Christos Gkountis, Miran Taha, Jaime Lloret, G. Kambourakis
{"title":"Lightweight algorithm for protecting SDN controller against DDoS attacks","authors":"Christos Gkountis, Miran Taha, Jaime Lloret, G. Kambourakis","doi":"10.1109/WMNC.2017.8248858","DOIUrl":null,"url":null,"abstract":"It is without a doubt that both the controller and switch of an SDN are vulnerable to Distributed Denial of Service (DDoS) attacks. Typically, this ilk of attacks targets the flow table of the deployed network switches with the aim of producing overloading, high network delays, and consume bandwidth. Motivated by this fact, in this paper, we propose a lightweight scheme which is based on a set of rules to efficiently characterize packets send to a network switch as malicious or not. Through testbed experimentation and comparison with legacy DDoS protection schemes, we demonstrate that our solution performs significantly better when it comes to SDN ecosystem of mobile users.","PeriodicalId":338777,"journal":{"name":"2017 10th IFIP Wireless and Mobile Networking Conference (WMNC)","volume":"52 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"42","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 10th IFIP Wireless and Mobile Networking Conference (WMNC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WMNC.2017.8248858","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 42
Abstract
It is without a doubt that both the controller and switch of an SDN are vulnerable to Distributed Denial of Service (DDoS) attacks. Typically, this ilk of attacks targets the flow table of the deployed network switches with the aim of producing overloading, high network delays, and consume bandwidth. Motivated by this fact, in this paper, we propose a lightweight scheme which is based on a set of rules to efficiently characterize packets send to a network switch as malicious or not. Through testbed experimentation and comparison with legacy DDoS protection schemes, we demonstrate that our solution performs significantly better when it comes to SDN ecosystem of mobile users.
毫无疑问,SDN的控制器和交换机都容易受到DDoS (Distributed Denial of Service)攻击。通常,这类攻击的目标是已部署网络交换机的流表,目的是产生过载、高网络延迟和消耗带宽。基于这一事实,本文提出了一种基于一组规则的轻量级方案,以有效地表征发送到网络交换机的数据包是否为恶意数据包。通过试验台实验和与传统DDoS保护方案的比较,我们证明了我们的解决方案在移动用户的SDN生态系统中表现得更好。
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
