An SDN-Assisted Defense Mechanism for the Shrew DDoS Attack in a Cloud Computing Environment

This article has been updated

Abstract

The integration of cloud computing with Software Defined Networking (SDN) addresses several challenges of a typical cloud infrastructure such as complex inter-networking, data collection, fast response, etc. Though SDN-based cloud opens new opportunities, the SDN controller may itself become vulnerable to several attacks. The unique features of SDN are used by the attackers to implement the severe Distributed Denial of Service (DDoS) attacks. Several approaches are available in literature to defend against the traditional DDoS flooding attacks in SDN-cloud. To elude the detection systems, attackers try to employ the cultivated attack strategies. Such sophisticated DDoS attack strategies are implemented by generating low-rate attack traffic. The most common type of Low-Rate DDoS (LR-DDoS) attack is the Shrew attack. The existing approaches are not capable to detect, mitigate, and traceback such attacks. Thus, this work discusses a new mechanism which not only detects and mitigates the shrew attack but traces back the location of the attack sources as well. The attack is detected using the information entropy variations, and the attack sources are traced-back using the deterministic packet marking scheme. The experiments are performed in a real SDN-cloud scenario, and the experimental results show that the approach requires 1 packet and 8.27 packets on an average to locate the bots and attackers respectively. The approach detects and traces back the attack sources in between 14.45 ms to 10.02 s and provides 97.6% accuracy.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15

Change history

  • 03 February 2021

    The term ‘Mechanism’ in the article title was erroneously published as ‘Mechduanism’. The error has been corrected.

References

  1. 1.

    Agrawal, N., Tapaswi, S.: A proactive defense method for the stealthy EDoS attacks in a cloud environment. Int. J. Netw. Manag. 30, e2094 (2020). https://doi.org/10.1002/nem.2094

    Article  Google Scholar 

  2. 2.

    Jabbarifar, M., Shameli-Sendi, A., Kemme, B.: A scalable network-aware framework for cloud monitoring orchestration. J. Netw. Comput. Appl. 133, 1–14 (2019). https://doi.org/10.1016/j.jnca.2019.02.006

    Article  Google Scholar 

  3. 3.

    Yan, Q., Yu, F.R., Gong, Q., Li, J.: Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: a survey, some research issues, and challenges. IEEE Commun. Surv. Tutor. 18(1), 602–622 (2016). https://doi.org/10.1109/COMST.2015.2487361

    Article  Google Scholar 

  4. 4.

    Mousavi, S.M., St-Hilaire, M.: Early detection of DDoS attacks against software defined network controllers. J. Netw. Syst. Manag. 26(3), 573–591 (2018). https://doi.org/10.1007/s10922-017-9432-1

    Article  Google Scholar 

  5. 5.

    Jarraya, Y., Madi, T., Debbabi, M.: A survey and a layered taxonomy of software-defined networking. IEEE Commun. Surv. Tutor. 16(4), 1955–1980 (2014). https://doi.org/10.1109/COMST.2014.2320094

    Article  Google Scholar 

  6. 6.

    Sahay, R., Meng, W., Jensen, C.D.: The application of software defined networking on securing computer networks: a survey. J. Netw. Comput. Appl. 131, 89–108 (2019). https://doi.org/10.1016/j.jnca.2019.01.019

    Article  Google Scholar 

  7. 7.

    Yeganeh, S.H., Tootoonchian, A., Ganjali, Y.: On scalability of software-defined networking. IEEE Commun. Mag. 51(2), 136–141 (2013). https://doi.org/10.1109/MCOM.2013.6461198

    Article  Google Scholar 

  8. 8.

    Banikazemi, M., Olshefski, D., Shaikh, A., Tracey, J., Wang, G.: Meridian: an SDN platform for cloud network services. IEEE Commun. Mag. 51(2), 120–127 (2013). https://doi.org/10.1109/MCOM.2013.6461196

    Article  Google Scholar 

  9. 9.

    Mayoral, A., Vilalta, R., Munoz, R., Casellas, R., Martínez, R.: SDN orchestration architectures and their integration with cloud computing applications. Opt. Switch. Netw. 26, 2–13 (2017). https://doi.org/10.1016/j.osn.2015.09.007

    Article  Google Scholar 

  10. 10.

    Conti, M., Lal, C., Mohammadi, R., Rawat, U.: Lightweight solutions to counter DDoS attacks in software defined networking. Wirel. Netw. 25(5), 2751–2768 (2019). https://doi.org/10.1007/s11276-019-01991-y

    Article  Google Scholar 

  11. 11.

