traceability tracing in a multicontroller scenario by dealing with traffic identification in ISP networks. Dayal and Srivastava [16] solved the problem of cross-domain and intradomain traceability for SD-WAN scenarios.…”

Section: Related Workmentioning

confidence: 99%

“…e unique information architecture provides scholars with a new idea of IP traceback. SDNbased logging traceback schemes [15][16][17] utilize the control plane to centralize DDoS attacks and identify the attackers. However, there is a key challenge in this scenario, where the existing traceability tasks are overly focused on the control plane.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Low-Overhead and High-Precision Attack Traceback Scheme with Combination Bloom Filters

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

Distributed denial of service attacks seriously threatens the availability of highly resilient software-defined networking systems, such as data center networks. A traceback scheme is an effective means of mitigating attacks by identifying the location of the attacker and the attacking path. However, traditional traceback schemes suffer from low traceability success rates, high packet header overheads, and high communication traffic overheads, in addition to the fact that logically centralized traceability schemes make the control plane a prime target for attacks. To overcome the above challenges, we propose the low-overhead and high-precision traceback scheme, which is divided into two stages: packet marking and path reconstruction. The first stage of the traceback scheme utilizes programmable switches in the data plane to selectively mark the actual physical path information that the packet was forwarded on. The marking method is adaptive to the path length, which utilizes a combined Bloom filter so that the packet length does not grow with the length of the attacking path. The proposed probabilistic packet marking algorithm effectively reduces the number of packets collected to reconstruct the attacking path. The second stage of the traceback scheme utilizes the distributed victim host to reconstruct the attacking path without the controller and locate the source of the attacker. Theoretical analysis and experimental results show that the proposed scheme ensures the high accuracy of tracing and minimizes the traffic overhead and storage overhead required for the traceback process.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

A Low-Overhead and High-Precision Attack Traceback Scheme with Combination Bloom Filters

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…Dayal et al [6] propose a trigger-based traceback mechanism called SD-WAN Flood Tracer to facilitate tracing attack sources in Software-Defined Wide Area Network (SD-WAN). The proposed solution can be used to monitor internal traces in the vicinity of a single controller and external traces in the vicinity of another controller.…”

Section: Network Securitymentioning

confidence: 99%

Challenges and Solutions for hybrid SDN

et al. 2021

View full text Add to dashboard Cite

show abstract

“…Traceback is a mitigation technique for determining the packet source or flow by tracing the path taken by it. One such work by Dayal and Srivastava 10 proposed the mitigation of DDoS attack using a traceback mechanism in SDN wide area networks using floodlight controller. Their work comprises two traceback mechanisms: internal and external, to trace the attack sources and prevent the attack, thereby protecting the genuine network.…”

Section: Introductionmentioning

confidence: 99%

ONOS Flood Defender: An Intelligent Approach to Mitigate DDoS Attack in SDN

Aslam

Srivastava

Gore

2022

Trans Emerging Tel Tech

Self Cite

View full text Add to dashboard Cite

Software-Defined Networking (SDN) has made its place in the networks as new technology. SDN's programmable behavior enables it to change behavior on the fly, provides instructions for the task's automatic performance, dynamic scaling, and service integration. These advantages have made SDN necessary in networks. However, SDN suffers from the threat of DDoS attack. We have developed an approach to mitigate these threats by creating an ONOS Flood Defender Application (OFD App). This app effectively detects DDoS attack using supervised and ensemble machine learning techniques and mitigates them by tracebacking the attack traffic to its origin. Our results show that ensemble machine learning techniques perform better than single machine learning algorithm to detect DDoS attack. Random Forest classifier (RFC), an ensemble technique, performs best with the highest accuracy of 99.3% in detecting DDoS attack, followed by XGBoost classifier with an accuracy of 99%. The proposed framework of the OFD app is implemented in a Mininet emulator and ONOS SDN controller. The application performs effectively in terms of time, accuracy, and overhead of the system. Our app efficiently mitigates the attacks, thereby preventing a tremendous amount of damage to legitimate users.

show abstract

SD-WAN Flood Tracer: Tracking the entry points of DDoS attack flows in WAN

Cited by 7 publications

References 7 publications

A Low-Overhead and High-Precision Attack Traceback Scheme with Combination Bloom Filters

A Low-Overhead and High-Precision Attack Traceback Scheme with Combination Bloom Filters

Challenges and Solutions for hybrid SDN

ONOS Flood Defender: An Intelligent Approach to Mitigate DDoS Attack in SDN

Contact Info

Product

Resources

About