DDoS Attack in Software Defined Networks: A Survey

doi:10.3969/j.issn.1673-5188.2017.03.003

ZTE Communications ›› 2017, Vol. 15 ›› Issue (3): 13-19.DOI: 10.3969/j.issn.1673-5188.2017.03.003

• Special Topic • Previous Articles Next Articles

DDoS Attack in Software Defined Networks: A Survey

XU Xiaoqiong, YU Hongfang, YANG Kun

School of Communication & Information Engineering, University of Electronic Science and Technology of China, Chengdu 611731, China

Received:2017-06-03 Online:2017-08-25 Published:2019-12-24
About author:XU Xiaoqiong (xiaoqiongxu@std.uestc.edu.cn) is currently a Ph.D. student in University of Electronic Science and Technology of China, China. Her research interests include software defined networking and cloud computing.|YU Hongfang (yuhf@uestc.edu.cn) received her B.Sc. degree in electrical engineering in 1996 from Xidian University, China her M.Sc. degree and Ph.D. degree in communication and information engineering in 1999 and 2006 from University of Electronic Science and Technology of China, respectively. From 2009 to 2010, she was a visiting scholar at the Department of Computer Science and Engineering, University at Buffalo (SUNY), USA. Her research interests include network survivability and next generation Internet, and cloud computing.|YANG Kun（kunyang@uestc.edu.cn）received his Ph.D. from the Department of Electronic & Electrical Engineering of University College London (UCL), UK, and M.Sc. and B.Sc. from the Computer Science Department of Jilin University, China. He is currently a Chair Professor in the School of Computer Science & Electronic Engineering, University of Essex, leading the Network Convergence Laboratory (NCL), UK. He is also an affiliated professor at University of Electronic Science and Technology of China, China. Before joining in University of Essex at 2003, he worked at UCL on several European Union (EU) research projects for several years. His main research interests include wireless networks and communications, future Internet technology and network virtualization, mobile cloud computing. He manages research projects funded by various sources such as UK EPSRC, EU FP7/H2020 and industries. He has published 100+ journal papers. He serves on the editorial boards of both IEEE and non-IEEE journals. He is a senior member of IEEE (since 2008) and a Fellow of IET (since 2009).
Supported by:
This work is supported in part by the “973” Program of China under Grant(No. 2013CB329103);the National Natural Science Foundation of China under Grant(No. 61271171);the National Natural Science Foundation of China under Grant(No. 61401070);National Key Research and Development Program of China(No. 2016YFB0800105);the “863” Program of China under Grant(No. 2015AA015702);the “863” Program of China under Grant(No. 2015AA016102)

Abstract

Abstract:

Distributed Denial of Service (DDoS) attacks have been one of the most destructive threats to Internet security. By decoupling the network control and data plane, software defined networking (SDN) offers a flexible network management paradigm to solve DDoS attack in traditional networks. However, the centralized nature of SDN is also a potential vulnerability for DDoS attack. In this paper, we first provide some SDN-supported mechanisms against DDoS attack in traditional networks. A systematic review of various SDN-self DDoS threats are then presented as well as the existing literatures on quickly DDoS detection and defense in SDN. Finally, some promising research directions in this field are introduced.

Key words: software defined networks, SDN security, DDoS, detection method, defense mechanism

XU Xiaoqiong, YU Hongfang, YANG Kun. DDoS Attack in Software Defined Networks: A Survey[J]. ZTE Communications, 2017, 15(3): 13-19.

