KSII Transactions on Internet and Information Systems (TIIS)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

An SDN based hopping multicast communication against DoS attack

  • Zhao, Zheng (Zhengzhou Science and Technology Institute) ;
  • Liu, Fenlin (Zhengzhou Science and Technology Institute) ;
  • Gong, Daofu (Zhengzhou Science and Technology Institute)
  • Received : 2016.09.20
  • Accepted : 2017.01.03
  • Published : 2017.04.30
Download PDF
⟨ Previous Next ⟩

Abstract

Multicast communication has been widely used in the Internet. However, multicast communication is vulnerable to DoS attack due to static router configuration. In this paper, HMC, a hopping multicast communication method based on SDN, is proposed to tackle this problem. HMC changes the multicast tree periodically and makes it difficult for the attackers to launch an accurate attack. It also decreases the probability of multicast communication being attacked by DoS and in the meanwhile, the QoS constrains are not violated. In this research, the routing problem of HMC is proven to be NP-complete and a heuristic algorithm is proposed to solve it. Experiments show that HMC has the ability to resist DoS attack on multicast route effectively. Theoretically, the multicast compromised probability can drop more than 0.6 when HMC is adopt. In addition, experiments demonstrate that HMC achieves shorter average multicast delay and better robustness compared with traditional method, and more importantly, it better defends DoS attack.

Keywords

Acknowledgement

Supported by : National Natural Science Foundation of China, Central Universities

