Abstract
Software-defined networking (SDN) introduces an innovative idea of “programmable network”, which in turn provides flexibility and simplicity and speeds up the implementation. The core idea behind the SDN architecture is the separation of the control plane from the data plane. The data plane devices, such as switches, become simple packet forwarding devices, and the entire logic for handling the network traffic is moved into the controller which sits in the control plane. SDN adds flexibility, speeds the implementation, and simplifies management. However, this functionality of SDN also makes it as a target of one of the most popular type of attack known as distributed denial of service (DDoS) attack.
This chapter presents a concise survey of DDoS attacking techniques and solutions in SDN environment. Firstly, we present an overview of SDN and its advantages over traditional networks. Further, different vulnerabilities in SDN are being discussed along with DDoS attack. Then we present some characteristics that SDN poses to defeat this massive DDoS attack. Several taxonomies of DDoS attacks which affect the SDN environment are also discussed. Finally, we present future research directions that will be a crucial idea to defend such attacks in the near future.
The motivation behind this survey was to identify and examine various security drawbacks in the SDN architecture. We primarily focused on DDoS attack based on the recent statistics and increase of occurrence of DDoS attacks. Presenting the research challenges of this work gives us the direction to overcome the weakness that still needs to be addressed for the advancement of SDN.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Tewari, A., & Gupta, B. B. (2018). Security, privacy and trust of different layers in Internet-of-Things (IoTs) framework. Future Generation Computer Systems. https://doi.org/10.1016/j.future.2018.04.027.
Stergiou, C., Psannis, K. E., Kim, B. G., & Gupta, B. B. (2018). Secure integration of IoT and cloud computing. Future Generation Computer Systems, 78, 964–975.
Gupta, B., & Agrawal, D. P. (2016). In S. Yamaguchi (Ed.), Handbook of research on modern cryptographic solutions for computer and cyber security. Hershey, PA: IGI Global.
Wang, L., Li, L., Li, J., Li, J., Gupta, B. B., & Liu, X. (2018). Compressive sensing of medical images with confidentially homomorphic aggregations. IEEE Internet of Things Journal, 6(2), 1402–1409.
Gupta, B. B. (Ed.). (2018). Computer and cyber security: Principles, algorithm, applications, and perspectives. Boca Raton, FL: CRC Press.
Mousavi, S. M., & St-Hilaire, M. (2018). Early detection of DDoS attacks against software defined network controllers. Journal of Network and Systems Management, 26(3), 573–591.
Kim, H., & Feamster, N. (2013). Improving network management with software defined networking. IEEE Communications Magazine, 51(2), 114–119.
Zhu, L., Tang, X., Shen, M., Du, X., & Guizani, M. (2018). Privacy-preserving DDoS attack detection using cross-domain traffic in software defined networks. IEEE Journal on Selected Areas in Communications, 36(3), 628–643.
Bhushan, K., & Gupta, B. (2018). Distributed denial of service (DDoS) attack mitigation in software defined network (SDN)-based cloud computing environment. Journal of Ambient Intelligence and Humanized Computing, 10(5), 1–13.
Hausheer, D., Hohlfeld, O., Schmid, S., & Gu, G. (2018). Security and performance of software-defined networks and functions virtualization. Computer Networks, 138, 15–17.
Open Networking Foundation [Online]. Retrieved January, 2018, from https://www.opennetworking.org
Doria, A., Salim, J. H., Haas, R., Khosravi, H., Wang, W., Dong, L., et al. (2010, March). Forwarding and control element separation (ForCES) protocol specification. Internet Engineering Task Force [Online]. Retrieved from http://www.ietf.org/rfc/rfc5810.txt
ITU Telecommunication Standardization Sector’s SDN Portal [Online]. Retrieved January, 2018, from www.itu.int/en/ITU-T/about/Pages/default.aspx
Koponen, T., Casado, M., Gude, N., Stribling, J., Poutievski, L., Zhu, M., et al. (2010). Onix: A distributed control platform for large-scale production networks. In OSDI (Vol. 10, pp. 1–6). Berkeley, CA: International Computer Science Institute.
Tootoonchian, A., & Ganjali, Y. (2010). HyperFlow: A distributed control plane for OpenFlow. In Proceedings of the 2010 Internet Network Management Conference on Research on Enterprise Networking (pp. 3–3). Berkeley, CA: USENIX Association.
OpenFlow Switch Specification [Online]. Retrieved February, 2018, from https://www.opennetworking.org/software-defined-standards/specifications/
Yan, Q., Yu, F. R., Gong, Q., & Li, J. (2016). Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: A survey, some research issues, and challenges. IEEE Communications Surveys & Tutorials, 18(1), 602–622.
