{"title":"在基于 SDN 的网络中检测和缓解 DDOS 攻击的经济高效方法","authors":"Alaa Allakany","doi":"10.21608/kjis.2023.251235.1018","DOIUrl":null,"url":null,"abstract":"Software-defined networks (SDN) provide a centralized administration programming interface for managing the network infrastructure. This new approach replaced traditional networks by establishing a flexible connection between the control and data planes, managing network operations through a centralized controller. As a result, prioritizing the security of the SDN controller becomes imperative in SDN networks. In the recent wave of distributed denial-of-service (DDoS) attacks, attackers have shifted their strategy from directly targeting the SDN controller to concentrating on specific links or area, causing disruptions in connectivity. This attack, known as Link-flooding attack (LFA), represent a novel form of DDoS attack. LFA targets the SDN control channel, which transmits control traffic from the SDN controller to switches, taking advantage of shared links in both control and data traffic paths. This sharing exposes a vulnerability that attackers can exploit to disrupt the control channel, using malicious data traffic to execute LFA. Considering the control channel's responsibility for granting centralized control to the controller over each network switch, it becomes relatively easy for an attacker to compromise all network functions. To handle this problem, in this paper, we develop a novel approach based on SDN designed for security solutions against DDoS and LFA. Our proposed scheme utilizes hop-by-hop network measurement to identify and capture abnormal link performance, enabling effective detection of such attacks. Subsequently, a Machine Learning (ML) model is employed to determine whether the congested links indicate the presence of such attacks. Unlike conventional approaches in the literature that solely rely on automatic ML models, our method begins by measuring congestion in each link. If abnormalities are detected, the ML model is then executed to identify whether it is an attack or not. By adopting this approach, we achieve optimized utilization of controller resources. Our proposed scheme will be implemented as an application at the application layer of the Ryu controller. Through our evaluation, we have demonstrated that this approach can efficiently optimize the process of measuring link performance, optimizing the utilization of SDN controller resources, and detecting DDoS and LFA.","PeriodicalId":115907,"journal":{"name":"Kafrelsheikh Journal of Information Sciences","volume":"12 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2023-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Cost-Efficient Method for Detecting and Mitigating DDOS Attacks in SDN Based Networks\",\"authors\":\"Alaa Allakany\",\"doi\":\"10.21608/kjis.2023.251235.1018\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Software-defined networks (SDN) provide a centralized administration programming interface for managing the network infrastructure. This new approach replaced traditional networks by establishing a flexible connection between the control and data planes, managing network operations through a centralized controller. As a result, prioritizing the security of the SDN controller becomes imperative in SDN networks. In the recent wave of distributed denial-of-service (DDoS) attacks, attackers have shifted their strategy from directly targeting the SDN controller to concentrating on specific links or area, causing disruptions in connectivity. This attack, known as Link-flooding attack (LFA), represent a novel form of DDoS attack. LFA targets the SDN control channel, which transmits control traffic from the SDN controller to switches, taking advantage of shared links in both control and data traffic paths. This sharing exposes a vulnerability that attackers can exploit to disrupt the control channel, using malicious data traffic to execute LFA. Considering the control channel's responsibility for granting centralized control to the controller over each network switch, it becomes relatively easy for an attacker to compromise all network functions. To handle this problem, in this paper, we develop a novel approach based on SDN designed for security solutions against DDoS and LFA. Our proposed scheme utilizes hop-by-hop network measurement to identify and capture abnormal link performance, enabling effective detection of such attacks. Subsequently, a