TY - JOUR
T1 - DeMi: a Solution to Detect and Mitigate DoS Attacks in SDN
AU - Eliyan, Lubna Fayez
AU - Di Pietro, Roberto
N1 - KAUST Repository Item: Exported on 2023-08-07
Acknowledgements: The publication of this article was partially funded by the award Thematic Research Grant Program, grant VPR-TG01-009, from Hamad Bin Khalifa University (HBKU), Office of the Vice President for Research, Doha, Qatar. Dr. Roberto Di Pietro produced part of his contribution while at HBKU-CSE
PY - 2023/8/4
Y1 - 2023/8/4
N2 - Software-defined networking (SDN) is becoming more and more popular due to its key features of scalability and flexibility, simplifying network management and enabling innovations in the network architecture and protocols. In SDNs, the most crucial part is the controller, tasked with managing the entire network and configuring routes. Given its critical role, a failure or problem occurring at the controller may degrade and even collapse the entire SDN. A typical threat controllers are subject to is a Denial of Service (DoS) attack. To cope with the above-introduced threat, in this paper we propose a lightweight DoS attack detection and mitigation method (DeMi) as well as a heavy-load management module. The proposed solution for detection leverages a sample entropy approach coupled with an adaptive dynamic threshold considering an exponentially weighted moving average (EWMA); the mitigation approach is based on proof of work (PoW) combined with flow rule installations; and, the heavy-load management method implements a scheduling approach at the SDN controller. Results are staggering: for instance, when DeMi is deployed, in an attack scenario the number of exchanged control packets is roughly similar to the attack-free scenario—without DeMi, the number of control packets in the network is 2,7 times more than what experienced in an attack-free setting. As per the number of re-transmitted packets, again, DeMi is able to achieve a re-transmission rate similar to an attack-free scenario—without DeMi the of packets that need to be re-transmitted is roughly 3,7 times the number of packets re-transmission occurring in an attack-free scenario. Moreover, DeMi does not block legitimate traffic, contrary to other solutions in the literature. The novelty of the approach, the demonstrated complete end-to-end solution, and the quality of the achieved experimental results, other than being interesting on their own, do pave the way for further research in this field.
AB - Software-defined networking (SDN) is becoming more and more popular due to its key features of scalability and flexibility, simplifying network management and enabling innovations in the network architecture and protocols. In SDNs, the most crucial part is the controller, tasked with managing the entire network and configuring routes. Given its critical role, a failure or problem occurring at the controller may degrade and even collapse the entire SDN. A typical threat controllers are subject to is a Denial of Service (DoS) attack. To cope with the above-introduced threat, in this paper we propose a lightweight DoS attack detection and mitigation method (DeMi) as well as a heavy-load management module. The proposed solution for detection leverages a sample entropy approach coupled with an adaptive dynamic threshold considering an exponentially weighted moving average (EWMA); the mitigation approach is based on proof of work (PoW) combined with flow rule installations; and, the heavy-load management method implements a scheduling approach at the SDN controller. Results are staggering: for instance, when DeMi is deployed, in an attack scenario the number of exchanged control packets is roughly similar to the attack-free scenario—without DeMi, the number of control packets in the network is 2,7 times more than what experienced in an attack-free setting. As per the number of re-transmitted packets, again, DeMi is able to achieve a re-transmission rate similar to an attack-free scenario—without DeMi the of packets that need to be re-transmitted is roughly 3,7 times the number of packets re-transmission occurring in an attack-free scenario. Moreover, DeMi does not block legitimate traffic, contrary to other solutions in the literature. The novelty of the approach, the demonstrated complete end-to-end solution, and the quality of the achieved experimental results, other than being interesting on their own, do pave the way for further research in this field.
UR - http://hdl.handle.net/10754/693457
UR - https://ieeexplore.ieee.org/document/10208213/
U2 - 10.1109/access.2023.3301994
DO - 10.1109/access.2023.3301994
M3 - Article
SN - 2169-3536
SP - 1
EP - 1
JO - IEEE Access
JF - IEEE Access
ER -