Abstract
At present cloud computing environment, DDoS attacks have become a weapon for the illegitimate user’s as well as for the cyber terrorists. These attacks have the capability to disrupt large scale network infrastructure. Despite the various traditional DDoS mitigation techniques that exist present, DDoS attacks are rapidly growing in volume, frequency, and severity. This entitles for advance network architecture to represent the requirements of the present security challenge. Software-defined networking (SDN) is the new cloud-based networking paradigm which is rapidly gaining attention to the researchers to address the need of today’s data-centers—considering of functionalities of SDN-based platform, the proposed survey study providing comprehensive knowledge on prior SDN-based DDoS attack detection and mitigation strategies. This paper classifies solution strategies based on DDoS detection and mitigation techniques. Also, discussing current technologies to defend the DDoS attacks followed by future research direction to address the certain challenges identified in the research gap from existing studies. This paper is meant to brief about the existing system and practical approaches to solving such problems.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Arbor Networks: Worldwide Infrastructure Security Report Volume XI (2015)
Ottis, R.: Analysis of the 2007 cyber attacks against Estonia from the information warfare perspective. In: Proceedings of the 7th European Conference on Information Warfare, p. 163 (2008)
Bangladesh Bank Heist (2016). https://en.wikipedia.org/wiki/2016_Bangladesh_Bank_heist
European renewable power grid rocked by cyber-attack. EurActiv (2012). https://www.euractiv.com/section/energy/news/European-renewable-power-grid-rocked-by-cyber-attack/
Musil, S.: Record-breaking DDoS attack in Europe hits ps. CNET (2014). http://www.cnet.com/news/recordbreakingDDoS-attack-in-Europe-hits-400gbps/
Hoque, N., Bhattacharyya, D., Kalita, J.: Botnet in DDoS attacks: trends and challenges. IEEE Commun. Surv. Tutor. 99, 1 (2015)
Arbor Networks Inc. http://www.arbornetworks.com
Arbor networks detect largest ever DDoS attack in Q1 2015 DDoS report. In: Arbor Networks (2015). http://www.bornetworks.com/arbor-networks-detects-largest-ever-ddosattack-in-q1-2015-ddos-report
Jain, S., et al.: B4: experience with a globally-deployed software defined WA. ACM SIGCOMM Comput. Commun. Rev. 43(4), 3–14 (2013)
Technol, I.: Secure and Dependable SDNs, February 2016 (2015)
The State of Security. https://www.tripwire.com/state-of-security/security-data-protection/cloud/top-cloud-security-threats/. Accessed 20 Sept 2018
Archer, J., Boehme, A., Cullinane, D., Kurtz, P., Puhlmann, N., Reavis, J.: Top Threats to cloud computing, Version 1.0. cloud security alliance (2010)
Kulkarni, G., Gambhir, J., Patil, T., Dongare, A.: A security aspects in cloud computing. In: IEEE 3rd International Conference on Software Engineering and Service Science (ICSESS), pp. 547–550 (2012)
Zhou, M., Zhang, R., Xie, W., Qian, W., Zhou, A.: Security and privacy in cloud computing a survey. In: International Conference on Semantics Knowledge and Grid (SKG), pp. 105–112 (2010)
Bhardwaj, A., Kumar, V.: Cloud security assessment and identity management. In: 14th International Conference on Computer and Information Technology, pp. 387–392 (2011)
Bisson, D.: DDoS attacks increased by 180% compared to 2014, reveals Akamai report. The State of Security, 14 January 2016
Peng, T., Leckie, C., Ramamohanarao, K.: Survey of network-based defense mechanisms countering the DoS and DDoS problems. ACM Comput. Surv. 39(1), 3-es (2007)
Czyz, J., Kallitsis, M., Papadopoulos, C., Bailey, M.: Taming the 800 Pound Gorilla: the rise and decline of NTP DDoS attacks. In: IMC, pp. 435–448 (2014)
