Browse > Article
http://dx.doi.org/10.3745/KTCCS.2022.11.1.23

Blocking Intelligent Dos Attack with SDN  

Yun, Junhyeok (한경대학교 컴퓨터응용수학부)
Mun, Sungsik (한경대학교 컴퓨터응용수학부)
Kim, Mihui (한경대학교 컴퓨터응용수학부)
Publication Information
KIPS Transactions on Computer and Communication Systems / v.11, no.1, 2022 , pp. 23-34 More about this Journal
Abstract
With the development of network technology, the application area has also been diversified, and protocols for various purposes have been developed and the amount of traffic has exploded. Therefore, it is difficult for the network administrator to meet the stability and security standards of the network with the existing traditional switching and routing methods. Software Defined Networking (SDN) is a new networking paradigm proposed to solve this problem. SDN enables efficient network management by programming network operations. This has the advantage that network administrators can flexibly respond to various types of attacks. In this paper, we design a threat level management module, an attack detection module, a packet statistics module, and a flow rule generator that collects attack information through the controller and switch, which are components of SDN, and detects attacks based on these attributes of SDN. It proposes a method to block denial of service attacks (DoS) of advanced attackers by programming and applying honeypot. In the proposed system, the attack packet can be quickly delivered to the honeypot according to the modifiable flow rule, and the honeypot that received the attack packets analyzed the intelligent attack pattern based on this. According to the analysis results, the attack detection module and the threat level management module are adjusted to respond to intelligent attacks. The performance and feasibility of the proposed system was shown by actually implementing the proposed system, performing intelligent attacks with various attack patterns and attack levels, and checking the attack detection rate compared to the existing system.
Keywords
Software Defined Networking; Denial of Service Attack; Honeypot; Intelligent Attack; Adaptive System;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Linux Foundation, OpenvSwitch [Internet], https://www.openvswitch.org.
2 B. Pfaff, J. Petttit, T. Koponen, E. Jackson, A. Zhou, J. Rajahalme, and K. Amidon, "The design and implementation of open vswitch,", in 12th {USENIX} Symposium on Networked Systems Design and Implementation, Santa Clara, CA: USENIX Association, pp.117-130, 2015.
3 Mininet Team, Mininet [Internet], http://mininet.org.
4 K. Kaur, J. Singh, and N. S. Ghumman, "Mininet as software defined networking testing platform," in International Conference on Communication, Computing & Systems, Chennai, India: IEEE, pp.139-142, 2014.
5 Salvatore Sanfilippo, Hping3 [Internet], http://www.hping.org.
6 Wireshark Foundation, tshark [Internet], https://www.wireshark.org/docs/man-pages/tshark.html.
7 Y. Tian, V. Tran, and M. Kuerban, "DOS attack mitigation strategies on SDN controller," in 2019 IEEE 9th Annual Computing and Communication Workshop and Conference, Nevada, LA: IEEE, pp.701-707, 2019.
8 D. Moore, C. Shannon, D. J. Brown, G. M. Voelker, and S. Savage, "Inferring internet denial-of-service activity," ACM Transactions on Computer Systems, Vol.24, No.2, pp.115-139, 2006.   DOI
9 Y. Choi, "Implementation of content-oriented networking architecture (CONA): a focus on DDoS countermeasure," in Proceedings of European NetFPGA Developers Workshop, Cambridge, UK: NetFPGA, 2010.
10 H. Wang and B. Wu, "SDN-based hybrid honeypot for attack capture," in 2019 IEEE 3rd Information Technology, Networking, Electronic and Automation Control Conference, Chengdu, China: IEEE, pp.1602-1606, 2019,
11 Y. Kim, S. Ahn, N. C. Thang, D. Choi, and M. Park, "ARP poisoning attack detection based on ARP update state in software-defined networks," in 2019 International Conference on Information Networking, Kuala Lumpur, Malaysia: IEEE, pp.366-371, 2019.
12 T. Haq, J. Zhai, and V. K. Pidathala, "U.S. Patent No. 9,628,507," U.S. Patent and Trademark Office, 2017.
13 P. Berde, M. Gerola, J. Hart, Y. Higuchi, M. Kobayashi, T. Koide, and G. Parulkar, "ONOS: towards an open, distributed SDN OS," in Proceedings of the Third Workshop on Hot Topics in Software Defined Networking, New York: Association for Computing Machinery, pp.1-6, 2014.
