Towards Crossfire Distributed Denial of Service Attack Protection Using Intent-Based Moving Target Defense Over Software-Defined Networking

Hyder, Muhammad Faraz; Fatima, Tasbiha

doi:10.1109/access.2021.3103845

Cited by 17 publications

(12 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The paper [73] proposed MTD architectures by utilizing SDN and intent-based networking, a methodology providing dynamic network management to prevent crossfire attacks. Every packet from SDN switches is forwarded to an SDN controller which decides whether it is malicious and can act in one of two ways to route the traffic into a shadow network, effectively preventing the attacker from successfully executing the attack.…”

Section: Route Mutationmentioning

confidence: 99%

“…This approach can be found in [79,82,91,116] or [106]. Lastly, architectures utilizing per packet address or route mutation apply this MTD strategy to every single packet reaching the switch [73,93,99].…”

Section: When To Movementioning

confidence: 99%

“…Among the most popular controllers used throughout the surveyed literature were POX [125], used by [94,101,109,112] and Ryu [59] used in [72,74,79,84]. Other choices of controllers include ONOS [55], which appeared in [73,86,120]. NOX [126] was used in [17,99], Opendaylight [56] in [96], and Floodlight [127] in [104].…”

Section: Testbedsmentioning

confidence: 99%

“…Attack success probability [17,72,73,77,83,85,92,93,100,102,103,109,111,116,117,120]: This metric describes a chance for the attack to be successfully performed. We've decided to make this an umbrella term for both the attacker and defender perspective, as they can be viewed as the two sides of the same coin.…”

Section: Metricsmentioning

confidence: 99%

“…Performance overhead [17,73,74,77,83,90,91,93,95,[98][99][100][101][102][103][104]109,110,115,118]: This metric describes additional overhead introduced into the system after applying the proposed MTD technique.…”

Section: Metricsmentioning

confidence: 99%

See 4 more Smart Citations

A Survey on Moving Target Defense for Networks: A Practical View

2022

View full text Add to dashboard Cite

The static nature of many of currently used network systems has multiple practical benefits, including cost optimization and ease of deployment, but it makes them vulnerable to attackers who can observe from the shadows to gain insight before launching a devastating attack against the infrastructure. Moving target defense (MTD) is one of the emerging areas that promises to protect against this kind of attack by continuously shifting system parameters and changing the attack surface of protected systems. The emergence of network functions virtualization (NFV) and software-defined networking (SDN) technology allows for the implementation of very sophisticated MTD techniques. Furthermore, the introduction of such solutions as field-programmable gate array (FPGA) programmable acceleration cards makes it possible to take the MTD concept to the next level. Applying hardware acceleration to existing concepts or developing new, dedicated methods will offer more robust, efficient, and secure solutions. However, to the best of the authors’ knowledge, there are still no major implementations of MTD schemes inside large-scale networks. This survey aims to understand why, by analyzing research made in the field of MTD to show current pitfalls and possible improvements that need to be addressed in future proposals to make MTD a viable solution to address current cybersecurity threats in real-life scenarios.

show abstract

Section: Route Mutationmentioning

confidence: 99%