Zargar, S.T., Joshi, J., Tipper, D., Member, S.: Asurvey of defense mechanisms against distributed denial of service (DDoS). IEEE Commun. Surv. Tutor. 15(4), 2046–2069 (2013)
Kaufman, C., Perlman, R., Sommerfeld, B.: DoS protection for UDP-based protocols. In: Proceedings of the 10th ACM Conference on Computer and Communication Security, CCS 2003, p. 2 (2003)
Yan, Q., Yu, F.R.: Distributed denial of service attacks in softwaredefined networking with cloud computing. IEEE Commun. Mag. 53(4), 52–59 (2015)
Zhang, J., Qin, Z., Ou, L., Jiang, P., Liu, J., Liu, A.X.: An advanced entropy-based DDoS detection scheme. In: 2010 International Conference on Information, Networking and Automation (ICINA), Kunming, pp. V2-67–V2-71 (2010)
David, J., Thomas, C.: DDoS attack detection using fast entropy approach on flow-based network traffic. Procedia Comput. Sci. 50, 30–36 (2015)
Wang, R., Jia, Z., Ju, L.: An entropy-based distributed DDoS detection mechanism in software-defined networking. In: 2015 IEEE Trustcom/BigDataSE/ISPA, pp. 310–317 (2015)
Fiadino, P., Alconzo, A.D., Schiavone, M., Casas, P.: Challenging entropy-based anomaly detection and diagnosis in cellular networks. In: Proceedings of the 2015 ACM Conference on Special Interest Group on Data Communication (2015)
Javed, M., Ashfaq, A.B., Shafiq, M.Z., Khayam, S.A.: On the inefficient use of entropy for anomaly detection. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). LNCS, vol. 5758, pp. 369–370 (2009)
Karimazad, R., Faraahi, A.: An anomaly-based method for DDoS attacks detection using RBF neural networks. In: Proceedings of the International Conference on Network and Electronics Engineering, pp. 16–18 (2011)
Zhong, R., Yue, G.: DDoS detection system based on data mining. In: Proceedings of the 2nd International Symposium on Networking and Network Security, Jinggangshan, China, pp. 2–4 (2010)
Wu, Y.-C., Tseng, H.-R., Yang, W., Jan, R.-H.: DDoS detection and traceback with decision tree and grey relational analysis. Int. J. Ad Hoc Ubiquit. Comput. 7(2), 121–136 (2011)
Li, J., Liu, Y., Gu, L.: DDoS attack detection based on neural network. In: 2nd International Symposium on Aware Computing (ISAC), pp. 196–199. IEEE (2010)
Akilandeswari, V., Shalinie, S.M.: Probabilistic neural network based attack traffic classification. In: Fourth International Conference on Advanced Computing (ICoAC), pp. 1–8. IEEE (2012)
Chen, J.-H., Zhong, M., Chen, F.-J., Zhang, A.-D.: DDoS defense system with turing test and neural network. In: IEEE International Conference on Granular Computing (GrC), pp. 38–43. IEEE (2012)
Li, H., Liu, D.: Research on intelligent intrusion prevention system based on snort. In: International Conference on Computer, Mechatronics, Control and Electronic Engineering (CMCE), vol. 1, pp. 251–253. IEEE (2010)
Yen, T.-F., Reiter, M.K.: Traffic aggregation for malware detection. In: International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pp. 207–227. Springer, Heidelberg (2008)
Shin, S., Porras, P., Yegneswaran, V., Fong, M., Gu, G., Tyson, M., Texas, A., Station, C., Park, M.: Fresco: modular composable security services for software-defined networks. In: Network and Distributed System Security Symposium, pp. 1–16 (2013)
Jin, R., Wang, B.: Malware detection for mobile devices using software-defined networking. In: Proceedings of the 2013 Second GENI Research and Educational Experiment Workshop, GREE 2013, pp. 81–88. IEEE, Washington (2013)
Agarwal, B., Mittal, N.: Hybrid approach for detection of anomaly network traffic using data mining techniques. Procedia Technol. 6, 996–1003 (2012)
Gupta, B., Misra, M., Joshi, R.C.: An ISP level solution to combat DDoS attacks using combined statistical based approach. arXiv preprint arXiv:1203.2400 (2012)
