scholarly journals DDoS attacks on data plane of software-defined network: are they possible?

2016 ◽  
Vol 9 (18) ◽  
pp. 5444-5459 ◽  
Author(s):  
Xiaotong Wu ◽  
Meng Liu ◽  
Wanchun Dou ◽  
Shui Yu
Keyword(s):  
Software Defined Network ◽  
Ddos Attacks ◽  
Data Plane

scholarly journals Mitigation of DDoS attack instigated by compromised switches on SDN controller by analyzing the flow rule request traffic

2018 ◽  
Vol 7 (2.6) ◽  
pp. 46 ◽  
Author(s):  
Sanjeetha R ◽  
Shikhar Srivastava ◽  
Rishab Pokharna ◽  
Syed Shafiq ◽  
Dr Anita Kanavalli
Keyword(s):  
Network Architecture ◽  
Flow Rule ◽  
Software Defined Network ◽  
Ddos Attacks ◽  
Control Plane ◽  
Ddos Attack ◽  
Flow Table ◽  
Data Plane ◽  
Ddos Detection ◽  
Sdn Controller

Software Defined Network (SDN) is a new network architecture which separates the data plane from the control plane. The SDN controller implements the control plane and switches implement the data plane. Many papers discuss about DDoS attacks on primary servers present in SDN and how they can be mitigated with the help of controller. In our paper we show how DDoS attack can be instigated on the SDN controller by manipulating the flow table entries of switches, such that they send continuous requests to the controller and exhaust its resources. This is a new, but one of the possible way in which a DDoS attack can be performed on controller. We show the vulnerability of SDN for this kind of attack. We further propose a solution for mitigating it, by running a DDoS Detection module which uses variation of flow entry request traffic from all switches in the network to identify compromised switches and blocks them completely.

IMPLEMENTASI DAN ANALISIS EFEKTIVITAS FIREWALL PADA SOFTWARE DEFINED NETWORK BERBASIS OPENFLOW

2018 ◽  
Vol 4 (2) ◽  
pp. 46-57
Author(s):  
Fathul Muiin ◽  
Henry Saptono
Keyword(s):  
Software Defined Network ◽  
Control Plane ◽  
Flow Table ◽  
Data Plane

Penggunaan akses internet di dunia semakin berkembang, dan selaras dengan perkembangan teknologi jaringan komputer yang semakin kompleks. Oleh karena itu, keamanan data pada sebuah komputer menjadi salah satu bagian yang sangat penting dalam sebuah jaringan. Dan SDN merupakan sebuah solusi untuk menyediakan kebutuhan jaringan komputer saat ini. Software Defined Network (SDN) merupakan pendekatan pada teknologi jaringan yang melakukan penyederhanaan terhadap kontrol dan manajemen jaringan. Pada jaringan ini nantinya akan menggunakan protokol openflow, yang prinsip utamanya memisahkan fungsi control plane dan data plane pada perangkat. Kontrol jaringan pada sebuah controller bersifat programmable, jadi dengan adanya SDN maka jaringan akan mudah diatur dan lebih fleksibel. Implementasi dan analisis firewall ini menggunakan emulator mininet untuk membuat topologi jaringan yang sederhana. Dalam pengujian firewall menggunakan bahasa XML untuk implementasi aliran data, lalu menggunakan aplikasi postman sebagai alat untuk menambahkan flow table baru pada switch, dan controller yang digunakan adalah opendaylight.

scholarly journals Cloud Based Data Protection in Anonymously Controlled SDN

2018 ◽  
Vol 2018 ◽  
pp. 1-8 ◽  
Author(s):  
Jian Shen ◽  
Jun Shen ◽  
Chin-Feng Lai ◽  
Qi Liu ◽  
Tianqi Zhou
Keyword(s):  
Data Protection ◽  
The Other ◽  
Software Defined Network ◽  
Storage Space ◽  
Control Plane ◽  
Conventional Model ◽  
Novel Structure ◽  
Data Plane ◽  
Single Controller ◽  
The One

