Detection and mitigation of DDOS attacks in Software Defined Networks using the Jeffrey distance

Authors

1 Department of Computer, Science and Research branch, Islamic Azad University, Tehran, Iran

2 Department of Science and Technology, University of Shahid Sattari, Tehran, Iran

Abstract

Recently, software defined networks have wide applications on the Internet in order to optimize the use of bandwidth and better traffic management. In Software Defined Network (SDN), the control plane and data plane of the networks are decoupled. In this architecture, the control plane, centrally manages switches by an special server named controller. In SDN, the controller is so vulnerable to DDOS attacks. By injecting spoofed request packets continuously, attackers make a burdensome process which cause the controller to be unreachable and thus denial of services for legitimate users. Due to the augmented impact of these attacks on the software defiend networks rather than traditional networks, need for protection of such network against the attack is very much important. In this paper we will review and simulate DDOS attacks on SDN. We afterward propose a novel detection and mitigation algorithm which takes advantage of unique features of the SDN architecture. In this algorithm, for detecting DDOS attacks in SDN a statistical method based on Jeffrey distance is used. We created the necessary infrastructure for software-driven network and evaluated the proposed method using Mininet simiulator on the Linux operating system. Our experiments performed in the simulator, showed the efficiency of the proposed method and its superiority compared to previous approaches.