Shin, S., & Gu, G. (2013). Attacking software-defined networks: A first feasibility study. In Proceedings of the second ACM SIGCOMM workshop on hot topics in software defined networking (pp. 165–166). New York: ACM.
Gupta, S., & Gupta, B. B. (2017). Detection, avoidance, and attack pattern mechanisms in modern web application vulnerabilities: Present and future challenges. International Journal of Cloud Applications and Computing (IJCAC), 7(3), 1–43.
Zargar, S. T., Joshi, J., & Tipper, D. (2013). A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Communications Surveys & Tutorials, 15(4), 2046–2069.
Brooks, M., & Yang, B. (2015). A Man-in-the-Middle attack against OpenDayLight SDN controller. In Proceedings of the 4th Annual ACM Conference on Research in Information Technology (pp. 45–49). New York: ACM.
Akhunzada, A., Ahmed, E., Gani, A., Khan, M. K., Imran, M., & Guizani, S. (2015). Securing software defined networks: Taxonomy, requirements, and open issues. IEEE Communications Magazine, 53(4), 36–44.
Wen, X. (2013). Towards a secure controller platform for open flow applications. In Proceedings of the ACM second ACM SIGCOMM workshop on Hottopicsin software defined networking. New York: ACM.
Jain, A. K., & Gupta, B. B. (2018). A machine learning based approach for phishing detection using hyperlinks information. Journal of Ambient Intelligence and Humanized Computing, 10, 1–14.
Ubale, T., & Jain, A. K. (2018). SRL: An TCP SYNFLOOD DDoS mitigation approach in software-defined networks. In 2018 Second International Conference on Electronics, Communication and Aerospace Technology (ICECA) (pp. 956–962). Piscataway, NJ: IEEE.
Nadeau, T. (2011, September 31). Software driven networks problem statement. Network Working Group Internet-Draft [Online]. Retrieved from https://tools.ietf.org/html/draft-nadeau-sdn-problem-statement-00
Hong, S., Xu, L., Wang, H., & Gu, G. (2015). Poisoning network visibility in software-defined networks: New attacks and countermeasures. In NDSS (Vol. 15, pp. 8–11). Ottawa: Health Canada.
Dhawan, M., Poddar, R., Mahajan, K., & Mann, V. (2015). SPHINX: Detecting security attacks in software-defined networks. In NDSS. Ottawa: Health Canada.
Hartman, S., Wasserman, M., & Zhang, D. (2013). Security requirements in the software defined networking model. In IETF draft (draft-Hartman-sdnsec-requirements). Shenzhen: Huawei Technologies Ltd.
Sezer, S., Scott-Hayward, S., Chouhan, P. K., Fraser, B., Lake, D., Finnegan, J., et al. (2013). Are we ready for SDN? Implementation challenges for software-defined networks. IEEE Communications Magazine, 51(7), 36–43.
Liyanage, M., & Gurtov, A. (2012). Secured VPN models for LTE backhaul networks. In Vehicular Technology Conference (VTC fall) (pp. 1–5). Piscataway, NJ: IEEE.
Farhady, H., Lee, H., & Nakao, A. (2015). Software-defined networking: A survey. Computer Networks, 81, 79–95.
Specht, S. M., & Lee, R. B. (2004). Distributed denial of service: Taxonomies of attacks, tools, and countermeasures. In ISCA PDCS (pp. 543–550). Raleigh, NC: ISCA.
Akamai Solutions [Online] Retrieved January, 2018, from https://www.akamai.com
Wang, A., Guo, Y., Hao, F., Lakshman, T. V., & Chen, S. (2014). Scotch: Elastically scaling up sdn control-plane using vswitch based overlay. In Proceedings of the 10th ACM International on Conference on emerging Networking Experiments and Technologies (pp. 403–414). New York: ACM.
Ubale, T., & Jain, A. K. (2018). Taxonomy of DDoS attacks in software-defined networking environment. In International Conference on Futuristic Trends in Network and Communication Technologies (pp. 278–291). Singapore: Springer.
Wang, R., Jia, Z., & Ju, L. (2015). An entropy-based distributed DDoS detection mechanism in software-defined networking. In Trustcom/BigDataSE/ISPA, 2015 IEEE (Vol. 1, pp. 310–317). Los Alamitos, CA: Conference Publishing Services, IEEE Computer Society.
Mousavi, S. M., & St-Hilaire, M. (2015). Early detection of DDoS attacks against SDN controllers. In Computing, Networking and Communications (ICNC), 2015 ∗International Conference on IEEE (pp. 77–81). Piscataway, NJ: IEEE.
