Reducing the effects of DoS attacks in software defined networks using parallel flow installation

Autor: Abdelouahid Derhab, Muhammad Imran, Farrukh Aslam Khan, Muhammad Hanif Durad
Rok vydání: 2019
Předmět:
Zdroj: Human-Centric Computing and Information Sciences, Vol 9, Iss 1, Pp 1-19 (2019)
ISSN: 2192-1962
DOI: 10.1186/s13673-019-0176-7
Popis: Software defined networking (SDN) is becoming more and more popular due to its key features, such as monitoring, fine-grained control, flexibility and scalability. The centralized control of SDN makes it vulnerable to various types of attacks, e.g., flooding, spoofing, and denial of service (DoS). Among these attacks, DoS attack has the most severe impact because it degrades the performance of the SDN by overloading its different components, i.e., controller, switch, and control channel. This impact becomes more prominent in SDNs having fine-grained control over traffic for monitoring and management purposes, where large numbers of flow rules are installed. Existing approaches handle DoS attacks in SDN either by dropping malicious packets or by aggregating flow rules, resulting in a legitimate packet drop or loss of fine-grained control over network traffic. In this paper, a parallel flow installation approach is proposed to reduce the effects of DoS attacks, without losing the monitoring capability and fine-grained control over network traffic. The proposed approach installs flow rules in all switches along the path from the source to the destination on a single request from the source; resulting in a considerable reduction of control channel traffic and controller’s utilization. The proposed approach is evaluated by comparing it with the basic SDN controller. The simulation results show that the proposed approach increases the SDN performance in terms of CPU utilization, response time, flow requests, and control channel bandwidth.
Databáze: OpenAIRE