Thapngam, T., Yu, S., Zhou, W., Beliakov, G.: Discriminating DDoS attack traffic from flash crowd through packet arrival patterns. In: IEEE Conference on Computer Communications Workshops, Shanghai, China, 10–15 April. IEEE (2011)
Ali, S.T., Sivaraman, V., Radford, A., Jha, S.: Asurvey of securing networks using software defined networking. IEEE Trans. Reliab. 64(3), 1086–1097 (2015)
Giotis, K., Argyropoulos, C., Androulidakis, G., Kalogeras, D., Maglaris, V.: Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments. Comput. Netw. 62, 122–136 (2014)
Dillon, C., Berkelaar, M.: OpenFlow (D) DoS Mitigation. Technical Report, February 2014. http://www.delaat.net/rp/2013-2014/p42/report.pdf
Lim, S., Ha, J., Kim, H., Kim, Y., Yang, S.: ASDN-oriented DDoS blocking scheme for botnet-based attacks. In: Sixth International Conference on Ubiquitous and Future Networks (ICUFN), pp. 63–68. IEEE (2014)
Chin, T., Mountrouidou, X., Li, X., Xiong, K.: Selective packet inspection to detect DoS flooding using software defined networking (SDN). In: 2015 IEEE 35th International Conference on Distributed Computing Systems Workshops (ICDCSW), pp. 95–99. IEEE (2015)
Chung, C.-J., Khatkar, P., Xing, T., Lee, J., Huang, D.: NICE: Network intrusion detection and countermeasure. IEEE Trans. Dependable Secure Comput. 10(4), 198–211 (2013)
Xing, T., Huang, D., Xu, L., Chung, C.J., Khatkar, P.: SnortFlow: a OpenFlow-based intrusion prevention system in cloud environment. In: Proceedings of the 2013 2nd GENI Research and Educational Experiment Workshop, GREE 2013, pp. 89–92 (2013)
Denial-of-Service (DoS) Secured Virtual Tenant Networks (VTN). As Whitepaper by Radware and NEC Corporation (2012)
Real-time DDoS Protection. As HP and Radware solution brief (2014)
SDN Analytics for DDoS Mititgation—Solving Real World Enterprise Problem Today. As Application note by Alcatel Lucent Enterprise (2013)
Real-time SDN and NFV Analystics for DDoS Mitigation. by Brocade Communication System (2014)
Krishnan, R., Durrani, M., Pal, P.: Real-time SDN Analytics for DDoS Mitigation. As Article by Brocade Communications (2014)
Mousavi, S.M.: Early Detection of DDoS Attacks in Software Defined Networks Controller. As Thesis Report (2014)
Dillon, C., Berkelaar, M.: OpenFlow DDoS Mitigation 2014. Technical report, February 2014. http://www.delaat.net/rp/2013-2014
Wang, H., Xu, L., Gu, G.: OF-GUARD: a DoS attack prevention extension in software-defined networks. Open Network Summit, USENIX (2014)
Sahay, R., Blanc, G., Zhang, Z., Debar, H.: Towards autonomic DDoS mitigation using software defined networking. In: NDSS Workshop on Security of Emerging Networking (SENT) (2015)
Lim, S., Ha, J., Kim, H., Kim, Y., Yang, S.: A SDN-oriented DDoS blocking scheme for botnet-based attacks. In: Sixth International Conference on Ubiquitous and Future Networks (ICUFN), pp. 63–68. IEEE (2014)
Oktian, Y.E., Lee, S., Lee, H.: Mitigating denial of service (DoS) attacks in OpenFlow networks. In: ICTC. IEEE (2014)
Kalliola, A., Lee, K., Lee, H., Aura, T.: Flooding DDoS mitigation and traffic management with software defined networking. In: 4th International Conference on Cloud Networking (CloudNet), pp. 248–254. IEEE (2015)
Wang, R., Jia, Z., Ju, L.: An entropy-based distributed DDoS detection mechanism in software-defined networking. In: Trustcom/BigDataSE/ISPA. IEEE (2015)
Alcorn, J.A., Chow, C.E.: A framework for large-scale modeling and simulation of attacks on an OpenFlow network. In: 2014 23rd International Conference on Computer Communication and Networks (ICCCN), Shanghai, pp. 1–6 (2014)
Kalliola, A., Lee, K., Lee, H., Aura, T.: Flooding DDoS mitigation and traffic management with software defined networking. In: 2015 IEEE 4th International Conference on Cloud Networking (CloudNet), Niagara Falls, ON, pp. 248–254 (2015)
