Browse > Article
http://dx.doi.org/10.9717/kmms.2015.18.1.035

A Protection Method using Destination Address Packet Sampling for SYN Flooding Attack in SDN Environments  

Bang, Gihyun (School of Electronics and Computer Engineering, Chonnam National University)
Choi, Deokjai (School of Electronics and Computer Engineering, Chonnam National University)
Bang, Sangwon (School of Computer and Information Science, Songwon University)
Publication Information
Journal of Korea Multimedia Society / v.18, no.1, 2015 , pp. 35-41 More about this Journal
Abstract
SDN(Software Defined Networking) has been considered as a new future computer network architecture and DDoS(Distributed Denial of Service) is the biggest threat in the network security. In SDN architecture, we present the technique to defend the DDoS SYN Flooding attack that is one of the DDoS attack method. First, we monitor the Backlog queue in order to reduce the unnecessary monitoring resources. If the Backlog queue of the certain server is occupied over 70%, the sFlow performs packet sampling with the server address as the destination address. To distinguish between the attacker and the normal user, we use the source address. We decide the SYN packet threshold using the remaining Backlog queue that possible to allow the number of connections. If certain sources address send the SYN packet over the threshold, we judge that this address is attacker. The controller will modify the flow table entry to block attack traffics. By using this method, we reduce the resource consumption about the unnecessary monitoring and the protection range is expanded to all switches. The result achieved from our experiment show that we can prevent the SYN Flooding attack before the Backlog queue is fully occupied.
Keywords
Software Defined Networking; OpenFlow; SYN Flooding;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 M. Nugraha, I. Paramita, A. Musa, D. Choi, and B. Cho, "Utilizing OpenFlow and sFlow to Detect and Mitigate SYN Flooding Attack," Journal of Korea Multimedia Society, Vol. 17, No. 8, pp. 988-994, 2014.   DOI
2 H. Choi and M. Jun, "DDoS TCP Syn Flooding Backscatter Analysis Algorithm," Journal of the Korea Society of Computer and Information, Vol. 14, No. 9, pp. 55-66, 2009.
3 T. Ha, C. Jeong, J. Narantuya, N. An, H. Lim, and J. Kim, "sFlow Based Network Attack Detection System," Proceeding of The Summer Conference of the Korean Institute of Communications and Information Sciences, pp. 4A-3, 2014.
4 R. Braga, E. Mota, and A. Passito, "Lightweight DDoS Flooding Attack Detection using NOX/OpenFlow," Proceeding of 35th Annual IEEE Conference on Local Computer Networks, pp. 408-415, 2010.
5 Performance aware software defined networking. http://blog.sflow.com/2013/01/performanceaware-software-defined.html (accessed Aug., 23, 2014).
6 J. Kim, S. Im, and H. Kim, "Technology Analysis of SDN/OpenFlow and Availability of Security Aspects," Review of Korea Institute of Information Security and Cryptology, Vol. 24, No. 1, pp. 65-74, 2014.
7 D. Moore, G. Voelker, and S. Savage, "Inferring Internet Denial-of-Service Activity," ACM Transaction on Computer Systems, Vol. 24, No. 2, pp. 115-139, 2006.   DOI