KIPS Transactions on Computer and Communication Systems (정보처리학회논문지:컴퓨터 및 통신 시스템)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Blocking Intelligent Dos Attack with SDN

SDN과 허니팟 기반 동적 파라미터 조절을 통한 지능적 서비스 거부 공격 차단

  • 윤준혁 (한경대학교 컴퓨터응용수학부) ;
  • 문성식 (한경대학교 컴퓨터응용수학부) ;
  • 김미희 (한경대학교 컴퓨터응용수학부)
  • Received : 2021.05.24
  • Accepted : 2021.08.19
  • Published : 2022.01.31
Download PDF
⟨ Previous Next ⟩

Abstract

With the development of network technology, the application area has also been diversified, and protocols for various purposes have been developed and the amount of traffic has exploded. Therefore, it is difficult for the network administrator to meet the stability and security standards of the network with the existing traditional switching and routing methods. Software Defined Networking (SDN) is a new networking paradigm proposed to solve this problem. SDN enables efficient network management by programming network operations. This has the advantage that network administrators can flexibly respond to various types of attacks. In this paper, we design a threat level management module, an attack detection module, a packet statistics module, and a flow rule generator that collects attack information through the controller and switch, which are components of SDN, and detects attacks based on these attributes of SDN. It proposes a method to block denial of service attacks (DoS) of advanced attackers by programming and applying honeypot. In the proposed system, the attack packet can be quickly delivered to the honeypot according to the modifiable flow rule, and the honeypot that received the attack packets analyzed the intelligent attack pattern based on this. According to the analysis results, the attack detection module and the threat level management module are adjusted to respond to intelligent attacks. The performance and feasibility of the proposed system was shown by actually implementing the proposed system, performing intelligent attacks with various attack patterns and attack levels, and checking the attack detection rate compared to the existing system.

네트워크 기술의 발달로 그 적용 영역 또한 다양해지면서 다양한 목적의 프로토콜이 개발되고 트래픽의 양이 폭발적으로 증가하게 되었다. 따라서 기존의 전통적인 스위칭, 라우팅 방식으로는 네트워크 관리자가 망의 안정성과 보안 기준을 충족하기 어렵다. 소프트웨어 정의 네트워킹(SDN)은 이러한 문제를 해결하기 위해 제시된 새로운 네트워킹 패러다임이다. SDN은 네트워크 동작을 프로그래밍하여 효율적으로 네트워크를 관리할 수 있도록 한다. 이는 네트워크 관리자가 다양한 여러 양상의 공격에 대해서 유연한 대응을 할 수 있는 장점을 가진다. 본 논문에서는 SDN의 이러한 특성을 활용하여 SDN 구성 요소인 컨트롤러와 스위치를 통해 공격 정보를 수집하고 이를 기반으로 공격을 탐지하는 위협 레벨 관리 모듈, 공격 탐지 모듈, 패킷 통계 모듈, 플로우 규칙 생성기를 설계하여 프로그래밍하고 허니팟을 적용하여 지능형 공격자의 서비스 거부 공격(DoS)을 차단하는 방법을 제시한다. 제안 시스템에서 공격 패킷은 수정 가능한 플로우 규칙에 의해 허니팟으로 빠르게 전달될 수 있도록 하였으며, 공격 패킷을 전달받은 허니팟은 이를 기반으로 지능적 공격의 패턴을 분석하도록 하였다. 분석 결과에 따라 지능적 공격에 대응할 수 있도록 공격 탐지 모듈과 위협 레벨 관리 모듈을 조정한다. 제안 시스템을 실제로 구현하고 공격 패턴 및 공격 수준을 다양화한 지능적 공격을 수행하고 기존 시스템과 비교하여 공격 탐지율을 확인함으로써 제안 시스템의 성능과 실현 가능성을 보였다.

Keywords

Acknowledgement

이 논문은 2018년도 정부(과학기술정보통신부)의 재원으로 한국연구재단의 지원을 받아 수행된 연구임(No.2018R1A2B6009620).