Nowadays, Software Defined Network (SDN) develops rapidly for its novel structure which separates the control plane and the data plane of network devices. Many researchers devoted themselves to the study of such a special network. However, some limitations restrict the development of SDN. On the one hand, the single controller in the conventional model bears all threats, and the corruption of it will result in network paralysis. On the other hand, the data will be increasing more in SDN switches in the data plane, while the storage space of these switches is limited. In order to solve the mentioned issues, we propose two corresponding protocols in this paper. Specifically, one is an anonymous protocol in the control plane, and the other is a verifiable outsourcing protocol in the data plane. The evaluation indicates that our protocol is correct, secure, and efficient.

scholarly journals Machine-Learning-Enabled DDoS Attacks Detection in P4 Programmable Networks

2021 ◽  
Vol 30 (1) ◽  
Author(s):  
Francesco Musumeci ◽  
Ali Can Fidanci ◽  
Francesco Paolucci ◽  
Filippo Cugini ◽  
Massimo Tornatore
Keyword(s):  
Machine Learning ◽  
Real Time ◽  
Transmission Control Protocol ◽  
Denial Of Service ◽  
Attack Detection ◽  
Ddos Attacks ◽  
Worst Case ◽  
Latency Reduction ◽  
Data Plane ◽  
Network Switches

Abstract Distributed Denial of Service (DDoS) attacks represent a major concern in modern Software Defined Networking (SDN), as SDN controllers are sensitive points of failures in the whole SDN architecture. Recently, research on DDoS attacks detection in SDN has focused on investigation of how to leverage data plane programmability, enabled by P4 language, to detect attacks directly in network switches, with marginal involvement of SDN controllers. In order to effectively address cybersecurity management in SDN architectures, we investigate the potential of Artificial Intelligence and Machine Learning (ML) algorithms to perform automated DDoS Attacks Detection (DAD), specifically focusing on Transmission Control Protocol SYN flood attacks. We compare two different DAD architectures, called Standalone and Correlated DAD, where traffic features collection and attack detection are performed locally at network switches or in a single entity (e.g., in SDN controller), respectively. We combine the capability of ML and P4-enabled data planes to implement real-time DAD. Illustrative numerical results show that, for all tested ML algorithms, accuracy, precision, recall and F1-score are above 98% in most cases, and classification time is in the order of few hundreds of $$\upmu \text {s}$$ μ s in the worst case. Considering real-time DAD implementation, significant latency reduction is obtained when features are extracted at the data plane by using P4 language. Graphic Abstract

scholarly journals ADAPTIVE ENTROPY-BASED DETECTION AND MITIGATION OF DDOS ATTACKS IN SOFTWARE DEFINED NETWORKS

2020 ◽  
pp. 399-410
Author(s):  
Jawad Dalou' ◽  
Basheer Al-Duwairi ◽  
Mohammad Al-Jarrah
Keyword(s):  
Denial Of Service ◽  
Attack Detection ◽  
Point Of View ◽  
Software Defined Networks ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Control Plane ◽  
Data Plane ◽  
And Control ◽  
Sdn Controller

Software Defined Networking (SDN) has emerged as a new networking paradigm that is based on the decoupling between data plane and control plane providing several benefits that include flexible, manageable, and centrally controlled networks. From a security point of view, SDNs suffer from several vulnerabilities that are associated with the nature of communication between control plane and data plane. In this context, software defined networks are vulnerable to distributed denial of service attacks. In particular, the centralization of the SDN controller makes it an attractive target for these attacks because overloading the controller with huge packet volume would result in bringing the whole network down or degrade its performance. Moreover, DDoS attacks may have the objective of flooding a network segment with huge traffic volume targeting single or multiple end systems. In this paper, we propose an entropy-based mechanism for Distributed Denial of Service (DDoS) attack detection and mitigation in SDN networks. The proposed mechanism is based on the entropy values of source and destination IP addresses of flows observed by the SDN controller which are compared to a preset entropy threshold values that change in adaptive manner based on network dynamics. The proposed mechanism has been evaluated through extensive simulation experiments.