    Agrawal, N., Tapaswi, S.: Detection of low-rate cloud DDoS attacks in frequency domain using fast hartley transform. Wirel. Pers. Commun. 112, 1762 (2010). https://doi.org/10.1007/s11277-020-07125-4

    Article  Google Scholar 

  12. 12.

    Agrawal, N., Tapaswi, S.: Defense mechanisms against DDoS attacks in a cloud computing environment: state-of-the-art and research challenges. IEEE Commun. Surv. Tutor. 21(4), 1–27 (2019). https://doi.org/10.1109/COMST.2019.2934468

    Article  Google Scholar 

  13. 13.

    Dong, S., Abbas, K., Jain, R.: A survey on distributed denial of service (DDoS) attacks in SDN and cloud computing environments. IEEE Access. 7, 80813–80828 (2019). https://doi.org/10.1109/ACCESS.2019.2922196

    Article  Google Scholar 

  14. 14.

    Cambiaso, E., Papaleo, G., Aiello, M.: Slowcomm: design, development and performance evaluation of a new slow DoS attack. J. Inf. Secur. Appl. 35, 23–31 (2017). https://doi.org/10.1016/j.jisa.2017.05.005

    Article  Google Scholar 

  15. 15.

    Agrawal, N., Tapaswi, S.: Low rate cloud ddos attack defense method based on power spectral density analysis. Inf. Process. Lett. 138, 44–50 (2018). https://doi.org/10.1016/j.ipl.2018.06.001

    MathSciNet  Article  MATH  Google Scholar 

  16. 16.

    Hong, K., Kim, Y., Choi, H., Park, J.: SDN-assisted slow HTTP DDoS attack defense method. IEEE Commun. Lett. 22(4), 688–691 (2017). https://doi.org/10.1109/LCOMM.2017.2766636

    Article  Google Scholar 

  17. 17.

    Perez-Diaz, J.A., Valdovinos, I.A., Choo, K.K.R., Zhu, D.: A flexible SDN-based architecture for identifying and mitigating low-rate DDoS attacks using machine learning. IEEE Access 8, 155859–155872 (2020). https://doi.org/10.1109/ACCESS.2020.3019330

    Article  Google Scholar 

  18. 18.

    Luo, J., Yang, X., Wang, J., Xu, J., Sun, J., Long, K.: On a mathematical model for Low-Rate Shrew DDoS. IEEE Trans. Inf. Forensics Secur. 9(7), 1069–1083 (2014). https://doi.org/10.1109/TIFS.2014.2321034

    Article  Google Scholar 

  19. 19.

    Xie, R., Xu, M., Cao, J., Li, Q.: SoftGuard: defend against the low-rate TCP attack in SDN. In: Proceedings of the IEEE International Conference on Communications (ICC), pp. 1–6, Shanghai, China, (2019). https://doi.org/10.1109/ICC.2019.8761806

  20. 20.

    Somani, G., Gaur, M.S., Sanghi, D., Conti, M., Rajarajan, M., Buyya, R.: Combating DDoS attacks in the cloud: requirements, trends, and future directions. IEEE Cloud Comput. 4(1), 22–32 (2017). https://doi.org/10.1109/MCC.2017.14

    Article  Google Scholar 

  21. 21.

    Agrawal, N., Tapaswi, S.: A lightweight approach to detect the low/high rate IP spoofed cloud DDoS attacks. In: Proceedings of the of IEEE \(7^{th}\) International Symposium on Cloud and Service Computing (SC2), pp. 118–123 (2017). https://doi.org/10.1109/SC2.2017.25

  22. 22.

    Dong, P., Du, X., Zhang, H., Xu, T.: A detection method for a novel DDoS attack against SDN controllers by vast new low-traffic flows. In: Proceedings of the IEEE International Conference on Communications (ICC), pp. 1-6, Kuala Lumpur, Malaysia (2016). https://doi.org/10.1109/ICC.2016.7510992

  23. 23.

    Agrawal, N., Tapaswi, S.: Defense schemes for variants of distributed-denial-of-service (DDoS) attacks in cloud computing: a survey. Inf. Secur. J. 26(2), 61–73 (2017). https://doi.org/10.1080/19393555.2017.1282995

    Article  Google Scholar 

  24. 24.

    Singh, M.P., Bhandari, A.: New-flow based DDoS attacks in SDN: taxonomy, rationales, and research challenges. Comput. Commun. 154, 509–527 (2020). https://doi.org/10.1016/j.comcom.2020.02.085

    Article  Google Scholar 

  25. 25.

    Yan, Q., Yu, F.R.: Distributed denial of service attacks in software-defined networking with cloud computing. IEEE Commun. Mag. 53(4), 52–59 (2015). https://doi.org/10.1109/MCOM.2015.7081075

    Article  Google Scholar 

  26. 26.