Chin, T., Mountrouidou, X., Li, X., Xiong, K.: An SDN-supported collaborative approach for DDoS flooding detection and containment. In: 2015 IEEE Military Communications Conference, MILCOM 2015, Tampa, FL, pp. 659–664 (2015)
Giotis, K., Apostolaki, M., Maglaris, V.: A reputation-based collaborative schema for the mitigation of distributed attacks in SDN domains. In: 2016 IEEE/IFIP Network Operations and Management Symposium, NOMS 2016, Istanbul, pp. 495–501 (2016)
Furdek, M., et al.: An overview of security challenges in communication networks. In: 2016 8th International Workshop on Resilient Networks Design and Modeling (RNDM), Halmstad, pp. 43–50 (2016)
Sattar, D., Matrawy, A., Adeojo, O.: Adaptive bubble burst (ABB): mitigating DDoS attacks in software-defined networks. In: 2016 17th International Telecommunications Network Strategy and Planning Symposium (Networks), Montreal, QC, 2016, pp. 50–55 (2016)
Passito, A., Mota, E., Bennesby, R., Fonseca, P.: AgNOS: a framework for autonomous control of software-defined networks. In: 2014 IEEE 28th International Conference on Advanced Information Networking and Applications, Victoria, BC, pp. 405–412 (2014)
Mowla, N.I., Doh, I., Chae, K.: Multi-defense mechanism against DDoS in SDN based CDNi. In: 2014 Eighth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, Birmingham, pp. 447–451 (2014)
Wang, B., Zheng, Y., Lou, W., Hou, Y.T.: DDoS attack protection in the era of cloud computing and software-defined networking. In: 2014 IEEE 22nd International Conference on Network Protocols, Raleigh, NC, pp. 624–629 (2014)
Giotis, K., Androulidakis, G., Maglaris, V.: Leveraging SDN for efficient anomaly detection and mitigation on legacy networks. In: 2014 Third European Workshop on Software Defined Networks, Budapest, pp. 85–90 (2014)
Ashraf, J., Latif, S.: Handling intrusion and DDoS attacks in Software Defined Networks using machine learning techniques. In: 2014 National Software Engineering Conference, Rawalpindi, pp. 55–60 (2014)
Krylov, V., Kravtsov, K., Sokolova, E., Lyakhmanov, D.: SDI defense against DDoS attacks based on IP Fast Hopping method. In: 2014 International Science and Technology Conference (Modern Networking Technologies) (MoNeTeC), Moscow, pp. 1–5 (2014)
Mihai-Gabriel, I., Victor-Valeriu, P.: Achieving DDoS resiliency in a software defined network by intelligent risk assessment based on neural networks and danger theory. In: 2014 IEEE 15th International Symposium on Computational Intelligence and Informatics (CINTI), Budapest, pp. 319–324 (2014)
Nguyen Tri, H.T., Kim, K.: Assessing the impact of resource attack in Software Defined Network. In: 2015 International Conference on Information Networking (ICOIN), Cambodia, pp. 420–425 (2015)
Kokila, R.T., Thamarai Selvi, S., Govindarajan, K.: DDoS detection and analysis in SDN-based environment using support vector machine classifier. In: 2014 Sixth International Conference on Advanced Computing (ICoAC), Chennai, pp. 205–210 (2014)
Dharma, N.I.G., Muthohar, M.F., Prayuda, J.D.A., Priagung, K., Choi, D.: Time-based DDoS detection and mitigation for SDN controller. In: 2015 17th Asia-Pacific Network Operations and Management Symposium (APNOMS), Busan, pp. 550–553 (2015)
Wang, X., Chen, M., Xing, C.: SDSNM: a software-defined security networking mechanism to defend against DDoS attacks. In: 2015 Ninth International Conference on Frontier of Computer Science and Technology, Dalian, pp. 115–121 (2015)
Luo, S., Wu, J., Li, J., Pei, B.: A defense mechanism for distributed denial of service attack in software-defined networks. In: 2015 Ninth International Conference on Frontier of Computer Science and Technology, Dalian, pp. 325–329 (2015)
Wang, R., Jia, Z., Ju, L.: An entropy-based distributed DDoS detection mechanism in software-defined networking. In: 2015 IEEE Trustcom/BigDataSE/ISPA, Helsinki, pp. 310–317 (2015)