scholarly journals Simulasi Virtual Local Area Network (VLAN) Berbasis Software Defined Network (SDN) Menggunakan POX Controller

2015 ◽  
Vol 7 (2) ◽  
pp. 129
Author(s):  
Rohmat Tulloh ◽  
Ridha Muldina Negara ◽  
Arif Nur Hidayat
Keyword(s):  
Local Area Network ◽  
Local Area ◽  
Area Network ◽  
Software Defined Network ◽  
Control Plane ◽  
Trip Time ◽  
Background Traffic ◽  
Data Plane ◽  
Pox Controller ◽  
Set Up

VLAN (Virtual LAN) merupakan sebuah teknologi yang dapat mengkonfigurasi jaringan logis independen dari struktur jaringan fisik. Hasil dari penelitian sebelumnya sudah diprediksi bahwa dibutuhkan Virtual Network yang akhirnya terciptalah VLAN. Namun paradigma jaringan saat ini tidak flexible, ketergantungan terhadap vendor sangat besar karena fungsi data plane dan control plane berada dalam satu paket device. SDN (Software defined network) yang merupakan salahsatu evolusi teknologi jaringan sesuai dengan tuntutan yang berkembang dimana memisahkan fungsi data plane dan control plane pada suatu perangkat. POX Controller digunakan untuk men-simulasikan dan menguji Platform SDN (Software defined network). Pada penelitian ini menggunakan Openflow versi 1.0 untuk memasang header VLAN sehingga penelitian ini difokuskan untuk mengevaluasi performa forwarding VLAN yang memanfaatkan Openflow sebagai control plane dapat berfungsi dengan baik. Hasil penelitian ini mengusulkan penerapan karakteristik teknologi VLAN pada SDN karena telah berjalan dengan benar sesuai hasil pengujian konektifitas, verifikasi dan keamanan. Kemudian hasil pengujian lanjutan untuk melihat pengaruh SDN dengan skenario penambahan jumlah VLAN ID didapatkan bahwa set-up time akan bertambah seiring meningkatnya jumlah host dan dengan menggunakan protokol OpenFlow, latency yang terjadi di jaringan dapat dipantau dengan parameter round trip time (RTT) yang stabil direntang 0,2 sampai 6 second walaupun jumlah vlan_id dan background traffic bertambah.

scholarly journals Proposed approach to detect distributed denial of service attacks in software defined network using machine learning algorithms

2018 ◽  
Vol 7 (2.8) ◽  
pp. 472 ◽  
Author(s):  
Shruti Banerjee ◽  
Partha Sarathi Chakraborty ◽  
. .
Keyword(s):  
Machine Learning ◽  
Denial Of Service ◽  
Learning Algorithms ◽  
Machine Learning Algorithms ◽  
Paper Machine ◽  
Software Defined Network ◽  
Distributed Denial Of Service ◽  
Control Plane ◽  
Data Plane ◽  
And Control

SDN (Software Defined Network) is rapidly gaining importance of ‘programmable network’ infrastructure. The SDN architecture separates the Data plane (forwarding devices) and Control plane (controller of the SDN). This makes it easy to deploy new versions to the infrastructure and provides straightforward network virtualization. Distributed Denial-of-Service attack is a major cyber security threat to the SDN. It is equally vulnerable to both data plane and control plane. In this paper, machine learning algorithms such as Naïve Bayesian, KNN, K Means, K-Medoids, Linear Regression, use to classify the incoming traffic as usual or unusual. Above mentioned algorithms are measured using the two metrics: accuracy and detection rate. The best fit algorithm is applied to implement the signature IDS which forms the module 1 of the proposed IDS. Second Module uses open connections to state the exact node which is an attacker and to block that particular IP address by placing it in Access Control List (ACL), thus increasing the processing speed of SDN as a whole. 

Sign in / Sign up

Export Citation Format

Share Document