Figures/Tables 3

References 45

[1]	S. Stuart , “Akamai releases prolexic Q2 2014 global DDoS attack report,” Database & Network Journal, vlo. 44, no. 4, Aug. 2014. DOI URL PMID
[2]	C. Jin, H. Wang, K. G. Shin , “Hop-count ﬁltering: an effective defense against spoofed DDoS trafﬁc,” in Proc. ACM Conference on Computer and Communications Security( CCS 03), Washington, USA, Oct. 2003.
[3]	Z. S. Taghavi, J. Joshi, D. Tipper , “A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks,” IEEE Communications Surveys & Tutorials, vol. 15, no. 4, pp. 2046-2069, 2013. doi: 10.1109/SURV.2013.031413.00127. DOI URL PMID
[4]	Q. Liao, D. A. Cieslak, A. D. Striegel, N. V. Chawla , “Using selective, short-term memory to improve resilience against DDoS exhaustion attacks,” Security and Communication Networks, vol. 1, no. 4, pp. 287-299,2008. doi: 10.1002/sec.22. DOI URL
[5]	H. Jiang, S. Chen, H. Hu, M. Zhang , “Superpoint-based detection against distributed denial of service (DDoS) flooding attacks,” in IEEE International Workshop on Local and Metropolitan Area Networks, Beijing, China, 2015, pp. 1-6. doi: 10.1109/LANMAN.2015.7114724.
[6]	Z. Tan, A. Jamdagni, X. He , et al., “Detection of denial-of-service attacks based on computer vision techniques,” IEEE Transactions on Computers, vo. 64, no. 9, pp. 2519-2533, 2015. doi: 10.1109/TC.2014.2375218. DOI URL
[7]	Z. Tan, A. Jamdagni, X. He, P. Nanda, R. P. Liu , “A system for denial-of-service attack detection based on multivariate correlation analysis,” IEEE Transactions on Parallel & Distributed Systems, vol. 25, no. 2, pp. 447-456, 2014. doi: 10.1109/TPDS.2013.146. DOI URL PMID
[8]	P. Xiao, W. Qu, H. Qi, Z. Li , “Detecting DDoS attacks against data center with correlation analysis,” Computer Communications, vol. 67, no. C, pp. 66-74, 2015. doi: 10.1016/j.comcom.2015.06.012. DOI URL
[9]	N. McKeown, T. Anderson, H. Balakrishnan , et al., “OpenFlow: enabling innovation in campus networks,” ACM SIGCOMM Computer Communication Review, vol. 38, no. 2, pp. 69-74, 2008. doi: 10.1145/1355734.1355746
[10]	M. Antikainen, T. Aura, M. Särelä , “Spook in your network: attacking an SDN with a compromised OpenFlow switch,” in Proc. 19th Nordic Conference on Secure IT Systems (NordSec14), Tromsø, Norway, Oct. 2014. doi: 10.1007/978-3-319-11599-3_14.
[11]	D. Kreutz, F. M. Ramos, P. Verissimo , “Towards secure and dependable software-defined networks,” in Proc. Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, ser. HotSDN ’13. New York, USA, 2013, pp. 55-60. doi: 10.1145/2491185.2491199.
[12]	X. Yang and Y. Liu , “DDoS attack detection under SDN context,” in Proc. IEEE International Conference on Computer Communications IEEE(INFOCOM16), San Francisco, USA, 2016. doi: 10.1109/INFOCOM.2016.7524500.
[13]	B. Chaitanya and N. Medhi, “FlowTrApp: an SDN based architecture for DDoS attack detection and mitigation in data centers,” in Proc. 3rd International Conference on Signal Processing and Integrated Networks, Noida, India, 2016. doi: 10.1109/SPIN.2016.7566750.
[14]	S. Shin and G. Gu, “CloudWatcher: network security monitoring using OpenFlow in dynamic cloud networks,” in IEEE International Conference on Network Protocols, Austin, USA, 2012, pp. 1-6. doi: 10.1109/ICNP.2012.6459946.
[15]	S. K. Fayaz, Y. Tobioka, V. Sekar, M. Bailey , “Bohatei: flexible and elastic DDoS defense,” in 24th Usenix Conference on Security Symposium, Washington, D. C., USA, 2015, pp. 817-832.
