Dynamic Defense for DDoS Attack Using OpenFlow-based Switch Shuffling Approach

WU Zehui; WEI Qiang; REN Kailei; WANG Qingxian

doi:10.11999/JEIT160449

Volume 39 Issue 2

Feb. 2017

Turn off MathJax

Article Contents

Article Navigation > Journal of Electronics & Information Technology > 2017 > 39(2): 397-404

WU Zehui, WEI Qiang, REN Kailei, WANG Qingxian. Dynamic Defense for DDoS Attack Using OpenFlow-based Switch Shuffling Approach[J]. Journal of Electronics & Information Technology, 2017, 39(2): 397-404. doi: 10.11999/JEIT160449

Citation:

WU Zehui, WEI Qiang, REN Kailei, WANG Qingxian. Dynamic Defense for DDoS Attack Using OpenFlow-based Switch Shuffling Approach[J]. Journal of Electronics & Information Technology, 2017, 39(2): 397-404. doi: 10.11999/JEIT160449

Citation:

PDF( 2461 KB)

Dynamic Defense for DDoS Attack Using OpenFlow-based Switch Shuffling Approach

doi: 10.11999/JEIT160449

Funds:

The National 863 Program of China (2012AA012902), The National Science Fund for Distinguished Young Scholars (61402526)

Received Date: 2016-05-03
Rev Recd Date: 2016-09-27
Publish Date: 2017-02-19

Abstract

Abstract

The limitations of network resource and the dispersion of network management are the two major difficulties for traditional networks to address the Distributed Denial of Service (DDoS) attacks. However, current defense methods are static and hysteresis, which are unable to locate the attackers accurately. Therefore, a dynamic defense using the two pivotal features, centralized control and dynamic management, of Software Defined Networks (SDN) is proposed. An OpenFlow-based switch shuffling model is built which employs greedy algorithm to remap user-switch link dynamically. After several shuffling, attacker could be differentiated from legitimate users and provide the latter with low latency uninterrupted services. The proposed approach is implemented in Ryu, the open source SDN controller, and the prototype is tested in a real SDN. The results of performance test show that with this approach attackers in limited times of shuffling can be isolated and the effects of DDoS attacks on legal flows can be reduced. The outcomes of defense ability test demonstrate that the efficiency of the proposed dynamic approach has nothing to do with the size of attack flow, but is only related to the number of attackers in the ring topology structure which is composed of a single controller.
- Cyber security,
- Software Defined Networks (SDN),
- Distributed Denial of Service (DDoS),
- Dynamic defense

FullText(HTML)

References(11)

References

PRAS A, SANTANNA J, and STEINBERGER J. DDoS 3.0-How Terrorists Bring Down the Internet[M]. New York: Springer, 2016: 1-4. doi: 10.1007/978-3-319-31559-1_1.

YADAV V K, TRIVEDI C, and MEHTRE M. DDA: an approach to handle DDoS (Ping Flood) attack[C]. International Conference on ICT for Sustainable Development, Singapore, 2016: 11-23. doi: rg/10.1007/978- 981-10-0129-1_2.

NAGPAL B, SHARMA P, and CHAUHAN N. DDoS tools: classification, analysis and comparison[C]. IEEE International Conference on Computing for Sustainable Global Development, New Delhi, India, 2015: 342-346.

LIU Xia, YANG Xin, and XIA Yu. Netfence: preventing internet denial of service from inside out[C]. ACM Sigcomm Computer Communication Review, New York, NY, USA, 2010: 255-266. doi: 10.1145/1851182.1851214.

BRAGA R, MOTA E, and PASSITO A. Lightweight DDoS flooding attack detection using NOX/OpenFlow[C]. International Conference on Local Computer Networks, Washington, DC, USA, 2010: 408-415. doi: 10.1109/lcn. 2010.5735752.

YEGANEH S and CANJALI Y. Kandoo: a framework for efficient and scalable offloading of control applications[C]. ACM Workshop on Hot Topics in Software Defined Networks, Helsinki, Finland, 2012: 19-24. doi: 10.1145/ 2342441. 2342446.

SHIN S and PORRAS P. AVANT-GUARD: scalable and vigilant switch flow management in software-defined networks[C]. International Conference on Computer and Communications Security. Berlin, Germany, 2013: 413-424. doi: 10.1145 /2508859.2516684.

LIM S, HA J, KIM H, et al. A SDN-oriented DDoS blocking scheme for botnet-based attacks[C]. International Conference on Ubiquitous and Future Networks, Shanghai, China, 2014: 63-68. doi: 10.1109/icufn.2014.6876752.

JOHNSON N and KOTZ S. Urn models and their applications: an approach to modern discrete probability theory[J]. Journal of International Statistical Review, 1978, 20(4): 104-119. doi: 10.2307/3617688.

EGER S. Stirlings approximation for central extended binomial coefficients[J]. Journal of American Mathematica, 2014, 121(4): 344-349. doi: 10.4169/amer.math.monthly.121. 04.344.

MATSUMOTO M and NISHIMURA T. Mersenne twister: a 623-dimensionally equidistributed uniform pseudo-random number generator[J], Journal of Model, 1998, 8(1): 3-30. doi: 10.1145/272991.272995.

Relative Articles

Supplements(0)

Cited By

Cited by

Periodical cited type(13)

1.	王洋，汤光明，王硕，楚江. 基于API调用管理的SDN应用层DDoS攻击防御机制. 网络与信息安全学报. 2022(02): 73-87 .
2.	刘涛，尹胜. SDN环境中基于交叉熵的分阶段DDoS攻击检测与识别. 计算机应用与软件. 2021(02): 328-333 .
3.	龚健虎，张跃进. 深度AWB结合改进DIT的高效大数据分类. 计算机工程与设计. 2021(02): 468-474 .
4.	余庚，陈宏意. 复杂DCN多业务布局优化设计. 科学技术创新. 2021(18): 120-121 .
5.	宋克，刘勤让，魏帅，张文建，谭力波. 基于拟态防御的以太网交换机内生安全体系结构. 通信学报. 2020(05): 18-26 .
6.	徐建峰，张方韬，徐震，王利明. 基于嗅探技术的字段操纵攻击研究. 电子与信息学报. 2020(10): 2342-2349 . 本站查看
7.	石乐义，李阳，马猛飞. 蜜罐技术研究新进展. 电子与信息学报. 2019(02): 498-508 . 本站查看
8.	陈超，曹晓梅. SDN场景中基于双向流量特征的DDoS攻击检测方法. 计算机应用研究. 2019(07): 2148-2153 .
9.	雷明涛，柯昌骏，朱昊，李晓禹. 基于OpenFlow的软件定义网络防火墙设计. 信息化研究. 2018(02): 29-34 .
10.	许文庆，余庚. SDN架构下数据流量调度算法的设计. 光通信研究. 2018(03): 5-8+20 .
11.	吴路明，裘愉涛，陈琦. 基于SDN的电力通信网络关键技术综述. 电力工程技术. 2018(03): 134-144 .
12.	王杨俊杰，解忧，张卫涛. SDN中基于卡方检验的DDoS防御. 计算机工程与设计. 2018(09): 2743-2747 .
13.	李恒，沈华伟，程学旗，翟永. 网络高流量分布式拒绝服务攻击防御机制研究综述. 信息网络安全. 2017(05): 37-43 .