References

  1. K. Kirkpatrick, "Software-defined networking," Communitcations of ACM, Vol.56, No.9, pp.16-19, 2013. https://doi.org/10.1145/2500468.2500473
  2. J. Choi, W. Park, and K. Kook, "Analysis of the advanced persistent threat (APT) - Targeting the Korean defense industry in 2009-2012," Journal of the Korean Association of Defense Industry Studies, Vol.19, No.2, pp.73-89, 2012.
  3. Q. Yan, F. R. Yu, Q. Gong, and J. Li, "Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: A survey, some research issues, and challenges," IEEE Communications Surveys & Tutorials, Vol.18, No.1, pp.602-622, 2015. https://doi.org/10.1109/COMST.2015.2487361
  4. N. Provos, "A virtual honeypot framework," in USENIX Seurity Symposium, Berkeley, CA: USENIX Association, pp.1-14, 2004.
  5. Open Networking Foundation, ONOS [Internet], https://opennetworking.org/onos.
  6. Linux Foundation, OpenvSwitch [Internet], https://www.openvswitch.org.
  7. P. Berde, M. Gerola, J. Hart, Y. Higuchi, M. Kobayashi, T. Koide, and G. Parulkar, "ONOS: towards an open, distributed SDN OS," in Proceedings of the Third Workshop on Hot Topics in Software Defined Networking, New York: Association for Computing Machinery, pp.1-6, 2014.
  8. B. Pfaff, J. Petttit, T. Koponen, E. Jackson, A. Zhou, J. Rajahalme, and K. Amidon, "The design and implementation of open vswitch,", in 12th {USENIX} Symposium on Networked Systems Design and Implementation, Santa Clara, CA: USENIX Association, pp.117-130, 2015.
  9. N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J. Rexfor, and J. Turner, "OpenFlow: Enabling innovation in campus networks," ACM SIGCOMM COmputer Communication Review, Vol.38, No.2, pp.69-74, 2008. https://doi.org/10.1145/1355734.1355746
  10. Wireshark Foundation, tshark [Internet], https://www.wireshark.org/docs/man-pages/tshark.html.
  11. Mininet Team, Mininet [Internet], http://mininet.org.
  12. K. Kaur, J. Singh, and N. S. Ghumman, "Mininet as software defined networking testing platform," in International Conference on Communication, Computing & Systems, Chennai, India: IEEE, pp.139-142, 2014.
  13. Salvatore Sanfilippo, Hping3 [Internet], http://www.hping.org.
  14. M. Agiwal, A. Roy, and N. Saxena, "Next generation 5G wireless networks: A comprehensive survey," IEEE Communications Surveys & Tutorials, Vol.18, No.3, pp.1617-1655, 2016. https://doi.org/10.1109/COMST.2016.2532458
  15. H. Kim and N. Feamster, "Improving network management with software defined networking," IEEE COmmunicatinos Magazine, Vol.51, No.2, pp.114-119, 2013.
  16. M. Casado, M. J. Feedman, J. Pettit, J. Luo, N. McKeown, and S. Shenker, "Ethane: Taking control of the enterprise," ACM SIGCOMM Computer Communication Review, Vol.34, No.4, pp.1-12, 2007. https://doi.org/10.1145/1030194.1015468
  17. D. Moore, C. Shannon, D. J. Brown, G. M. Voelker, and S. Savage, "Inferring internet denial-of-service activity," ACM Transactions on Computer Systems, Vol.24, No.2, pp.115-139, 2006. https://doi.org/10.1145/1132026.1132027
  18. S. T. Zargar, J. Joshi, and D. Tipper, "A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks," IEEE Communications Surveys & Tutorials, Vol.15, No.4, pp.2046-2069, 2013. https://doi.org/10.1109/SURV.2013.031413.00127
  19. T. Haq, J. Zhai, and V. K. Pidathala, "U.S. Patent No. 9,628,507," U.S. Patent and Trademark Office, 2017.
  20. Y. Choi, "Implementation of content-oriented networking architecture (CONA): a focus on DDoS countermeasure," in Proceedings of European NetFPGA Developers Workshop, Cambridge, UK: NetFPGA, 2010.
  21. X. You, Y. Feng, and K. Sakurai, "Packet In message based DDoS attack detection in SDN network using OpenFlow," in 2017 Fifth International Symposium on Computing and Networking, Aomori, Japan: IEEE, pp. 522-528, 2017.
  22. T. Sanguankotchakorn and S. K. Arugonda, "Hybrid Controller for Securing SDN from Switched DDoS and ARP Poisoning Attacks," In 2019 20th Asia-Pacific Network Operations and Management Symposium, Matsue, Japan: IEEE, pp.1-6, 2019.
  23. H. Wang and B. Wu, "SDN-based hybrid honeypot for attack capture," in 2019 IEEE 3rd Information Technology, Networking, Electronic and Automation Control Conference, Chengdu, China: IEEE, pp.1602-1606, 2019,
  24. X. Liu, H. Xue, X. Feng, and Y. Dai, "Design of the multi-level security network switch system which restricts covert channel," in 2011 IEEE 3rd International Conference on Communication Software and Networks, Xi'an, China: IEEE, pp.233-237. 2011.
  25. T. Lotlikar and D. Shah, D. "A defense mechanism for DoS attacks in SDN (Software Defined Network)," in 2019 International Conference on Nascent Technologies in Engineering, Maltepe, Turkey: IEEE, pp.1-7, 2019.
  26. Y. Kim, S. Ahn, N. C. Thang, D. Choi, and M. Park, "ARP poisoning attack detection based on ARP update state in software-defined networks," in 2019 International Conference on Information Networking, Kuala Lumpur, Malaysia: IEEE, pp.366-371, 2019.
  27. C. Y. J. Chiang, Y. M. Gottlieb, S. J. Sugrim, R. Chadha, C. Serban, A. Poylisher, and J. Santos, "ACyDS: An adaptive cyber deception system," in 2016 IEEE Military Communications Conference, Baltimore, MD: IEEE, pp.800-805, 2016.
  28. Z. Zha, A. Wang, Y. Guo, D. Montgomery, and S. Chen, "Instrumenting open vSwitch with monitoring capabilities: designs and challenges," in Proceedings of the Symposium on SDN Research, New York: Association for Computing Machinery, pp.1-7, 2018.
  29. Y. Tian, V. Tran, and M. Kuerban, "DOS attack mitigation strategies on SDN controller," in 2019 IEEE 9th Annual Computing and Communication Workshop and Conference, Nevada, LA: IEEE, pp.701-707, 2019.
  30. M. Kuerban, Y. Tian, O. Yang, Y. Jia, B. Huebert, and D. Poss, "FlowSec: DOS attack mitigation strategy on SDN controller," in 2016 IEEE International Conference on Networking, Architecture and Storage, Long Beach, CA: IEEE, pp.1-2, 2016.