Browse > Article
http://dx.doi.org/10.3837/tiis.2017.04.020

An SDN based hopping multicast communication against DoS attack  

Zhao, Zheng (Zhengzhou Science and Technology Institute)
Liu, Fenlin (Zhengzhou Science and Technology Institute)
Gong, Daofu (Zhengzhou Science and Technology Institute)
Publication Information
KSII Transactions on Internet and Information Systems (TIIS) / v.11, no.4, 2017 , pp. 2196-2218 More about this Journal
Abstract
Multicast communication has been widely used in the Internet. However, multicast communication is vulnerable to DoS attack due to static router configuration. In this paper, HMC, a hopping multicast communication method based on SDN, is proposed to tackle this problem. HMC changes the multicast tree periodically and makes it difficult for the attackers to launch an accurate attack. It also decreases the probability of multicast communication being attacked by DoS and in the meanwhile, the QoS constrains are not violated. In this research, the routing problem of HMC is proven to be NP-complete and a heuristic algorithm is proposed to solve it. Experiments show that HMC has the ability to resist DoS attack on multicast route effectively. Theoretically, the multicast compromised probability can drop more than 0.6 when HMC is adopt. In addition, experiments demonstrate that HMC achieves shorter average multicast delay and better robustness compared with traditional method, and more importantly, it better defends DoS attack.
Keywords
Software defined network (SDN); Moving target defense (MTD); Multicast tree; Minimum hotness tree; Game theory;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Cyberspace, T., "Strategic Plan for the Federal Cybersecurity Research and Development Program," Executive Office of the President National Science and Technology Council, 2011.
2 Jajodia, S., A.K. Ghosh, V. Swarup, C. Wang, and X.S. Wang, "Moving target defense: creating asymmetric uncertainty for cyber threats," Springer Science & Business Media, vol. 54, 2011.
3 Al-Shaer, E., "Toward Network Configuration Randomization for Moving Target Defense," Springer NewYork, pp. 153-159, 2011.
4 McKeown, N., "Software-defined networking," INFOCOM keynote talk 2009, vol. 17, no. 2, pp. 30-32, 2009.
5 Iyer, A., P. Kumar, and V. Mann. "Avalanche: Data center Multicast using software defined networking," in Proc. of Sixth International Conference on Communication Systems and Networks, pp. 1-8, 2014.
6 Craig, A., B. Nandy, I. Lambadaris, and P. Ashwood-Smith, "Load balancing for multicast traffic in SDN using real-time link cost modification," in Proc. of IEEE International Conference on Communications, pp. 5789-5795, 2015.
7 Zhang, S.Q., Q. Zhang, H. Bannazadeh, and A. Leon-Garcia, "Routing Algorithms for Network Function Virtualization Enabled Multicast Topology on SDN," IEEE Transactions on Network & Service Management, vol., 12, no.4, pp. 580-594, 2015.   DOI
8 Shen, S.H., L.H. Huang, D.N. Yang, and W.T. Chen, "Reliable multicast routing for software-defined networks," pp. 181-189, 2015.
9 Zou, J., G. Shou, Z. Guo, and Y. Hu, "Design and implementation of secure multicast based on SDN," in Proc. of Broadband Network & Multimedia Technology (IC-BNMT), in 5th IEEE International Conference, pp. 124-128, 2013.
10 Huang K, C.Y., Lan J, H, jia, "Random Tree Multicast Communications in Reconfigurable Network," International Journal of Future Generation Communication and Networking, vol. 9, no.1, pp. 1-10, 2016.
11 Duan, Q., E. Al-Shaer, and H. Jafarian, "Efficient Random Route Mutation considering flow and network constraints," in Proc. of Communications and Network Security (CNS), pp. 260-268, 2013.
12 Jafarian, J., E. Al-Shaer, and Q. Duan, "Formal Approach for Route Agility against Persistent Attackers," in Proc. of Computer Security - ESORICS 2013, pp. 237-254, 2013.
13 Zhao, Z., D. Gong, B. Lu, F. Liu, and C. Zhang, "SDN-based Double Hopping Communication against sniffer attack," Mathematical Problems in Engineering, 2016.