Keywords


[1] S.Shin , G.Gu, “Attacking software-defined networks: A first feasibility study.” Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking. ACM, Hong Kong, China, August, 2013.   
[2] S.Sezer, S.Scott-Hayward, P.K.Chouhan, B.Lake and D.Finnegan,“Are we ready for SDN? Implementation challenges for software-defined networks.” IEEE Communications Magazine,vol.51,no.7, pp.36-43, Aug, 2013.
[3] N.McKeown, T.Anderson, H.Balakrishnan, G.Parulkar, L.Peterson, J.Rexford and J.Turner, “OpenFlow: enabling innovation in campus networks.” ACM SIGCOMM Computer Communication Review,vol. 38,no.2, pp.69-74,Feb, 2008.
[4] P.Porras, S.Shin, V.Yegneswaran, M.Fong, M.Tyson, and G.Gu, “A security enforcement kernel for OpenFlow networks.” In Proceedings of the first workshop on Hot topics in software defined networks ,pp. 121-126, ACM, Helsinki, Finland, August,2012.
[5] J.Mirkovic, P.Reiher, “A taxonomy of DDoS attack and DDoS defense mechanisms.” ACM SIGCOMM Computer Communication Review, vol.34,no.2,pp. 39-53, 2004.
[6] Y.Nayana, M.JustinGopinath and L.Girish, “DDoS Mitigation using Software Defined Network.” International Journal of Engineering Trends and Technology (IJETT) , vol. 24 ,no. 5, June,2015.  
[7] M.Karami, D.McCoy, “Understanding the emerging threat of ddos-as-a-service.” In Presented as part of the 6th USENIX Workshop on Large-Scale Exploits and Emergent Threats, Washington, D.C, 2013.  
[8] N.N.Dao, J.Park, M.Park and S.Cho, “A feasible method to combat against DDoS attack in SDN network.” In  International Conference on Information Networking (ICOIN),  pp. 309-311, IEEE, Cambodia, January, 2015.
[9] L.Hongbin, Y.Lin, H.Zhang and M. Zukerman, “Preventing DDoS attacks by identifier/locator separation.” In IEEE network, vol.27, no.6, pp.60-65, Nov, 2013.
[10] T.Peng, C.Leckie, K.Ramamohanarao, “Proactively detecting distributed denial of service attacks using source IP address monitoring.” In International Conference on Research in Networking ,Springer Berlin Heidelberg, pp. 771-782,  May, 2014.
[11] T.Andrysiak, L. Saganowski, “DDoS Attacks Detection by Means of Statistical Models.” In Proceedings of the 9th International Conference on Computer Recognition Systems CORES, Springer International Publishing, PP. 797-806, Nov, 2015.
[12] T. Thapngam, S. Yu, W. Zhou and S.K. Makki ,“ Distributed Denial of Service (DDoS) detection by traffic pattern analysis.” In Peer-to-peer networking and applications, vol.7, no.4, Dec, 2014.
[13] Z.Tan, A. Jamdagni, P. Nanda and R.P. Liu, “A system for denial-of-service attack detection based on multivariate correlation analysis.” In IEEE transactions on parallel and distributed systems, vol. 25, no.2, pp.447-456, Feb, 2014.
[14] Y.Chen, X. Ma and X. Wu, “DDoS detection algorithm based on preprocessing network traffic predicted method and chaos theory.” IEEE Communications Letters, vol.17, no.5, pp.1052-1054, May,2013.
[15] M.Xinlei, C. Yonghong, “DDoS detection method based on chaos analysis of network traffic entropy.” IEEE Communications Letters, vol.18, no.1, pp.114-117, Jan,2014.
[16] H.Sengar, H.Wang, D.Wijesekera and S.Jajodia, “Detecting VoIP floods using the Hellinger distance.” IEEE transactions on parallel and distributed systems, vol.19, no.6, pp.794-805,2008.
[17] R.Kandoi, M. Antikainen, “Denial-of-service attacks in OpenFlow SDN networks.” In IFIP/IEEE International Symposium on Integrated Network Management (IM) , pp. 1322-1326, May, 2015.
[18] M.Ramadas, S.Ostermann and B.Tjaden, “Detecting anomalous network traffic with self-organizing maps.” In International Workshop on Recent Advances in Intrusion Detection, , pp. 36-54, Springer Berlin Heidelberg, September ,2003. 
[19] M.Suh, S.H.Park, B.Lee and S.Yang, “Building firewall over the software-defined network controller.” In 16th International Conference on Advanced Communication Technology, pp. 744-748, IEEE, Ireland,  Feb, 2014.
[20] H. Taejin, Y. Seunghyun, A.C. Risdianto,J.W. Kim and H. Lim, “Suspicious Flow Forwarding for Multiple Intrusion Detection Systems on Software-Defined Networks.”  In IEEE Network, vol.30, no.6, pp. 22-27, Nov, 2016.
[21] M.Duohe,X. Zhen and L. Dongdai “Defending blind DDoS attack on SDN based on moving target defense.”  In International Conference on Security and Privacy in Communication Systems, Springer International Publishing, pp. 463-480, Beijing, China, Sep, 2014.
[22] S.M.Mousavi, M.St-Hilaire, “Early detection of DDoS attacks against SDN controllers.” In Computing, Networking and Communications (ICNC), pp. 77-81, International Conference on IEEE, California, USA, February,2015.
[23] S.Scott-Hayward, G.O'Callaghan and S.Sezer, “Sdn security: A survey.” In Future Networks and Services (SDN4FNS), 2013 IEEE SDN , pp. 1-7, November,2013.
[24] M.Casado, M.Freedman, J.Pettit, J.Luo, N.McKeown and S.Shenker, “Ethane: taking control of the enterprise.” In ACM SIGCOMM Computer Communication Review, Vol. 37, No. 4, pp. 1-12,  ACM, August,2007.
[25] C.Buragohain,  N.Medhi, “FlowTrApp: An SDN based architecture for DDoS attack detection and mitigation in data centers.” In Signal Processing and Integrated Networks (SPIN), 2016 3rd International Conference, pp. 519-524, IEEE, NOIDA, India, February, 2016.
[26] S.Oshima, T.Nakashima and T.Sueyoshi, “Early DoS/DDoS detection method using short-term statistics.” In Complex, Intelligent and Software Intensive Systems (CISIS), 2010 International Conference on IEEE, pp. 168-173, Krakow, Poland, February, 2010.
[27] محمد مؤمنی، مهدی آقا صرام، وحید شاکر، شهرام جمالی و مهدی نوشیار، «ارائه یک فیلتر جدید برای حذف نویزهای ضربه‌ای و ترکیب فیلتر پیشنهادی با الگوریتم PSO به‌منظور کشف و دفاع در برابر حملات سیل آسای SYN» مجله مهندسی برق دانشگاه تبریز، جلد 46، شماره 1، صفحات 311-319، 1395.
[28] I.Alsmadi, D.Xu, “Security of software defined networks: A survey.” computers & security, vol.53,pp. 79-108,Feb, 2015.
[29] یاسر عظیمی، وحید هاشمی فرد و جمشید باقرزاده، «تشخیص توزیع شده و مشارکتی حمله کرم چاله در شبکه‌های حسگر بی سیم،» مجله مهندسی برق دانشگاه تبریز، جلد 46، شماره 4، صفحات 206-195، 1395.
[30] L.Le Cam, G.L.Yang, Asymptotics in statistics: some basic concepts. Springer Science & Business Media. 2012.  
[31] G.McLachlan, Discriminant analysis and statistical pattern recognition. John Wiley & Sons, Vol. 544, Aug, 2004.
[32] J.F.Kurose, K.W.Ross, Computer networking: a top-down approach. Addison Wesley, 2007.   
[33] B.Lantz, B.Heller and N.McKeown, “A network in a laptop: rapid prototyping for software-defined networks.” In Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks ACM, p. 19, Monterey, CA, USA,   October, 2010.
[34] S. Oshima, T. Nakashima and T. Sueyoshi “Early DoS/DDoS detection method using short-term statistics.” In Complex, Intelligent and Software Intensive Systems (CISIS), 2010 International Conference on, pp. 168-173. IEEE, Krakow, Poland,  Feb,2010.