Kandoi, R., & Antikainen, M. (2015). Denial-of-service attacks in OpenFlow SDN networks. In Integrated Network Management (IM), 2015 IFIP/IEEE International Symposium on IEEE (pp. 1322–1326). Piscataway, NJ: IEEE.
Dao, N. N., Park, J., Park, M., & Cho, S. (2015). A feasible method to combat against DDoS attack in SDN network. In Information Networking (ICOIN), 2015 International Conference on IEEE (pp. 309–311). Piscataway, NJ: IEEE.
You, W., Qian, K., & Qian, Y. (2016). Software-defined network flow table overflow attacks and countermeasures. International Journal of Soft Computing and Networking, 1(1), 70–81.
Yuan, B., Zou, D., Yu, S., Jin, H., Qiang, W., & Shen, J. (2016). Defending against flow table overloading attack in software-defined networks. IEEE Transactions on Services Computing, 12(2), 231–246.
Shin, S., Yegneswaran, V., Porras, P., & Gu, G. (2013). Avant-guard: Scalable and vigilant switch flow management in software-defined networks. In Proceedings of the 2013 ACM SIGSAC conference on Computer & Communications Security (pp. 413–424). New York: ACM.
Piedrahita, A. F. M., Rueda, S., Mattos, D. M., & Duarte, O. C. M. (2015). FlowFence: A denial of service defense system for software defined networking. In Global Information Infrastructure and Networking Symposium (GIIS), IEEE (pp. 1–6). Piscataway, NJ: IEEE.
Shang, G., Zhe, P., Bin, X., Aiqun, H., & Kui, R. (2017). FloodDefender: Protecting data and control plane resources under SDN-aimed DoS attacks. In INFOCOM 2017-IEEE Conference on Computer Communications (pp. 1–9). Piscataway, NJ: IEEE.
Wang, H., Xu, L., & Gu, G. (2015). Floodguard: A dos attack prevention extension in software-defined networks. In Dependable Systems and Networks (DSN), 2015 45th Annual IEEE/IFIP International Conference on IEEE (pp. 239–250). Piscataway, NJ: IEEE.
Kuerban, M., Tian, Y., Yang, Q., Jia, Y., Huebert, B., & Poss, D. (2016). FlowSec: DOS attack mitigation strategy on SDN controller. In Networking, Architecture and Storage (NAS), 2016 IEEE International Conference on IEEE (pp. 1–2).
Zhang, P., Wang, H., Hu, C., & Lin, C. (2016). On denial of service attacks in software defined networks. IEEE Network, 30(6), 28–33.
Hsu, S. W., Chen, T. Y., Chang, Y. C., Chen, S. H., Chao, H. C., Lin, T. Y., & Shih, W. K. (2015). Design a hash-based control mechanism in vswitch for software-defined networking environment. In Cluster Computing (CLUSTER), 2015 IEEE International Conference on IEEE (pp. 498–499). Piscataway, NJ: IEEE.
Wei, L., & Fung, C. (2015). FlowRanger: A request prioritizing algorithm for controller DoS attacks in software defined networks. In Communications (ICC), 2015 IEEE International Conference on IEEE (pp. 5254–5259). Piscataway, NJ: IEEE.
Braga, R., Mota, E., & Passito, A. (2010). Lightweight DDoS flooding attack detection using NOX/OpenFlow. In Local Computer Networks (LCN), 2010 IEEE 35th Conference on IEEE (pp. 408–415). Piscataway, NJ: IEEE.
Jain, A. K., & Gupta, B. B. (2017). Two-level authentication approach to protect from phishing attacks in real time. Journal of Ambient Intelligence and Humanized Computing, 9(6), 1–14.
He, B., Dong, L., Xu, T., Fei, S., Zhang, H., & Wang, W. (2017). Research on network programming language and policy conflicts for SDN. Concurrency and Computation: Practice and Experience, 29(19), e4218.
Shin, S., Song, Y., Lee, T., Lee, S., Chung, J., Porras, P., et al. (2014). Rosemary: A robust, secure, and high-performance network operating system. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (pp. 78–89). New York: ACM.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Ubale, T., Jain, A.K. (2020). Survey on DDoS Attack Techniques and Solutions in Software-Defined Network. In: Gupta, B., Perez, G., Agrawal, D., Gupta, D. (eds) Handbook of Computer Networks and Cyber Security. Springer, Cham. https://doi.org/10.1007/978-3-030-22277-2_15
Download citation
DOI: https://doi.org/10.1007/978-3-030-22277-2_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-22276-5
Online ISBN: 978-3-030-22277-2
eBook Packages: Computer ScienceComputer Science (R0)