Please wait a minute...
 首页  期刊介绍 期刊订阅 联系我们
 
最新录用  |  预出版  |  当期目录  |  过刊浏览  |  阅读排行  |  下载排行  |  引用排行  |  百年期刊
Journal of Tsinghua University(Science and Technology)    2019, Vol. 59 Issue (1) : 36-43     DOI: 10.16511/j.cnki.qhdxxb.2018.25.062
INFORMATION SECURITY |
Software defined network moving target defense mechanism against link flooding attacks
XIE Lixia, DING Ying
School of Computer Science and Technology, Civil Aviation University of China, Tianjin 300300, China
Download: PDF(1292 KB)  
Export: BibTeX | EndNote | Reference Manager | ProCite | RefWorks    
Abstract  This paper presents a software defined network (SDN) based defense mechanism to detect and mitigate a new distributed denial of service (DDoS) attack named Crossfire. An SDN traffic-level centralized monitoring and shunt control model was defined based on the Crossfire characteristics for the defense mechanism. The SDN re-routing strategy was used to resolve the congestion load of the attacked link with flexible traffic scheduling used to alleviate the congestion and avoid critical link interruption that could seriously interfere with network service. The SDN mobile target defense mechanism was used to dynamically adjust the network configuration and network behavior to induce the attacker to adjust the attack traffic; thereby improving the attack detection efficiency of the bait server. Tests show that this mechanism can effectively defend against Crossfire attacks and that the SDN defense mechanism and rerouting strategy does not require significant overhead.
Keywords Crossfire      distributed denial of service (DDoS) attack      software defined network (SDN)      re-routing     
Issue Date: 16 January 2019
Service
E-mail this article
E-mail Alert
RSS
Articles by authors
XIE Lixia
DING Ying
Cite this article:   
XIE Lixia,DING Ying. Software defined network moving target defense mechanism against link flooding attacks[J]. Journal of Tsinghua University(Science and Technology), 2019, 59(1): 36-43.
URL:  
http://jst.tsinghuajournals.com/EN/10.16511/j.cnki.qhdxxb.2018.25.062     OR     http://jst.tsinghuajournals.com/EN/Y2019/V59/I1/36
  
  
  
  
  
  
  
  
  
  
  
  
  
[1] SAMI I U, AHMAD M B, ASIF M, et al. DoS/DDoS detection for e-healthcare in Internet of things[J]. International Journal of Advanced Computer Science & Applications, 2018, 9(1):297-300.
[2] BHARDWAJ A, SUBRAHMANYAM G V B, AVASTHI V, et al. DDoS attacks, new DDoS taxonomy and mitigation solutions-A survey[C]//The Proceedings of the International Conference on Signal Processing, Communication, Power and Embedded System. Paralakhemundi, India:IEEE, 2017:793-798.
[3] KANG M S, LEE S B, GLIGOR V D. The crossfire attack[C]//Proceedings of IEEE Symposium on Security and Privacy. Berkeley, USA:IEEE, 2013:127-141.
[4] MAHALE V V, PAREEK N P, UTTARWAR V U. Alleviation of DDoS attack using advance technique[C]//Proceedings of 2017 International Conference on Innovative Mechanisms for Industry Applications. Bangalore, India:IEEE, 2017:172-176.
[5] LEE Y J, BAIK N K, KIM C, et al. Study of detection method for spoofed IP against DDoS attacks[J]. Personal and Ubiquitous Computing, 2018, 22(1):35-44.
[6] HOQUE N, BHATTACHARYYA D K, KALITA J K. An alert analysis approach to DDoS attack detection[C]//Proceedings of 2016 International Conference on Accessibility to Digital World. Guwahati, India:IEEE, 2017:33-38.
[7] KHADKE A, MADANKAR M, MOTGHARE M. Review on mitigation of distributed denial of service (DDoS) attacks in cloud computing[C]//Proceedings of the 10th International Conference on Intelligent Systems and Control. Coimbatore, India:IEEE, 2016:1-5.
[8] AYDEGER A, SAPUTRO N, AKKAYA K, et al. Mitigating crossfire attacks using SDN-based moving target defense[C]//The Proceedings of the 41st IEEE Conference on Local Computer Networks. Dubai, United Arab Emirates:IEEE, 2016:627-630.
[9] GKOUNIS D, KOTRONIS V, DIMITROPOULOS X. Towards defeating the crossfire attack using SDN, 1412.2013v1[R]. Vassilika Vouton, Greece:The Foundation for Research and Technology-Hellas, 2014.
[10] 张朝昆, 崔勇, 唐翯祎, 等. 软件定义网络(SDN)研究进展[J]. 软件学报, 2015, 26(1):62-81. ZHANG C K, CUI Y, TANG H Y, et al. State-of-the art survey on software-defined networking (SDN)[J]. Journal of Software, 2015, 26(1):62-81. (in Chinese)
[11] MCKEOWN N, ANDERSON T, BALAKRISHNAN H, et al. OpenFlow:Enabling innovation in campus networks[J]. ACM SIGCOMM Computer Communication Review, 2008, 38(2):69-74.
[12] KALKAN K, GUR G, ALAGOZ F. Defense mechanisms against DDoS attacks in SDN environment[J]. IEEE Communications Magazine, 2017, 55(9):175-179.
[13] KANAGEVLU R, AUNG K M M. SDN controlled local re-routing to reduce congestion in cloud data center[C]//Proceedings of 2015 International Conference on Cloud Computing Research and Innovation. Singapore:IEEE, 2016:80-88.
[14] LAI J, FU Q, MOORS T. Rapid IP rerouting with SDN and NFV[C]//Proceedings of Global Communications Conference. San Diego, USA:IEEE, 2016:1-7.
[15] BASTA A, BLENK A, DUDYCZ S, et al. Efficient Loop-free rerouting of multiple SDN flows[J]. IEEE/ACM Transactions on Networking, 2018, 26(2):948-961.
[16] MAIER D. The complexity of some problems on subsequences and supersequences[M]. New York, USA:ACM, 1978.
[1] YANG Yang, YANG Jiahai, QIN Donghong. Multipath routing algorithm for data center networks[J]. Journal of Tsinghua University(Science and Technology), 2016, 56(3): 262-268.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
Copyright © Journal of Tsinghua University(Science and Technology), All Rights Reserved.
Powered by Beijing Magtech Co. Ltd