INFORMATION SECURITY |
|
|
|
|
|
Software defined network moving target defense mechanism against link flooding attacks |
XIE Lixia, DING Ying |
School of Computer Science and Technology, Civil Aviation University of China, Tianjin 300300, China |
|
|
Abstract This paper presents a software defined network (SDN) based defense mechanism to detect and mitigate a new distributed denial of service (DDoS) attack named Crossfire. An SDN traffic-level centralized monitoring and shunt control model was defined based on the Crossfire characteristics for the defense mechanism. The SDN re-routing strategy was used to resolve the congestion load of the attacked link with flexible traffic scheduling used to alleviate the congestion and avoid critical link interruption that could seriously interfere with network service. The SDN mobile target defense mechanism was used to dynamically adjust the network configuration and network behavior to induce the attacker to adjust the attack traffic; thereby improving the attack detection efficiency of the bait server. Tests show that this mechanism can effectively defend against Crossfire attacks and that the SDN defense mechanism and rerouting strategy does not require significant overhead.
|
Keywords
Crossfire
distributed denial of service (DDoS) attack
software defined network (SDN)
re-routing
|
Issue Date: 16 January 2019
|
|
|
[1] SAMI I U, AHMAD M B, ASIF M, et al. DoS/DDoS detection for e-healthcare in Internet of things[J]. International Journal of Advanced Computer Science & Applications, 2018, 9(1):297-300. [2] BHARDWAJ A, SUBRAHMANYAM G V B, AVASTHI V, et al. DDoS attacks, new DDoS taxonomy and mitigation solutions-A survey[C]//The Proceedings of the International Conference on Signal Processing, Communication, Power and Embedded System. Paralakhemundi, India:IEEE, 2017:793-798. [3] KANG M S, LEE S B, GLIGOR V D. The crossfire attack[C]//Proceedings of IEEE Symposium on Security and Privacy. Berkeley, USA:IEEE, 2013:127-141. [4] MAHALE V V, PAREEK N P, UTTARWAR V U. Alleviation of DDoS attack using advance technique[C]//Proceedings of 2017 International Conference on Innovative Mechanisms for Industry Applications. Bangalore, India:IEEE, 2017:172-176. [5] LEE Y J, BAIK N K, KIM C, et al. Study of detection method for spoofed IP against DDoS attacks[J]. Personal and Ubiquitous Computing, 2018, 22(1):35-44. [6] HOQUE N, BHATTACHARYYA D K, KALITA J K. An alert analysis approach to DDoS attack detection[C]//Proceedings of 2016 International Conference on Accessibility to Digital World. Guwahati, India:IEEE, 2017:33-38. [7] KHADKE A, MADANKAR M, MOTGHARE M. Review on mitigation of distributed denial of service (DDoS) attacks in cloud computing[C]//Proceedings of the 10th International Conference on Intelligent Systems and Control. Coimbatore, India:IEEE, 2016:1-5. [8] AYDEGER A, SAPUTRO N, AKKAYA K, et al. Mitigating crossfire attacks using SDN-based moving target defense[C]//The Proceedings of the 41st IEEE Conference on Local Computer Networks. Dubai, United Arab Emirates:IEEE, 2016:627-630. [9] GKOUNIS D, KOTRONIS V, DIMITROPOULOS X. Towards defeating the crossfire attack using SDN, 1412.2013v1[R]. Vassilika Vouton, Greece:The Foundation for Research and Technology-Hellas, 2014. [10] 张朝昆, 崔勇, 唐翯祎, 等. 软件定义网络(SDN)研究进展[J]. 软件学报, 2015, 26(1):62-81. ZHANG C K, CUI Y, TANG H Y, et al. State-of-the art survey on software-defined networking (SDN)[J]. Journal of Software, 2015, 26(1):62-81. (in Chinese) [11] MCKEOWN N, ANDERSON T, BALAKRISHNAN H, et al. OpenFlow:Enabling innovation in campus networks[J]. ACM SIGCOMM Computer Communication Review, 2008, 38(2):69-74. [12] KALKAN K, GUR G, ALAGOZ F. Defense mechanisms against DDoS attacks in SDN environment[J]. IEEE Communications Magazine, 2017, 55(9):175-179. [13] KANAGEVLU R, AUNG K M M. SDN controlled local re-routing to reduce congestion in cloud data center[C]//Proceedings of 2015 International Conference on Cloud Computing Research and Innovation. Singapore:IEEE, 2016:80-88. [14] LAI J, FU Q, MOORS T. Rapid IP rerouting with SDN and NFV[C]//Proceedings of Global Communications Conference. San Diego, USA:IEEE, 2016:1-7. [15] BASTA A, BLENK A, DUDYCZ S, et al. Efficient Loop-free rerouting of multiple SDN flows[J]. IEEE/ACM Transactions on Networking, 2018, 26(2):948-961. [16] MAIER D. The complexity of some problems on subsequences and supersequences[M]. New York, USA:ACM, 1978. |
|
Viewed |
|
|
|
Full text
|
|
|
|
|
Abstract
|
|
|
|
|
Cited |
|
|
|
|
|
Shared |
|
|
|
|
|
Discussed |
|
|
|
|