[16]	C. Lorenz, D. Hock, J. Scherer, et al., “An SDN/NFV-enabled enterprise network architecture offering fine-grained security policy enforcement, ” IEEE Communications Magazine , 2017, vol. 55, no. 3, pp. 217-223. doi: 10.1109/MCOM.2017.1600414CM. DOI URL
[17]	R. Sahay , et al. “Towards Autonomic DDoS Mitigation using Software Defined Networking.” NDSS Workshop on Security of Emerging networking Technologies, 2015. doi: 10.14722/sent.2015.23004.
[18]	M. Jarschel, T. Zinner, T. Hossfeld, P. Tran-Gia, W. Kellerer , “Interfaces, attributes, and use cases: a compass for SDN,” IEEE Communications Magazine, vol. 52, no. 6, pp. 210-217, 2014. doi: 10.1109/MCOM.2014.6829966.
[19]	Q. Duan, N. Ansari, M. Toy . “Software-defined network virtualization: an architectural framework for integrating SDN and NFV for service provisioning in future networks,” IEEE Network, vol. 30, no. 5, pp. 10-16, 2016. doi: 10.1109/MNET.2016.7579021.
[20]	S. Shin and G. Gu , “Attacking software-deﬁned networks: a ﬁrst feasibility study,” in ACM SIGCOMM Workshop Hot Topics Software Deﬁned Network (HotSDN13), Hong Kong, China, 2013, pp. 165-166.
[21]	A. Wang, Y. Guo, F. Hao, T. V. Lakshman, S. Chen , “Scotch: elastically scaling up SDN control-plane using vSwitch based overlay,” in ACM International Conference on Emerging NETWORKING Experiments and Technologies, Sydney, Australia, 2014, pp. 403-414. doi: 10.1145/2674005.2675002.
[22]	N. Katta, O. Alipourfard, J. Rexford, D. Walker, “CacheFlow: dependency-aware rule-caching for software-defined networks, ” in ACM Symposium on SDN Research, Santa Clara, USA, 2016, article no. 6. doi: 10.1145/2890955.2890969.
[23]	Q. Yan, F. R. Yu, Q. Gong, J. Li , “Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: a survey, some research issues, and challenges,” IEEE Communications Surveys & Tutorials, vol. 18, no. 1, pp. 602-622, 2016. doi: 10.1109/COMST.2015.2487361. DOI URL PMID
[24]	S. M. Mousavi and M. St-Hilaire . “Early detection of DDoS attacks against SDN controllers,” in Proc. IEEE International Conference on Computing, Networking and Communications, Anaheim, USA, 2015, pp. 77-81. doi: 10.1109/ICCNC.2015.7069319.
[25]	P. Dong, X. Du, H. Zhang, T. Xu , “A detection method for a novel DDoS attack against SDN controllers by vast new low-traffic flows,” IEEE International Conference on Communications, Kuala Lumpur, Malaysia, 2016, pp. 1-6. doi: 10.1109/ICC.2016.7510992.
[26]	R. Braga, E. Mota, A. Passito , “Lightweight DDoS flooding attack detection using NOX/OpenFlow,” in 35th Annual IEEE Conference on Local Computer Networks, Denver, USA, 2011, pp. 408-415. doi: 10.1109/LCN.2010.5735752.
[27]	K. Giotis, C. Argyropoulos, G. Androulidakis, D. Kalogeras, V. Maglaris , “Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments,” Computer Networks, vol. 62, no. 5, pp. 122-136, 2014. doi: 10.1016/j.bjp.2013.10.014. DOI URL
[28]	R. T. Kokila, S. T. Selvi, K. Govindarajan , “DDoS detection and analysis in SDN-based environment using support vector machine classifier,” in Proc. IEEE Sixth International Conference on Advanced Computing, Chennai, India, 2015. doi: 10.1109/ICoAC.2014.7229711.
[29]	L. Barki, A. Shidling, N. Meti , “Detection of distributed denial of service attacks in software defined networks,” in Proc. IEEE International Conference on Advances in Computing, Communications and Informatics (ICACCI), Jaipur, India, 2016, pp. 2576-2581. doi: 10.1109/ICACCI.2016.7732445.
[30]	R. Wang, Z. Jia, L. Ju , “An entropy-based distributed DDoS detection mechanism in software-defined networking,” IEEE Trustcom/BigDataSE/ISPA, Helsinki, Finland, 2015, pp. 310-317. doi: 10.1109/Trustcom.2015.389.