14 Kompella, V.P., J.C. Pasquale, and G.C. Polyzos, "Multicast routing for multimedia communication," IEEE/ACM Transactions on Networking, vol. 1, no. 3, pp. 286-292, 1993.   DOI
15 Hwang F K, R.D.S., Winter P, "The Steiner tree problem," Elsevier, 1992.
16 Yen, J.Y., "Finding the k shortest loopless paths in a network," Management Science, vol. 17, no. 11, pp. 712-716, 1971.   DOI
17 Prim, R.C., "Shortest connection networks and some generalizations," Bell Labs Technical Journal, vol. 36, no. 6, pp. 1389-1401, 2010.
18 Pfeiffenberger, T., J.L. Du, P.B. Arruda, and A. Anzaloni, "Reliable and flexible communications for power systems: Fault-tolerant multicast with SDN/OpenFlow," in Proc. of International Conference on New Technologies, Mobility and Security, pp. 1-6, 2015.
19 Dolev, S. and S.T. David, "SDN-Based Private Interconnection," in Proc. of Network Computing and Applications (NCA) International Symposium, pp. 129-136, 2014.
20 Gkounis, D., V. Kotronis, and X. Dimitropoulos, "Towards Defeating the Crossfire Attack using SDN," Computer Science, 2014.
21 Gkounis, D., V. Kotronis, and X. Dimitropoulos, "Towards Defeating the Crossfire Attack using SDN," arXiv preprint, arXiv:1412.2013, 2014.
22 Studer, A. and A. Perrig, "The coremelt attack," Computer Security-ESORICS 2009, Springer. pp. 37-52, 2009.
23 Kang, M.S., S.B. Lee, and V.D. Gligor, "The Crossfire Attack," in Proc. of IEEE Symposium on Security and Privacy, pp, 127-141, 2013.
24 Athreya, A.P., X. Wang, Y.S. Kim, Y. Tian, and P. Tague, "Resistance Is Not Futile: Detecting DDoS Attacks without Packet Inspection," in Proc. of Information Security Applications: 14th International Workshop , pp. 19-21, 2013.
25 Lantz, B., B. Heller, and N. McKeown, "A network in a laptop: rapid prototyping for software-defined networks," in Proc. of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks, pp. 19, 2010.
26 Xue, L., X. Luo, E.W.W. Chan, and X. Zhan. "Towards detecting target link flooding attack," in Proc. of Usenix Conference on Large Installation System Administration, pp. 81-96, 2014.
27 Lee, S.B. and V.D. Gligor, "FLoc: Dependable Link Access for Legitimate Traffic in Flooding Attacks," in Proc. of IEEE International Conference on Distributed Computing Systems, pp. 327-338, 2010.
28 Ronald, V.D.P., S. Boele, F. Dijkstra, A. Barczyk, G. Van Malenstein, J.H. Chen, and J. Mambretti, "Multipathing with MPTCP and OpenFlow," High Performance Computing, Networking, Storage and Analysis (SCC), pp. 1617-1624, 2012.
29 Egilmez, H.E., S.T. Dane, K.T. Bagci, and A.M. Tekalp, "OpenQoS: An OpenFlow controller design for multimedia delivery with end-to-end Quality of Service over Software-Defined Networks," in Proc. of Signal & Information Processing Association Summit and Conference, pp. 1-8, 2012.
30 Qazi, Z.A., C.-C. Tu, L. Chiang, R. Miao, V. Sekar, and M. Yu, "SIMPLE-fying middlebox policy enforcement using SDN," in Proc. of the ACM SIGCOMM conference on SIGCOMM, vol. 43, no. 4, pp. 27-38, 2013.
31 McKeown, N., T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J. Rexford, S. Shenker, and J. Turner, "OpenFlow: enabling innovation in campus networks," ACM SIGCOMM Computer Communication Review, vol. 38, no. 2, pp. 69-74, 2008.   DOI
32 OpenFlow Specification, online available http://www.OpenFlow.org/wk/index.php/Main_ Page.
33 National Cyber Leap Year Summit 2009 co-chairs' report, "Networking and information technology research and development," Technical report, Sept. 2009.
34 Gude, N., T. Koponen, J. Pettit, B. Pfaff, M. Casado, N. Mckeown, and S. Shenker, "NOX: towards an operating system for networks," Acm Sigcomm Computer Communication Review, vol. 38, no. 3, pp. 105-110, 2008.   DOI
35 Medina, A., I. Matta, and J. Byers, "BRITE: a flexible generator of Internet topologies," Technical Report, 2000.
36 Garey, M.R. and D.S. Johnson,"Computers and Intractability: A Guide to the Theory of NP-Completeness," in Proc. of W.H. Freeman and Company, 1979.