14 N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J. Rexfor, and J. Turner, "OpenFlow: Enabling innovation in campus networks," ACM SIGCOMM COmputer Communication Review, Vol.38, No.2, pp.69-74, 2008.   DOI
15 X. Liu, H. Xue, X. Feng, and Y. Dai, "Design of the multi-level security network switch system which restricts covert channel," in 2011 IEEE 3rd International Conference on Communication Software and Networks, Xi'an, China: IEEE, pp.233-237. 2011.
16 M. Kuerban, Y. Tian, O. Yang, Y. Jia, B. Huebert, and D. Poss, "FlowSec: DOS attack mitigation strategy on SDN controller," in 2016 IEEE International Conference on Networking, Architecture and Storage, Long Beach, CA: IEEE, pp.1-2, 2016.
17 H. Kim and N. Feamster, "Improving network management with software defined networking," IEEE COmmunicatinos Magazine, Vol.51, No.2, pp.114-119, 2013.
18 M. Casado, M. J. Feedman, J. Pettit, J. Luo, N. McKeown, and S. Shenker, "Ethane: Taking control of the enterprise," ACM SIGCOMM Computer Communication Review, Vol.34, No.4, pp.1-12, 2007.   DOI
19 S. T. Zargar, J. Joshi, and D. Tipper, "A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks," IEEE Communications Surveys & Tutorials, Vol.15, No.4, pp.2046-2069, 2013.   DOI
20 T. Sanguankotchakorn and S. K. Arugonda, "Hybrid Controller for Securing SDN from Switched DDoS and ARP Poisoning Attacks," In 2019 20th Asia-Pacific Network Operations and Management Symposium, Matsue, Japan: IEEE, pp.1-6, 2019.
21 T. Lotlikar and D. Shah, D. "A defense mechanism for DoS attacks in SDN (Software Defined Network)," in 2019 International Conference on Nascent Technologies in Engineering, Maltepe, Turkey: IEEE, pp.1-7, 2019.
22 J. Choi, W. Park, and K. Kook, "Analysis of the advanced persistent threat (APT) - Targeting the Korean defense industry in 2009-2012," Journal of the Korean Association of Defense Industry Studies, Vol.19, No.2, pp.73-89, 2012.
23 C. Y. J. Chiang, Y. M. Gottlieb, S. J. Sugrim, R. Chadha, C. Serban, A. Poylisher, and J. Santos, "ACyDS: An adaptive cyber deception system," in 2016 IEEE Military Communications Conference, Baltimore, MD: IEEE, pp.800-805, 2016.
24 Z. Zha, A. Wang, Y. Guo, D. Montgomery, and S. Chen, "Instrumenting open vSwitch with monitoring capabilities: designs and challenges," in Proceedings of the Symposium on SDN Research, New York: Association for Computing Machinery, pp.1-7, 2018.
25 X. You, Y. Feng, and K. Sakurai, "Packet In message based DDoS attack detection in SDN network using OpenFlow," in 2017 Fifth International Symposium on Computing and Networking, Aomori, Japan: IEEE, pp. 522-528, 2017.
26 M. Agiwal, A. Roy, and N. Saxena, "Next generation 5G wireless networks: A comprehensive survey," IEEE Communications Surveys & Tutorials, Vol.18, No.3, pp.1617-1655, 2016.   DOI
27 K. Kirkpatrick, "Software-defined networking," Communitcations of ACM, Vol.56, No.9, pp.16-19, 2013.   DOI
28 Q. Yan, F. R. Yu, Q. Gong, and J. Li, "Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: A survey, some research issues, and challenges," IEEE Communications Surveys & Tutorials, Vol.18, No.1, pp.602-622, 2015.   DOI
29 N. Provos, "A virtual honeypot framework," in USENIX Seurity Symposium, Berkeley, CA: USENIX Association, pp.1-14, 2004.
30 Open Networking Foundation, ONOS [Internet], https://opennetworking.org/onos.