[31]	B. Wang, Y. Zheng, W. Lou, Y. T. Hou , “DDoS attack protection in the era of cloud computing and software-defined networking,” Computer Networks, vol. 81, pp. 308-319, 2015. doi: 10.1109/ICNP.2014.99. DOI URL
[32]	M. Dhawan, R. Poddar, K. Mahajan, V. Mann , “SPHINX: detecting security attacks in software-defined networks,” in Network and Distributed System Security Symposium, San Diego, USA, 2015. doi: 10.14722/ndss.2015.23064.
[33]	S. Ostermann, B. Tjaden, M. Ramadas , “Detecting anamalous network traffic with self-organizing maps,” in Proc. 6th International Workshop on Recent Advances in Intrusion Detection, Pittsburgh, USA, 2003, pp. 36-54. doi: 10.1007/978-3-540-45248-5_3.
[34]	T. Ha, S. Yoon, A. C. Risdianto, J. Kim, H. Lim , “Suspicious flow forwarding for multiple intrusion detection systems on software defined networks,” IEEE Network, vol. 30, pp. 6, pp. 22-27, 2016. doi: 10.1109/MNET.2016.1600106NM.
[35]	N. N. Dao, J. Park, M. Park, S. Cho , “A feasible method to combat against DDoS attack in SDN network,” in International Conference on Information Networking, Cambodia, Cambodia, 2015, pp. 309-311. doi: 10.1109/ICOIN.2015.7057902.
[36]	O. I. Abdullaziz, Y.-J. Chen and L.-C. Wang , “Lightweight authentication mechanism for software defined network using information hiding,” in IEEE Global Communications Conference (GLOBECOM), Washington, D.C., USA, 2016. doi: 10.1109/GLOCOM.2016.7841954.
[37]	M. Kuerban, Y. Tian, Q. Yang , et al., “FlowSec: DOS attack mitigation strategy on SDN controller,” in IEEE International Conference on Networking, Architecture and Storage, Long Beach, USA, 2016, pp. 1-2. doi: 10.1109/NAS.2016.7549402.
[38]	P. Zhang, H. Wang, C. Hu, C. Lin , “On denial of service attacks in software defined networks,” IEEE Network Magazine, vol. 30, no. 6, pp. 28-33, 2016. doi: 10.1109/MNET.2016.1600109NM.
[39]	L. Wei and C. Fung , “FlowRanger: a request prioritizing algorithm for controller DoS attacks in software defined networks,” in IEEE International Conference on Communications, London, UK, 2015, pp. 5254-5259. doi: 10.1109/ICC.2015.7249158.
[40]	H. Wang, L. Xu, G. Gu . “FloodGuard: a DoS attack prevention extension in software-defined networks,” in 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, Rio de Janeiro, Brazil, 2015, pp. 239-250. doi: 10.1109/DSN.2015.27.
[41]	K. Chen, A. R. Junuthula, I. K. Siddhrau, Y. Xu, H. J. Chao , “SDNShield: towards more comprehensive defense against DDoS attacks on SDN control plane,” in Proc. IEEE Conference on Communications and Network Security (CNS), Philadelphia, USA, 2016. doi: 10.1109/TPDS.2013.146.
[42]	S. Shin, V. Yegneswaran, P. Porras, G. Gu , “AVANT-GUARD: scalable and vigilant switch flow management in software-defined networks,” in ACM Sigsac Conference on Computer & Communications Security, Berlin, Germany, 2013, pp. 413-424. doi: 10.1145/2508859.2516684.
[43]	L. Dridi and M. F. Zhani , “SDN-guard: DoS attacks mitigation in SDN networks,” in IEEE International Conference on Cloud Networking IEEE, Pisa, Italy, 2016. doi: 10.1109/CloudNet.2016.9.
[44]	S. Gao, Z. Peng, B. Xiao, A. Hu, K. Ren , “FloodDefender: protecting data and control plane resources under SDN-aimed DoS attacks,” in Proc. IEEE International Conference on Computer Communications (INFOCOM), Atlanta, USA, 2017, pp. 1-9.
[45]	S. Shin, P. Porras, V. Yegneswaran , et al., “FRESCO: modular composable security services for software defined networks,” In Proc. Network & Distributed Security Symposium, San Diego, USA, 2013, pp. 319-332.

