Reducing the effects of DoS attacks in software defined networks using parallel flow installation
Autor: | Abdelouahid Derhab, Muhammad Imran, Farrukh Aslam Khan, Muhammad Hanif Durad |
---|---|
Rok vydání: | 2019 |
Předmět: |
Spoofing attack
General Computer Science Computer science CPU time Denial-of-service attack 02 engineering and technology lcsh:QA75.5-76.95 Software defined networking Control channel Fine-grained control lcsh:Information theory 0202 electrical engineering electronic engineering information engineering Parallel flow installation business.industry Network packet 020206 networking & telecommunications lcsh:Q350-390 Flooding (computer networking) Denial of service attacks Scalability DoS mitigation 020201 artificial intelligence & image processing lcsh:Electronic computers. Computer science business Software-defined networking Computer network |
Zdroj: | Human-Centric Computing and Information Sciences, Vol 9, Iss 1, Pp 1-19 (2019) |
ISSN: | 2192-1962 |
DOI: | 10.1186/s13673-019-0176-7 |
Popis: | Software defined networking (SDN) is becoming more and more popular due to its key features, such as monitoring, fine-grained control, flexibility and scalability. The centralized control of SDN makes it vulnerable to various types of attacks, e.g., flooding, spoofing, and denial of service (DoS). Among these attacks, DoS attack has the most severe impact because it degrades the performance of the SDN by overloading its different components, i.e., controller, switch, and control channel. This impact becomes more prominent in SDNs having fine-grained control over traffic for monitoring and management purposes, where large numbers of flow rules are installed. Existing approaches handle DoS attacks in SDN either by dropping malicious packets or by aggregating flow rules, resulting in a legitimate packet drop or loss of fine-grained control over network traffic. In this paper, a parallel flow installation approach is proposed to reduce the effects of DoS attacks, without losing the monitoring capability and fine-grained control over network traffic. The proposed approach installs flow rules in all switches along the path from the source to the destination on a single request from the source; resulting in a considerable reduction of control channel traffic and controller’s utilization. The proposed approach is evaluated by comparing it with the basic SDN controller. The simulation results show that the proposed approach increases the SDN performance in terms of CPU utilization, response time, flow requests, and control channel bandwidth. |
Databáze: | OpenAIRE |
Externí odkaz: |