    Fouladi, R.F., Ermiş, O., Anarim, E.: A DDoS attack detection and defense scheme using time-series analysis for SDN. J. Inf. Secur. Appl. 54, 102587 (2020). https://doi.org/10.1016/j.jisa.2020.102587

    Article  Google Scholar 

  27. 27.

    Xing, T., Huang, D., Xu, L., Chung, C.J., Khatkar, P.: Snortflow: a openflow-based intrusion prevention system in cloud environment. In: Proceedings of the of IEEE \(2^{nd}\) GENI Research and Educational Experiment Workshop (GREE), pp. 89–92. (2013). https://doi.org/10.1109/GREE.2013.25

  28. 28.

    Chen, Z., Jiang, F., Cheng, Y., Gu, X., Liu, W., Peng, J.: XGBoost classifier for DDoS attack detection and analysis in SDN-based cloud. In: Proceedings of the IEEE International Conference on Big Data and Smart Computing (BigComp), pp. 251–256. (2018). https://doi.org/10.1109/BigComp.2018.00044

  29. 29.

    Zhu, L., Tang, X., Shen, M., Du, X., Guizani, M.: Privacy-preserving DDoS attack detection using cross-domain traffic in software defined networks. IEEE J. Sel. Areas Commun. 36(3), 628–643 (2018). https://doi.org/10.1109/JSAC.2018.2815442

    Article  Google Scholar 

  30. 30.

    Zheng, J., Li, Q., Gu, G., Cao, J., Yau, D.K., Wu, J.: Realtime DDoS defense using COTS SDN switches via adaptive correlation analysis. IEEE Trans. Inf. Forensics Secur. 13(7), 1838–1853 (2018). https://doi.org/10.1109/TIFS.2018.2805600

    Article  Google Scholar 

  31. 31.

    Wang, R., Jia, Z., Ju, L.: An entropy-based distributed DDoS detection mechanism in software-defined networking. In: Proceedings of the IEEE Trustcom/BigDataSE/ISPA, pp. 310–317. (2015). https://doi.org/10.1109/Trustcom.2015.389

  32. 32.

    Sahay, R., Blanc, G., Zhang, Z., Debar, H.: ArOMA: an SDN based autonomic DDoS mitigation framework. Comput. Secur. 70, 482–499 (2017). https://doi.org/10.1016/j.cose.2017.07.008

    Article  Google Scholar 

  33. 33.

    Chesla, A., Doron, E.: Techniques for traffic diversion in software defined networks for mitigating denial of service attacks. United States patent application US 14/728,405 (2016)

  34. 34.

    Wang, B., Zheng, Y., Lou, W., Hou, Y.T.: DDoS attack protection in the era of cloud computing and software-defined networking. Comput. Netw. 81, 308–319 (2015). https://doi.org/10.1016/j.comnet.2015.02.026

    Article  Google Scholar 

  35. 35.

    Buragohain, C., Medhi, N.: FlowTrApp: an SDN based architecture for DDoS attack detection and mitigation in data centers. In: Proceedings of the IEEE \(3^{rd}\) International Conference on Signal Processing and Integrated Networks (SPIN), pp. 519–524. (2016). https://doi.org/10.1109/SPIN.2016.7566750

  36. 36.

    Singh, K., Singh, P., Kumar, K.: A systematic review of IP traceback schemes for denial of service attacks. Comput. Secur. 56, 111–139 (2016). https://doi.org/10.1016/j.cose.2015.06.007

    Article  Google Scholar 

  37. 37.

    Zhang, H., Reich, J., Rexford, J.: Packet Traceback for Software-Defined Networks, pp. 1–7. Princeton University Press, Princeton (2015)

    Google Scholar 

  38. 38.

    Belenky, A., Ansari, N.: IP traceback with deterministic packet marking. IEEE Commun. Lett. 7(4), 162–164 (2003). https://doi.org/10.1109/LCOMM.2003.811200

    Article  Google Scholar 

  39. 39.

    Francois, J., Festor, O.: Anomaly traceback using software defined networking. In: Proceedings of the IEEE International Workshop on Information Forensics and Security (WIFS), pp. 203–208. (2014). https://doi.org/10.1109/WIFS.2014.7084328

  40. 40.

    Savage, S., Wetherall, D., Karlin, A., Anderson, T.: Network support for IP traceback. IEEE/ACM Trans. Netw. 9(3), 226–237 (2001). https://doi.org/10.1109/90.929847

    Article  Google Scholar 

  41. 41.