Machine Learning (ML) model is employed to determine whether the congested links indicate the presence of such attacks. Unlike conventional approaches in the literature that solely rely on automatic ML models, our method begins by measuring congestion in each link. If abnormalities are detected, the ML model is then executed to identify whether it is an attack or not. By adopting this approach, we achieve optimized utilization of controller resources. Our proposed scheme will be implemented as an application at the application layer of the Ryu controller. Through our evaluation, we have demonstrated that this approach can efficiently optimize the process of measuring link performance, optimizing the utilization of SDN controller resources, and detecting DDoS and LFA.\",\"PeriodicalId\":115907,\"journal\":{\"name\":\"Kafrelsheikh Journal of Information Sciences\",\"volume\":\"12 1\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Kafrelsheikh Journal of Information Sciences\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.21608/kjis.2023.251235.1018\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Kafrelsheikh Journal of Information Sciences","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.21608/kjis.2023.251235.1018","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
摘要
软件定义网络(SDN)为管理网络基础设施提供了一个集中管理编程界面。这种新方法在控制平面和数据平面之间建立了灵活的连接,通过集中式控制器管理网络运行,从而取代了传统网络。因此,SDN 网络必须优先考虑 SDN 控制器的安全性。在最近的分布式拒绝服务(DDoS)攻击浪潮中,攻击者已将策略从直接针对 SDN 控制器转向集中攻击特定链路或区域,从而造成连接中断。这种攻击被称为链路泛洪攻击(LFA),是一种新型的 DDoS 攻击。LFA 针对的是 SDN 控制通道,该通道利用控制和数据流量路径中的共享链路,将控制流量从 SDN 控制器传输到交换机。这种共享暴露了一个漏洞,攻击者可以利用这个漏洞破坏控制通道,使用恶意数据流量执行 LFA。考虑到控制通道负责向控制器授予对每个网络交换机的集中控制,攻击者相对容易入侵所有网络功能。为解决这一问题,我们在本文中开发了一种基于 SDN 的新方法,旨在提供针对 DDoS 和 LFA 的安全解决方案。我们提出的方案利用逐跳网络测量来识别和捕获异常链路性能,从而有效检测此类攻击。随后,采用机器学习(ML)模型来确定拥塞链路是否表明存在此类攻击。与文献中仅依赖自动 ML 模型的传统方法不同,我们的方法首先测量每个链路的拥塞情况。如果检测到异常,则执行 ML 模型来确定是否是攻击。通过采用这种方法,我们实现了控制器资源的优化利用。我们提出的方案将作为 Ryu 控制器应用层的一个应用程序来实施。通过评估,我们证明这种方法可以有效优化测量链路性能、优化 SDN 控制器资源利用以及检测 DDoS 和 LFA 的过程。
Cost-Efficient Method for Detecting and Mitigating DDOS Attacks in SDN Based Networks
Software-defined networks (SDN) provide a centralized administration programming interface for managing the network infrastructure. This new approach replaced traditional networks by establishing a flexible connection between the control and data planes, managing network operations through a centralized controller. As a result, prioritizing the security of the SDN controller becomes imperative in SDN networks. In the recent wave of distributed denial-of-service (DDoS) attacks, attackers have shifted their strategy from directly targeting the SDN controller to concentrating on specific links or area, causing disruptions in connectivity. This attack, known as Link-flooding attack (LFA), represent a novel form of DDoS attack. LFA targets the SDN control channel, which transmits control traffic from the SDN controller to switches, taking advantage of shared links in both control and data traffic paths. This sharing exposes a vulnerability that attackers can exploit to disrupt the control channel, using malicious data traffic to execute LFA. Considering the control channel's responsibility for granting centralized control to the controller over each network switch, it becomes relatively easy for an attacker to compromise all network functions. To handle this problem, in this paper, we develop a novel approach based on SDN designed for security solutions against DDoS and LFA. Our proposed scheme utilizes hop-by-hop network measurement to identify and capture abnormal link performance, enabling effective detection of such attacks. Subsequently, a Machine Learning (ML) model is employed to determine whether the congested links indicate the presence of such attacks. Unlike conventional approaches in the literature that solely rely on automatic ML models, our method begins by measuring congestion in each link. If abnormalities are detected, the ML model is then executed to identify whether it is an attack or not. By adopting this approach, we achieve optimized utilization of controller resources. Our proposed scheme will be implemented as an application at the application layer of the Ryu controller. Through our evaluation, we have demonstrated that this approach can efficiently optimize the process of measuring link performance, optimizing the utilization of SDN controller resources, and detecting DDoS and LFA.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
