{"title":"A Dynamic Hybrid Timeout Method to Secure Flow Tables Against DDoS Attacks in SDN","authors":"Balram Sooden, Mohammad Reza Abbasi","doi":"10.1109/ICSCCC.2018.8703307","DOIUrl":null,"url":null,"abstract":"Distributed Denial of Service attacks are one of the major threats to network-based services today. Software Defined Networks (SDN) has the potential to evolve into a much more secure network paradigm than a traditional network as the whole network is controlled by a central controller having a complete view of the network. Being a considerably new concept, there are certain research problems related to SDN which are still needed to be addressed. Our work focuses on the collection of flow statistics to record the complete current and historical dynamics of the network by the controller to enable it to detect and prevent anomalous behavior in the network. Another research problem addressed in this paper is based on the Ternary Content Addressable Memory (TCAM) limitation of SDN based switches, which can be exploited with malicious hosts generating discrete network flows. To address this problem we propose the Dynamic Hybrid Timeout Method. It uses a blend of idle and hard timeout methods in addition to the Peer Support Strategy to enhance the durability of TCAM memory during flow table overloading DDoS attacks. The simulation results show that the Dynamic Hybrid Timeout Method enhances the performance of the Peer Support Strategy and adds durability in flow table memory utilization.","PeriodicalId":148491,"journal":{"name":"2018 First International Conference on Secure Cyber Computing and Communication (ICSCCC)","volume":"2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 First International Conference on Secure Cyber Computing and Communication (ICSCCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICSCCC.2018.8703307","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 4
Abstract
Distributed Denial of Service attacks are one of the major threats to network-based services today. Software Defined Networks (SDN) has the potential to evolve into a much more secure network paradigm than a traditional network as the whole network is controlled by a central controller having a complete view of the network. Being a considerably new concept, there are certain research problems related to SDN which are still needed to be addressed. Our work focuses on the collection of flow statistics to record the complete current and historical dynamics of the network by the controller to enable it to detect and prevent anomalous behavior in the network. Another research problem addressed in this paper is based on the Ternary Content Addressable Memory (TCAM) limitation of SDN based switches, which can be exploited with malicious hosts generating discrete network flows. To address this problem we propose the Dynamic Hybrid Timeout Method. It uses a blend of idle and hard timeout methods in addition to the Peer Support Strategy to enhance the durability of TCAM memory during flow table overloading DDoS attacks. The simulation results show that the Dynamic Hybrid Timeout Method enhances the performance of the Peer Support Strategy and adds durability in flow table memory utilization.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
