PBUF: Sharing buffer to mitigate flooding attacks

Changting Lin, Chunming Wu, Yifei Tian, Zhenyu Wen, Shouling Ji

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract / Description of output

Software defined networking (SDN) is a promising network architecture, which decouples the control plane and data plane of a network. However, SDN opens some security challenges, such as man-in-the-middle attacks, spoofing attacks, flooding attacks and so on. In this paper, we focus on flooding attacks which consume the switch buffer and controller resource resulting in SDN framework resource overloaded. To prevent SDN framework from flooding attack, we present a defense approach called PBUF (Packet forwarding based on BUFfer sharing), which pools the idle switches to mitigate threat issues. This approach consists of buffer management and packet forwarding modules. The buffer management module gleans the statistics of incoming packets and then analyzes these statistics to estimate the buffer size by network calculus. Considering that a lot of table-miss packets will be generated and stored in buffer when the flooding attack is happening, the packet forwarding module is designed to forward these table-miss packets to idle switches to prevent the switch or controller to be overloaded. These table-miss packets will be buffered in idle switches and then sent to controller in a limited rate by generating packet-in messages. The simulation results show that PBUF is effective and only introduces a little overhead in SDN framework.

Indexing terms: Flooding Attack; Security; Performance; SDN

Original languageEnglish
Title of host publicationProceedings - 2017 IEEE 23rd International Conference on Parallel and Distributed Systems, ICPADS 2017
Place of PublicationShenzhen, China
PublisherInstitute of Electrical and Electronics Engineers
Pages392-399
Number of pages8
Volume2017-December
ISBN (Electronic)978-1-5386-2129-5
ISBN (Print)978-1-5386-3208-6
DOIs
Publication statusPublished - 31 May 2018
Event2017 IEEE 23rd International Conference on Parallel and Distributed Systems - Shenzhen, China
Duration: 15 Dec 201717 Dec 2017

Publication series

Name
PublisherIEEE
ISSN (Print)1521-9097

Conference

Conference2017 IEEE 23rd International Conference on Parallel and Distributed Systems
Abbreviated titleICPADS 2017
Country/TerritoryChina
CityShenzhen
Period15/12/1717/12/17

Keywords / Materials (for Non-textual outputs)

  • Flooding Attack
  • Performance
  • SDN
  • Security

Fingerprint

Dive into the research topics of 'PBUF: Sharing buffer to mitigate flooding attacks'. Together they form a unique fingerprint.

Cite this