UDM: NFV-based prevention mechanism against DDoS attack on SDN controller

被引：0

作者：

Qian H. ^{[1
]}

Xue H. ^{[1
]}

Chen M. ^{[1
]}

机构：

[1] College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, Nanjing

来源：

Tongxin Xuebao/Journal on Communications | 2019年 / 40卷 / 03期

基金：

中国国家自然科学基金;

关键词：

Controller security; DDoS attack; SDN and NFV; Upfront detection middlebox;

D O I：

10.11959/j.issn.1000-436x.2019067

中图分类号：

学科分类号：

摘要：

DDoS attack extensively existed have been mortal threats for the software-defined networking (SDN) controllers and there is no any security mechanism which can prevent them yet. Combining SDN and network function virtualization (NFV), a novel preventing mechanism against DDoS attacks on SDN controller called upfront detection middlebox (UDM) was proposed. The upfront detection middlebox was deployed between SDN switch interfaces and user hosts distributed, and DDoS attack packets were detected and denied. An NFV-based method of implementing the upfront middlebox was put forward, which made the UDM mechanism be economical and effective. A prototype system based on this mechanism was implemented and lots experiments were tested. The experimental results show that the UDM mechanism based on NFV can real-time and effectively detect and prevent against DDoS attacks on SDN controllers. © 2019, Editorial Board of Journal on Communications. All right reserved.

引用

页码：116 / 124

页数：8

共 18 条

[1] Mckeown N., Anderson T., Balakrishnan H., Et al., OpenFlow: enabling innovation in campus networks, ACM SIGCOMM Computer Communication Review, 38, 2, pp. 69-74, (2008)
[2] Mijumbi R., Serrat J., Gorricho J.L., Et al., Network function virtualization: state-of-the-art and research challenges, IEEE Communications Surveys & Tutorials, 18, 1, pp. 236-262, (2017)
[3] Tootoonchian A., Gorbunov S., Sherwood R., Et al., On controller performance in software-defined networks, Usenix Conference on Hot Topics in Management of Internet, Cloud, and Enterprise Networks and Services, (2012)
[4] Jarschel M., Oechsner S., Schlosser D., Et al., Modeling and performance evaluation of an OpenFlow architecture, Teletraffic Congress, pp. 1-7, (2011)
[5] Zhang P., Wang H., Hu C., Et al., On denial of service attacks in software defined networks, IEEE Network, 30, 6, pp. 28-33, (2016)
[6] Shin S., Yegneswaran V., Porras P., Et al., AVANT-GUARD: scalable and vigilant switch flow management in software-defined net-works, ACM Sigsac Conference on Computer & Communications Security, pp. 413-424, (2013)
[7] Wang H., Xu L., Gu G., FloodGuard: a DoS attack prevention extension in software-defined networks, IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 239-250, (2015)
[8] Keromytis A.D., Misra V., Rubenstein D., SOS: secure overlay services, ACM SIGCOMM '02 Conference, pp. 61-72, (2002)
[9] Zhou L., Guo H., Applying NFV/SDN in mitigating DDoS attacks, 2017 IEEE Region 10 Conference, pp. 2061-2066, (2017)
[10] Fung C.J., Mccormick B., VGuard: a distributed denial of service attack mitigation method using network function virtualization, International Conference on Network and Service Management, pp. 64-70, (2015)

← 1 2 →