SDN-supported	Solution	SDN capabilities exploited	Description
DDoS Detection	Sequential& concurrent method [12]	Global monitoring	Scaling the range of detected IP addresses
	FlowTrApp [13]	Traffic analysis	Using some bounds on two per flow based traffic parameters
	CloudWatcher [14]	Programmability	Protect network by writing a simple policy script
DDoS Defense	SDN/NFV security policy [15], [16]	Centralized-control or programmability	Combining SDN and NFV
DDoS Defense	Collaborative framework [17]	Centralized-control or programmability	A self-management scheme

SDN-supported	Solution	SDN capabilities exploited	Description
DDoS Detection	Sequential& concurrent method [12]	Global monitoring	Scaling the range of detected IP addresses
	FlowTrApp [13]	Traffic analysis	Using some bounds on two per flow based traffic parameters
	CloudWatcher [14]	Programmability	Protect network by writing a simple policy script
DDoS Defense	SDN/NFV security policy [15], [16]	Centralized-control or programmability	Combining SDN and NFV
DDoS Defense	Collaborative framework [17]	Centralized-control or programmability	A self-management scheme

Defense techniques	DDoS treats
Defense techniques	Switch overload	Channel congestion	Controller resource saturation
IP filtering [35]	√
Scotch [21]	√
Lightweight [36]		√
FlowSec [37]		√
FloodDefender [44]	√	√	√
MLFQ [38]			√
FRESCO [45]	√	√	√
FloodGuard [40]			√
FlowRanger [39]			√
Avant-Guard [42]			√
SDNShield [41]			√
SDN-Guard [43]	√	√	√

Defense techniques	DDoS treats
Defense techniques	Switch overload	Channel congestion	Controller resource saturation
IP filtering [35]	√
Scotch [21]	√
Lightweight [36]		√
FlowSec [37]		√
FloodDefender [44]	√	√	√
MLFQ [38]			√
FRESCO [45]	√	√	√
FloodGuard [40]			√
FlowRanger [39]			√
Avant-Guard [42]			√
SDNShield [41]			√
SDN-Guard [43]	√	√	√

DDoS Attack in Software Defined Networks: A Survey

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 3

References 45

Related Articles 3

Recommended Articles

Metrics

[1]	JIA Min, SHU Yuejie, GUO Qing, GAO Zihe, XIE Suofei. DDoS Attack Detection Method for Space-Based Network Based on SDN Architecture [J]. ZTE Communications, 2020, 18(4): 18-25.
[2]	Zhi Liu, Xiang Wang, and Jun Li. From CIA to PDR:A Top-Down Survey of SDN Security for Cloud DCN [J]. ZTE Communications, 2016, 14(1): 54-60.
[3]	Lianming Zhang, Jia Liu, and Kun Yang. VirtualizedWireless SDNs: Modelling Delay Through the Use of Stochastic Network Calculus [J]. ZTE Communications, 2014, 12(2): 50-56.