Generic placeholder image

International Journal of Sensors, Wireless Communications and Control

Editor-in-Chief

ISSN (Print): 2210-3279
ISSN (Online): 2210-3287

Research Article

Separating Monitoring from Control in SDN to Mitigate DDoS Attacks in Hybrid Clouds

Author(s): Tarek S. Sobh*

Volume 10, Issue 3, 2020

Page: [382 - 394] Pages: 13

DOI: 10.2174/2210327909666190515111119

Price: $65

Abstract

Background & Objective: Detecting and mitigating Distributed Denial of Service (DDoS) attacks is a serious problem. In addition, new features and network deployments such as Software- Defined Networking (SDN) may open the door for new threats that did not previously exist.

Recent publications and patent are reviewed to find new techniques developed for integrating different mechanisms to secure networks against DDoS.

Methods: This work presents a simple model for integrating different mechanisms to secure both SDN and legacy network in a hybrid cloud environment, it is called FocusON. It aims at mitigating DDoS attacks of a victim network. In addition, separating network monitoring from its control aims at mitigating DDoS attacks of a victim network. Traffic pattern analysis is apart from attack detection mechanism that gives a conceptual representation of a specific kind of DDoS attacks. DDoS detection is a completely automated process. Once called, for the reaction, the active response will be taken against the real IP source of the attacker.

The communication time overhead was tested in order to evaluate the remote server response time in case of deploying our proposed model mechanisms and without our proposed model.

Here we introduce a response mechanism that consists of an analysis of event logs, traffic patterns, and IP traceback. The proposed model categorizes the underlying network according to the location into a victim network and the source of attack (public cloud).

Results & Conclusion: The proposed model implemented in a hybrid cloud environment using the network of SDN and legacy network. The experimental setup was built using our network lab connected to the Amazon public cloud.

Keywords: Cloud computing, DDoS, legacy network, network security, SDN, traffic patterns.