References

  1. Studer, A. and A. Perrig, "The coremelt attack," Computer Security-ESORICS 2009, Springer. pp. 37-52, 2009.
  2. Kang, M.S., S.B. Lee, and V.D. Gligor, "The Crossfire Attack," in Proc. of IEEE Symposium on Security and Privacy, pp, 127-141, 2013.
  3. Athreya, A.P., X. Wang, Y.S. Kim, Y. Tian, and P. Tague, "Resistance Is Not Futile: Detecting DDoS Attacks without Packet Inspection," in Proc. of Information Security Applications: 14th International Workshop , pp. 19-21, 2013.
  4. Gkounis, D., V. Kotronis, and X. Dimitropoulos, "Towards Defeating the Crossfire Attack using SDN," arXiv preprint, arXiv:1412.2013, 2014.
  5. Xue, L., X. Luo, E.W.W. Chan, and X. Zhan. "Towards detecting target link flooding attack," in Proc. of Usenix Conference on Large Installation System Administration, pp. 81-96, 2014.
  6. Lee, S.B. and V.D. Gligor, "FLoc: Dependable Link Access for Legitimate Traffic in Flooding Attacks," in Proc. of IEEE International Conference on Distributed Computing Systems, pp. 327-338, 2010.
  7. National Cyber Leap Year Summit 2009 co-chairs' report, "Networking and information technology research and development," Technical report, Sept. 2009.
  8. Cyberspace, T., "Strategic Plan for the Federal Cybersecurity Research and Development Program," Executive Office of the President National Science and Technology Council, 2011.
  9. Jajodia, S., A.K. Ghosh, V. Swarup, C. Wang, and X.S. Wang, "Moving target defense: creating asymmetric uncertainty for cyber threats," Springer Science & Business Media, vol. 54, 2011.
  10. Al-Shaer, E., "Toward Network Configuration Randomization for Moving Target Defense," Springer NewYork, pp. 153-159, 2011.
  11. McKeown, N., "Software-defined networking," INFOCOM keynote talk 2009, vol. 17, no. 2, pp. 30-32, 2009.
  12. Iyer, A., P. Kumar, and V. Mann. "Avalanche: Data center Multicast using software defined networking," in Proc. of Sixth International Conference on Communication Systems and Networks, pp. 1-8, 2014.
  13. Craig, A., B. Nandy, I. Lambadaris, and P. Ashwood-Smith, "Load balancing for multicast traffic in SDN using real-time link cost modification," in Proc. of IEEE International Conference on Communications, pp. 5789-5795, 2015.
  14. Zhang, S.Q., Q. Zhang, H. Bannazadeh, and A. Leon-Garcia, "Routing Algorithms for Network Function Virtualization Enabled Multicast Topology on SDN," IEEE Transactions on Network & Service Management, vol., 12, no.4, pp. 580-594, 2015. https://doi.org/10.1109/TNSM.2015.2465371
  15. Shen, S.H., L.H. Huang, D.N. Yang, and W.T. Chen, "Reliable multicast routing for software-defined networks," pp. 181-189, 2015.
  16. Zou, J., G. Shou, Z. Guo, and Y. Hu, "Design and implementation of secure multicast based on SDN," in Proc. of Broadband Network & Multimedia Technology (IC-BNMT), in 5th IEEE International Conference, pp. 124-128, 2013.
  17. Pfeiffenberger, T., J.L. Du, P.B. Arruda, and A. Anzaloni, "Reliable and flexible communications for power systems: Fault-tolerant multicast with SDN/OpenFlow," in Proc. of International Conference on New Technologies, Mobility and Security, pp. 1-6, 2015.
  18. Huang K, C.Y., Lan J, H, jia, "Random Tree Multicast Communications in Reconfigurable Network," International Journal of Future Generation Communication and Networking, vol. 9, no.1, pp. 1-10, 2016.
  19. Duan, Q., E. Al-Shaer, and H. Jafarian, "Efficient Random Route Mutation considering flow and network constraints," in Proc. of Communications and Network Security (CNS), pp. 260-268, 2013.
  20. Jafarian, J., E. Al-Shaer, and Q. Duan, "Formal Approach for Route Agility against Persistent Attackers," in Proc. of Computer Security - ESORICS 2013, pp. 237-254, 2013.
  21. Zhao, Z., D. Gong, B. Lu, F. Liu, and C. Zhang, "SDN-based Double Hopping Communication against sniffer attack," Mathematical Problems in Engineering, 2016.
  22. Kompella, V.P., J.C. Pasquale, and G.C. Polyzos, "Multicast routing for multimedia communication," IEEE/ACM Transactions on Networking, vol. 1, no. 3, pp. 286-292, 1993. https://doi.org/10.1109/90.234851
  23. Hwang F K, R.D.S., Winter P, "The Steiner tree problem," Elsevier, 1992.
  24. Yen, J.Y., "Finding the k shortest loopless paths in a network," Management Science, vol. 17, no. 11, pp. 712-716, 1971. https://doi.org/10.1287/mnsc.17.11.712
  25. Prim, R.C., "Shortest connection networks and some generalizations," Bell Labs Technical Journal, vol. 36, no. 6, pp. 1389-1401, 2010.
  26. Dolev, S. and S.T. David, "SDN-Based Private Interconnection," in Proc. of Network Computing and Applications (NCA) International Symposium, pp. 129-136, 2014.
  27. Gkounis, D., V. Kotronis, and X. Dimitropoulos, "Towards Defeating the Crossfire Attack using SDN," Computer Science, 2014.
  28. Ronald, V.D.P., S. Boele, F. Dijkstra, A. Barczyk, G. Van Malenstein, J.H. Chen, and J. Mambretti, "Multipathing with MPTCP and OpenFlow," High Performance Computing, Networking, Storage and Analysis (SCC), pp. 1617-1624, 2012.
  29. Egilmez, H.E., S.T. Dane, K.T. Bagci, and A.M. Tekalp, "OpenQoS: An OpenFlow controller design for multimedia delivery with end-to-end Quality of Service over Software-Defined Networks," in Proc. of Signal & Information Processing Association Summit and Conference, pp. 1-8, 2012.
  30. Qazi, Z.A., C.-C. Tu, L. Chiang, R. Miao, V. Sekar, and M. Yu, "SIMPLE-fying middlebox policy enforcement using SDN," in Proc. of the ACM SIGCOMM conference on SIGCOMM, vol. 43, no. 4, pp. 27-38, 2013.
  31. Lantz, B., B. Heller, and N. McKeown, "A network in a laptop: rapid prototyping for software-defined networks," in Proc. of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks, pp. 19, 2010.
  32. McKeown, N., T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J. Rexford, S. Shenker, and J. Turner, "OpenFlow: enabling innovation in campus networks," ACM SIGCOMM Computer Communication Review, vol. 38, no. 2, pp. 69-74, 2008. https://doi.org/10.1145/1355734.1355746
  33. OpenFlow Specification, online available http://www.OpenFlow.org/wk/index.php/Main_ Page.
  34. Gude, N., T. Koponen, J. Pettit, B. Pfaff, M. Casado, N. Mckeown, and S. Shenker, "NOX: towards an operating system for networks," Acm Sigcomm Computer Communication Review, vol. 38, no. 3, pp. 105-110, 2008. https://doi.org/10.1145/1384609.1384625
  35. Medina, A., I. Matta, and J. Byers, "BRITE: a flexible generator of Internet topologies," Technical Report, 2000.
  36. Garey, M.R. and D.S. Johnson,"Computers and Intractability: A Guide to the Theory of NP-Completeness," in Proc. of W.H. Freeman and Company, 1979.

Cited by

  1. Validating User Flows to Protect Software Defined Network Environments vol.2018, pp.None, 2017, https://doi.org/10.1155/2018/1308678