Abstract
Over the last years, Distributed Denial-of-Service (DDoS) attacks have become an increasing threat on the Internet, with recent attacks reaching traffic volumes of up to 500 Gbps. To make matters worse, web-based facilities that offer “DDoS-as-a-service” (i.e., Booters) allow for the layman to launch attacks in the order of tens of Gbps in exchange for only a few euros. A recent development in networking is the principle of Software Defined Networking (SDN), and related technologies such as OpenFlow. In SDN, the control plane and data plane of the network are decoupled. This has several advantages, such as centralized control over forwarding decisions, dynamic updating of forwarding rules, and easier and more flexible network configuration. Given these advantages, we expect SDN to be well-suited for DDoS attack mitigation. Typical mitigation solutions, however, are not built using SDN. In this paper we propose to design and to develop an OpenFlow-based mitigation architecture for DDoS attacks. The research involves looking at the applicability of OpenFlow, as well as studying existing solutions built on other technologies. The research is as yet in its beginning phase and will contribute towards a Ph.D. thesis after four years.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Addley, E., Halliday, J.: WikiLeaks supporters disrupt Visa and MasterCard sites in ‘Operation Payback’s, http://www.theguardian.com/world/2010/dec/08/wikileaks-visa-mastercard-operation-payback/ (accessed on January 13, 2015)
Greenberg, A.: WikiLeaks Supporters Aim Cyberattacks At PayPal, http://www.forbes.com/sites/andygreenberg/2010/12/06/wikileaks-supporters-aim-cyberattacks-at-paypal/ (accessed on January 13, 2015)
Markoff, J., Pelroth, N.: Firm Is Accused of Sending Spam, and Fight Jams Internet, http://www.nytimes.com/2013/03/27/technology/internet/online-dispute-becomes-internet-snarling-attack.html?_r=0 (accessed on January 13, 2015)
Musil, S.: Record-breaking DDoS attack in Europe hits 400Gbps, http://www.cnet.com/news/record-breaking-ddos-attack-in-europe-hits-400gbps/ (accessed on January 13, 2015)
Olson, P.: The Largest Cyber Attack In History Has Been Hitting Hong Kong Sites, http://www.forbes.com/sites/parmyolson/2014/11/20/the-largest-cyber-attack-in-history-has-been-hitting-hong-kong-sites/ (accessed on January 13, 2015)
Zimmermann, H.: OSI reference model–The ISO model of architecture for open systems interconnection. IEEE Transactions on Communications 28(4), 425–432 (1980)
Karami, M., McCoy, D.: Understanding the Emerging Threat of DDoS-as-a-Service. In: Proceedings of the 6th USENIX Workshop on Large-Scale Exploits and Emergent Threats, LEET 2013 (2013)
Prolexic, A.: Prolexic: DDoS Protection and Mitigation, http://www.prolexic.com/ (accessed on January 13, 2015)
CloudFlare: CloudFlare: The web performance & security company, http://www.cloudflare.com/ (accessed on January 13, 2015)
Verisign: Verisign: Internet Security and Web Domain Names, http://www.verisigninc.com/ (accessed on January 13, 2015)
Shenker, S., Casado, M., Koponen, T., McKeown, N.: The future of networking, and the past of protocols, Presented at the Open Networking Summit (2011)
Bezerra, J.A.: Migrating AmLight from legacy to SDN: Challenges, Results and Next Step, Presented at NANOG 63 (2015)
McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., Shenker, S., Turner, J.: OpenFlow: enabling innovation in campus network. ACM SIGCOMM Computer Communication Review 38(2), 69–74 (2008)
François, J., Dolberg, L., Festor, O., Engel, T.: Network Security through Software Defined Networking: a Survey. In: Proceedings of the 7th ACM Conference on Principles, Systems and Applications of IP Telecommunications, IPTComm 2014 (2014)
Vizváry, M., Vykopal, J.: Future of DDoS Attacks Mitigation in Software Defined Networks. In: Sperotto, A., Doyen, G., Latré, S., Charalambides, M., Stiller, B. (eds.) AIMS 2014. LNCS, vol. 8508, pp. 123–127. Springer, Heidelberg (2014)
Sezer, S., Scott-Hayward, S., Kaur, P.C., Fraser, B., Lake, D., Finnegan, J., Viljoen, N., Miller, M., Roa, N.: Are We Ready for SDN? Implementation Challenges for Software-Defined Networks. ACM SIGCOMM Computer Communication Review 51(7), 36–43 (2013)
Kreutz, D., Ramos, F., Verissimo, P.: Towards secure and dependable software-defined networks. In: Proceedings of the 2nd ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking (2013)
Juniper: Junos OS: Network operating system for routing, switching, and security, http://www.juniper.net/us/en/products-services/nos/junos/ (accessed on January 22, 2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 IFIP International Federation for Information Processing
About this paper
Cite this paper
Jonker, M., Sperotto, A. (2015). Mitigating DDoS Attacks Using OpenFlow-Based Software Defined Networking. In: Latré, S., Charalambides, M., François, J., Schmitt, C., Stiller, B. (eds) Intelligent Mechanisms for Network Configuration and Security. AIMS 2015. Lecture Notes in Computer Science(), vol 9122. Springer, Cham. https://doi.org/10.1007/978-3-319-20034-7_13
Download citation
DOI: https://doi.org/10.1007/978-3-319-20034-7_13
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-20033-0
Online ISBN: 978-3-319-20034-7
eBook Packages: Computer ScienceComputer Science (R0)