Graphical Abstract
[1]
Niu HL. Novel PEECR based Clustering Routing Approach. Soft Comput 2017; 21(24): 7313-23.
[http://dx.doi.org/10.1007/s00500-016-2270-3]
[2]
Kreutz D, Ramos F, Verissimo P. Towards secure and dependable software-defined networks. Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software defined Networking. Hong Kong, China.
[3]
Giotis K, Argyropoulos G, Kalogeras D, Maglaris V. Combining openflow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments. Comput Netw 2014; 62: 122-36.
[http://dx.doi.org/10.1016/j.bjp.2013.10.014]
[4]
Fayaz SK, Tobioka Y, Sekar V. Flexible and elastic DDoS defense. Proceedings of the 24th USENIX Security Symposium. Washington, DC. 2015.
[5]
Zhang T, Zhang J. A kind of effective data aggregating method based on compressive sensing for wireless sensor network. EURASIP J Wirel Commun Netw 2018; 2018(159): 1-15.
[http://dx.doi.org/10.1186/s13638-018-1176-4]
[6]
Liu S. Novel unequal clustering routing protocol considering energy balancing based on network partition & distance for mobile education. J Netw Comput Appl 2017; 88(15): 1-9.
[7]
Zhou S. A low duty cycle efficient MAC protocol based on self-adaption and predictive strategy. Mob Netw Appl 2018; 23(4): 828-39.
[http://dx.doi.org/10.1007/s11036-017-0878-x]
[8]
Tarek SS, Elgohary A, Zaki M. Performance improvements on the network security protocols. Int J Netw Secur 2008; 6(1): 103-15.
[9]
Zhang T. Novel optimized link state routing protocol based on quantum genetic strategy for mobile learning. J Netw Comput Appl 2018; 2018(122): 37-49.
[http://dx.doi.org/10.1016/j.jnca.2018.07.018]
[10]
Subashini S, Kavitha V. A survey on security issues in service delivery models of cloud computing. J Netw Comput Appl 2011; 34: 1-11.
[http://dx.doi.org/10.1016/j.jnca.2010.07.006]
[11]
Dhawan M, Poddar R, Mahajan K. SPHINX: Detecting security attacks in software-defined networks. Proceedings of the 2015 Network and Distributed System Security (NDSS) Symposium, San Diego, California, USA..
[12]
Lochan VB, Gupta NK. Dynamic business model outsourcing for data integrity in clouds. Int J Curr Eng Technol 2015; 5(2): 935-41.
[13]
Wang B, Zheng Y, Lou W, Hou YT. DDoS attack protection in the era of cloud computing and software-defined networking. Comput Netw 2015; 81: 308-19.
[http://dx.doi.org/10.1016/j.comnet.2015.02.026]
[14]
Rebecchi F, Boite J, Nardin P, Bouet M, Conan V. Traffic monitoring and DDoS detection using stateful SDN Network Softwarization (NetSoft). 2017 IEEE Conference on IEEE, Bologna, Italy..
[15]
Farag IA, Shouman MA, Sobh TS, El-Fiqi HZ. Intelligent system for worm detection. Int Arab J E-Technol 2009; 1: 58-67.
[16]
Chen CC, Chen YR, Lu WC, Tsai SC, Yang MC. Detecting amplification attacks with software defined networking.2017 IEEE Conference on Dependable and Secure Computing. Taipei, Taiwan.
[17]
Chen C, Cui YY. New method of energy efficient subcarrier allocation based on evolutionary game theory. Mob Netw Appl 2018; 2018: 9.
[18]
D’Cruze H, Wang P, Sbeit RO, Ray A. A Software-Defined Networking (SDN) approach to mitigating DDoS attacks information technology - New generation’s advances in intelligent systems and computing. Cham: Springer 2018; Vol. 558.
[19]
Aljifri H, Smets M, Pons AIP. Traceback using header compression. Comput Secur 2013; 22(2): 136-51.
[http://dx.doi.org/10.1016/S0167-4048(03)00212-8]
[20]
Zhang D, Ge H. New multi-hop clustering algorithm for vehicular Ad Hoc networks. IEEE Trans Intell Transp Syst 2018; 2018: 7.
[21]
Liu S. Dynamic Analysis for the Average Shortest Path Length of Mobile Ad Hoc Networks under Random Failure Scenarios. IEEE Access 2019; 1.
[http://dx.doi.org/10.1109/ACCESS.2019.2896699]
[22]
Gao J. Novel approach of distributed & adaptive trust metrics for MANET. Wirel Netw 2019; 2019: 1.
[23]
Shin S, Porras P, Yegneswaran V, Fong M, Gu G, Tyson M. FRESCO: Modular composable security services for soft-ware-defined networks. Proceedings of the 20th Annual Network Distributed System Security Symposium (NDSS’13). San Diego, CA, USA. 2013.
[24]
Shin S, Yegneswaran V, Porras P, Gu G. AVANT-GUARD: Scalable and vigilant switch flow management in software-defined networks. CCS '13 Proceedings of the 2013 ACM SIGSAC conference on computer communications security, Berlin, Germany..
[25]
Shin S, Gu G. Attacking software-defined networks: A first feasibility study. Proceedings of the second ACM SIGCOMM workshop on hot topics in software defined networking. Hong Kong, China. 2013.
[26]
Liu J, Lai Y, Zhang S. FL-GUARD: A detection and defense system for DDoS Attack International Conference on Cryptography, Security and Privacy. ICCSP '17: Proceedings of the 2017. International Conference on Cryptography, Security and Privacy.
[27]
François J, Dolberg L, Festor O, Engel T. Network security through software defined networking: A survey. Conference on Principles, Systems and Applications of IP Telecommunications (IPTComm).
[http://dx.doi.org/10.1145/2670386.2670390]
[28]
Porras P, Shin S, Yegneswaran V, Fong M, Tyson M, Gu G. Security enforcement kernel for openflow networks. HotSDN’12 Proceedings of the first workshop on Hot topics in software defined networks, Helsinki, Finland, 2012.
[29]
Kazemian P, Varghese G, McKeown N. Header space analysis: Static checking for networks. Proceedings of the 9th USENIX Symposium on Networked Systems Design and Implementation (NSDI’12). San Jose, CA, USA.
[30]
Kazemian P, Chang M, Zeng H, Varghese G, McKeown N, Whyte S. Real time network policy checking using header space analysis. Proceedings of the 10th USENIX Symposium on Networked Systems Design and Implementation (NSDI’13), Lombard, IL (near Chicago), USA..
[31]
Khurshid A, Zou X, Zhou W, Caesar M, Godfrey PB. VeriFlow: Verifying Network-wide Invariants in Real Time. USENIX, Chicago, IL, Illinois..
[32]
Hong S, Xu L, Wang H, Gu G. Chapter 8.2.2 of the book “Network security: Current status and future direction. Copyright © 2007 by the Institute of Electrical and Electronics Engineers, Inc All rights reserved. Published by John Wiley Sons, Inc., Published simultaneously in Canada, 2007.
[33]
Douligeris C, Serpanos DN. Chapter 8.2.2 of the book “Network Security: Current Status and Future DirectionCopyright © 2007 by the Institute of Electrical and Electronics Engineers, Inc All rights reserved. Published by John Wiley Sons, Inc., Published simultaneously in Canada, 2007.
[34]
Iyer S. Traffic grooming with survivability and power-efficiency in software defined elastic optical networks. J Opt 2018; 47(3): 351-65.
[http://dx.doi.org/10.1007/s12596-018-0469-7]
[35]
Kollar D, Friedman N. Probabilistic Graphical Models: Princi-ples and Techniques. London, Massachusetts, England: The MIT Press Cambridge 2009.
[36]
Chow C, Liu C. Approximating discrete probability distributions with dependence trees. IEEE Trans Inf Theory 1968; 14(3): 462-7.
[37]
Murphy KP. Machine Learning: A Probabilistic Perspective the MIT Press 2012.
[38]
Steimer A, Zubler F, Schindler K. Chow-Liu trees are sufficient predictive models for reproducing key features of functional networks of periictal EEG time-series. Neuroimage 2015; 118: 520-37.
[http://dx.doi.org/10.1016/j.neuroimage.2015.05.089] [PMID: 26070267]
[39]
Lantz B, Heller B, McKeown N. A network in a laptop: Rapid prototyping for software-defined networks. 9th ACM SIGCOMM Workshop on Hot Topics in Networks Monterey. California, USA. 2010.
[40]
Open Source Controller for Building Software-Defined Networks; 2016. Available at. http://www.projectfloodlight.org

Rights & Permissions Print Cite
© 2024 Bentham Science Publishers | Privacy Policy