Abstract / Description of output
Software defined networking (SDN) is a promising network architecture, which decouples the control plane and data plane of a network. However, SDN opens some security challenges, such as man-in-the-middle attacks, spoofing attacks, flooding attacks and so on. In this paper, we focus on flooding attacks which consume the switch buffer and controller resource resulting in SDN framework resource overloaded. To prevent SDN framework from flooding attack, we present a defense approach called PBUF (Packet forwarding based on BUFfer sharing), which pools the idle switches to mitigate threat issues. This approach consists of buffer management and packet forwarding modules. The buffer management module gleans the statistics of incoming packets and then analyzes these statistics to estimate the buffer size by network calculus. Considering that a lot of table-miss packets will be generated and stored in buffer when the flooding attack is happening, the packet forwarding module is designed to forward these table-miss packets to idle switches to prevent the switch or controller to be overloaded. These table-miss packets will be buffered in idle switches and then sent to controller in a limited rate by generating packet-in messages. The simulation results show that PBUF is effective and only introduces a little overhead in SDN framework.
Indexing terms: Flooding Attack; Security; Performance; SDN
Original language | English |
---|---|
Title of host publication | Proceedings - 2017 IEEE 23rd International Conference on Parallel and Distributed Systems, ICPADS 2017 |
Place of Publication | Shenzhen, China |
Publisher | Institute of Electrical and Electronics Engineers |
Pages | 392-399 |
Number of pages | 8 |
Volume | 2017-December |
ISBN (Electronic) | 978-1-5386-2129-5 |
ISBN (Print) | 978-1-5386-3208-6 |
DOIs | |
Publication status | Published - 31 May 2018 |
Event | 2017 IEEE 23rd International Conference on Parallel and Distributed Systems - Shenzhen, China Duration: 15 Dec 2017 → 17 Dec 2017 |
Publication series
Name | |
---|---|
Publisher | IEEE |
ISSN (Print) | 1521-9097 |
Conference
Conference | 2017 IEEE 23rd International Conference on Parallel and Distributed Systems |
---|---|
Abbreviated title | ICPADS 2017 |
Country/Territory | China |
City | Shenzhen |
Period | 15/12/17 → 17/12/17 |
Keywords / Materials (for Non-textual outputs)
- Flooding Attack
- Performance
- SDN
- Security