Seeber, S., Stiemert, L., Rodosek, G.D.: Towards an SDN-enabled IDS environment. In: 2015 IEEE Conference on Communications and Network Security (CNS), Florence, pp. 751–752 (2015)
Kim, J., Daghmehchi Firoozjaei, M., Jeong, J.P., Kim, H., Park, J.S.: SDN-based security services using interface to network security functions. In: 2015 International Conference on Information and Communication Technology Convergence (ICTC), Jeju, pp. 526–529 (2015)
Arins, A.: Firewall as a service in SDN Open Flow network. In: 2015 IEEE 3rd Workshop on Advances in Information, Electronic and Electrical Engineering (AIEEE), Riga, pp. 1–5 (2015)
Van Trung, P., Huong, T.T., Van Tuyen, D., Duc, D.M., Thanh, N.H., Marshall, A.: A multi-criteria-based DDoS-attack prevention solution using software defined networking. In: 2015 International Conference on Advanced Technologies for Communications (ATC), Ho Chi Minh City, pp. 308–313 (2015)
Hussein, A., Elhajj, I.H., Chehab, A., Kayssi, A.: SDN security plane: an architecture for resilient security services. In: 2016 IEEE International Conference on Cloud Engineering Workshop (IC2EW), Berlin, pp. 54–59 (2016)
Machado, C.C., Granville, L.Z., Schaeffer-Filho, A.: ANSwer: combining NFV and SDN features for network resilience strategies. In: 2016 IEEE Symposium on Computers and Communication (ISCC), Messina, pp. 391–396 (2016)
Sahri, N., Okamura, K.: Collaborative spoofing detection and mitigation – SDN based looping authentication for DNS services. In: 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC), Atlanta, GA, pp. 565–570 (2016)
DDoS Mitigation. https://www.incapsula.com/ddos/ddos-mitigation-services.html. Accessed 20 Sept 2018
DDoS Mitigation Techniques. https://www.verisign.com/en_IN/security-services/ddos-protection/athena/ddos-mitigation-techniques/index.xhtml. Accessed 20 Sept 2018
DDoS Mitigation. https://www.akamai.com/uk/en/resources/ddos-mitigation.jsp. Accessed 20 Sept 2018
StormWall. https://stormwall.pro/en?utm_source=google&utm_medium=cpc&utm_campaign=ENG_other&network=g&placement=&adposition=1o1&utm_term=ddos%20mitigation&gclid=EAIaIQobChMI4K-I5dHG3QIViZOPCh09Bw7lEAMYASAAEgKoRPD_BwE. Accessed 20 Sept 2018
Challenges of Software-Defined Networking. https://yourdailytech.com/networking/challenges-of-software-defined-networking/. Accessed 20 Sept 2018
Vissicchio, S., Vanbever, L., Bonaventure, O.: Opportunities and research challenges of hybrid software defined network’s. ACM SIGCOMM Comput. Commun. 44(2), 70–75 (2014)
Imran, A.: SDN controllers security issues (2017)
Yu, S., Zhou, W., Jia, W., Guo, S., Xiang, Y., Tang, F.: Discriminating DDoS attacks from flash crowds using flow correlation coefficient. IEEE Trans. Parallel Distrib. Syst. 23(6), 1073–1080 (2012)
Saravanan, A., Bama, S.S., Kadry, S., Ramasamy, L.K.: A new framework to alleviate DDoS vulnerabilities in cloud computing. Int. J. Electr. Comput. Eng. (IJECE) 9(5), 4163–4175 (2019)
Hertiana, S.N., Kurniawan, A., Pasaribu, U.S.: Effective router assisted congestion control for SDN. Int. J. Electr. Comput. Eng. (IJECE) 8(6), 4467–4476 (2018)
Ali, T.E., Morad, A.H., Abdala, M.A.: Load balance in data center SDN networks. Int. J. Electr. Comput. Eng. (IJECE) 8(5), 3084–3091 (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Yuvaraju, B.N., Narender, M. (2020). To Defeat DDoS Attacks in Cloud Computing Environment Using Software Defined Networking (SDN). In: Silhavy, R. (eds) Intelligent Algorithms in Software Engineering. CSOC 2020. Advances in Intelligent Systems and Computing, vol 1224. Springer, Cham. https://doi.org/10.1007/978-3-030-51965-0_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-51965-0_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-51964-3
Online ISBN: 978-3-030-51965-0
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)