    Belenky, A., Ansari, N.: On deterministic packet marking. Comput. Netw. 51(10), 2677–2700 (2007). https://doi.org/10.1016/j.comnet.2006.11.020

    Article  MATH  Google Scholar 

  42. 42.

    Rajam, V.S., Shalinie, S.M.: A novel traceback algorithm for DDoS attack with marking scheme for online system. In: Proceedings of the IEEE International Conference on Recent Trends In Information Technology (ICRTIT), pp. 407–412. (2012). https://doi.org/10.1109/ICRTIT.2012.6206751

  43. 43.

    Jin, G., Yang, J.: Deterministic packet marking based on redundant decomposition for IP traceback. IEEE Commun. Lett. 10(3), 204–206 (2006). https://doi.org/10.1109/LCOMM.2006.1603385

    Article  Google Scholar 

  44. 44.

    Yu, S., Zhou, W., Guo, S., Guo, M.: A feasible IP traceback framework through dynamic deterministic packet marking. IEEE Trans. Comput. 65(5), 1418–1427 (2016). https://doi.org/10.1109/TC.2015.2439287

    MathSciNet  Article  MATH  Google Scholar 

  45. 45.

    Xiang, Y., Zhou, W., Guo, M.: Flexible deterministic packet marking: an IP traceback system to find the real source of attacks. IEEE Trans. Parallel Distrib. Syst. 20(4), 567–580 (2009). https://doi.org/10.1109/TPDS.2008.132

    Article  Google Scholar 

  46. 46.

    Patel, H., Jinwala, D.C.: LPM: a lightweight authenticated packet marking approach for IP traceback. Comput. Netw. 140, 41–50 (2018). https://doi.org/10.1016/j.comnet.2018.04.014

    Article  Google Scholar 

  47. 47.

    Goodrich, M.T.: Probabilistic packet marking for large-scale IP traceback. IEEE/ACM Trans. Netw. 16(1), 15–24 (2008). https://doi.org/10.1109/TNET.2007.910594

    Article  Google Scholar 

  48. 48.

    Nur, A.Y., Tozal, M.E.: Record route IP traceback: combating DoS attacks and the variants. Comput. Secur. 72, 13–25 (2018). https://doi.org/10.1016/j.cose.2017.08.012

    Article  Google Scholar 

  49. 49.

    Hoque, N., Bhattacharyya, D.K., Kalita, J.K.: Botnet in DDoS attacks: trends and challenges. IEEE Commun. Surv. Tutor. 17(4), 2242–2270 (2015). https://doi.org/10.1109/COMST.2015.2457491

    Article  Google Scholar 

  50. 50.

    Xiang, Y., Li, K., Zhou, W.: Low-rate DDoS attacks detection and traceback by using new information metrics. IEEE Trans. Inf. Forensics Secur. 6(2), 426–437 (2011). https://doi.org/10.1109/TIFS.2011.2107320

    Article  Google Scholar 

  51. 51.

    Sahoo, K.S., Puthal, D., Tiwary, M., Rodrigues, J.J., Sahoo, B., Dash, R.: An early detection of low rate DDoS attack to SDN based data center networks using information distance metrics. Future Gener. Comput. Syst. 89, 685–697 (2018)

    Article  Google Scholar 

  52. 52.

    Chen, Y., Hwang, K., Kwok, Y.K.: Collaborative defense against periodic shrew DDoS attacks in frequency domain. ACM Trans Inf. Syst. Secur. (TISSEC) 66(9), 1–30 (2005). https://doi.org/10.1016/j.jpdc.2006.04.007

    Article  Google Scholar 

  53. 53.

    Amazon Web Services. https://aws.amazon.com/documentation/

  54. 54.

    Mininet. http://mininet.org/

  55. 55.

    FlowVisor OpenFlow Controller. https://github.com/OPENNETWORKINGLAB/flowvisor/wiki

  56. 56.

    OpenDayLight SDN Controller. https://docs.opendaylight.org/en/stable-oxygen/getting-started-guide/introduction.html

  57. 57.

    Low Orbit Ion Canon. https://github.com/NewEraCracker/LOIC

Download references

Author information

Affiliations

Authors

Corresponding author

Correspondence to Neha Agrawal.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Agrawal, N., Tapaswi, S. An SDN-Assisted Defense Mechanism for the Shrew DDoS Attack in a Cloud Computing Environment. J Netw Syst Manage 29, 12 (2021). https://doi.org/10.1007/s10922-020-09580-7

Download citation

Keywords

  • Cloud computing security
  • Software defined networking (SDN)
  • SDN-Cloud (SDN-C)
  • Low-rate DDoS (LR-DDoS) attack
  • Shrew attack
  • Performance analysis