Browse > Article
http://dx.doi.org/10.3837/tiis.2019.07.019

FuzzyGuard: A DDoS attack prevention extension in software-defined wireless sensor networks  

Huang, Meigen (Zhengzhou Information Science and Technology Institute)
Yu, Bin (Zhengzhou Information Science and Technology Institute)
Publication Information
KSII Transactions on Internet and Information Systems (TIIS) / v.13, no.7, 2019 , pp. 3671-3689 More about this Journal
Abstract
Software defined networking brings unique security risks such as control plane saturation attack while enhancing the performance of wireless sensor networks. The attack is a new type of distributed denial of service (DDoS) attack, which is easy to launch. However, it is difficult to detect and hard to defend. In response to this, the attack threat model is discussed firstly, and then a DDoS attack prevention extension, called FuzzyGuard, is proposed. In FuzzyGuard, a control network with both the protection of data flow and the convergence of attack flow is constructed in the data plane by using the idea of independent routing control flow. Then, the attack detection is implemented by fuzzy inference method to output the current security state of the network. Different probabilistic suppression modes are adopted subsequently to deal with the attack flow to cost-effectively reduce the impact of the attack on the network. The prototype is implemented on SDN-WISE and the simulation experiment is carried out. The evaluation results show that FuzzyGuard could effectively protect the normal forwarding of data flow in the attacked state and has a good defensive effect on the control plane saturation attack with lower resource requirements.
Keywords
Distributed denial of service; control plane saturation attack; wireless sensor networks; software-defined networking; fuzzy inference;
Citations & Related Records
연도 인용수 순위
  • Reference
1 M. Ambrosin, M. Conti, F. De Gaspari and R. Poovendran, "Lineswitch: Efficiently managing switch flow in software-defined networking while effectively tackling dos attacks," in Proc. of the 10th ACM symposium on information, computer and communications security, pp. 639-644, April 14-17, 2015.
2 T. Wang and H. Chen, "SGuard: A lightweight SDN safe-guard architecture for DoS attacks," China Communications, vol. 14, no. 6, pp.113-125, 2017.   DOI
3 X. Wang, M. Chen, C. Xing and T. Zhang, "Defending DDoS attacks in software-defined networking based on legitimate source and destination IP address database," IEICE TRANSACTIONS on Information and Systems, vol. 99, no. 4, pp. 850-859, 2016.   DOI
4 A. Saied, R. E. Overill and T. Radzik, "Detection of known and unknown DDoS attacks using artificial neural networks," Neurocomputing, vol. 172, pp. 385-393, 2016.   DOI
5 S. M. Mousavi and M. St-Hilaire, "Early detection of DDoS attacks against SDN controllers," in Proc. of the International conference on computing, networking and communications (ICNC), pp. 77-81, February 16-19, 2015.
6 Q. Yan, Q. Gong and F. Deng, "Detection of DDoS attacks against wireless SDN controllers based on the fuzzy synthetic evaluation decision-making model," Ad Hoc Sensor Wireless Networks, vol. 33, pp. 275-299, 2016.
7 H. Dai, Q. Wang, D. Li, R. C. W. Wong, "On eavesdropping attacks in wireless sensor networks with directional antennas," International Journal of Distributed Sensor Networks, vol. 9, no. 8, pp. 760834, 2013.   DOI
8 S. H. Jokhio, I. A. Jokhio and A. H. Kemp, "Node capture attack detection and defence in wireless sensor networks," IET Wireless Sensor Systems, vol. 2, no. 3, pp. 161-169, 2012.   DOI
9 Y. Bangash, L. Zeng, S. Deng and D. Feng, "LPSDN: Sink-node location privacy in wsns via SDN approach," in Proc. of the IEEE conference on networking, architecture and storage (NAS), pp. 1-10, August 8-10, 2016.
10 L. Galluccio, S. Milardo, G. Morabito and S. Palazzo, "SDN-WISE: Design, prototyping and experimentation of a stateful SDN solution for WIreless SEnsor networks," in Proc. of the Computer Communications (INFOCOM), pp. 513-521, April 26-May 1, 2015.
11 N. McKeown, "Software-defined networking," INFOCOM keynote talk, vol. 17, no. 2, pp. 30-32, 2009.
12 L. M. Borges, F. J. Velez and A. S. Lebres, "Survey on the characterization and classification of wireless sensor network applications," IEEE Communications Surveys & Tutorials, vol. 16, no. 4, pp. 1860-1890, 2014.   DOI
13 M. Huang, B. Yu and S. Li, "PUF-assisted group key distribution scheme for software-defined wireless sensor networks," IEEE Communications Letters, vol. 22, no. 2, pp. 404-407, 2018.   DOI
14 A. L. V. Caraguay, A. B. Peral, L. I. B. Lopez and L. J. G. Villalba, "SDN: Evolution and opportunities in the development IoT applications," International Journal of Distributed Sensor Networks, vol. 10, no. 5, pp. 735-142, 2014.
15 R. Braga, E. Mota and A. Passito, "Lightweight DDoS flooding attack detection using NOX/OpenFlow," in Proc. of the 35th conference on local computer networks (LCN), pp. 408-415, October 11-14, 2010.
16 T. Luo, H. P. Tan and T. Q. Quek, "Sensor openflow: Enabling software-defined wireless sensor networks," IEEE Communications Letters, vol. 16, no. 11, pp. 1896-1899, 2012.   DOI
17 G. Li, S. Guo, Y. Yang and Y. Yang, "Traffic load minimization in software defined wireless sensor networks," IEEE Internet of Things Journal, vol. 5, no. 3, pp.1370-1378, 2018.   DOI
18 N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J. Rexford and J. Turner, "OpenFlow: Enabling innovation in campus networks," Acm Sigcomm Computer Communication Review, vol. 38, no. 2, pp. 69-74, 2008.
19 D. Kotani and Y. Okabe, "A packet-in message filtering mechanism for protection of control plane in OpenFlow switches," IEICE TRANSACTIONS on Information and Systems, vol. 99, no. 3, pp. 695-707, 2016.   DOI
20 S. Shin, V. Yegneswaran, P. Porras and G. Gu, "AVANT-GUARD: Scalable and vigilant switch flow management in software-defined networks," in Proc. of the 2013 ACM SIGSAC conference on Computer & communications security, pp. 413-424, November 4-8, 2013.
21 H. Wang, L. Xu and G. Gu, "Floodguard: A dos attack prevention extension in software-defined networks," in Proc. of the 45th annual IEEE/IFIP conference on dependable systems and networks (DSN), pp. 239-250, June 22-25, 2015.
22 N. Abdolmaleki, M. Ahmadi, H. T.Malazi and S.Milardo, "Fuzzy topology discovery protocol for SDN-based wireless sensor networks," Simulation Modelling Practice and Theory, vol. 79, pp. 54-68, 2017.   DOI
23 T. Huang, S. Yan, F. Yang and J. Liu, "Multi-domain SDN survivability for agricultural wireless sensor networks," Sensors, vol. 16, no. 11, pp. 1861-1874, 2016.   DOI