Abstract
Distributed Denial of Service (DDoS) attacks are a common threat to network security. Traditional mitigation approaches have significant limitations in addressing DDoS attacks. This paper reviews major traditional approaches to DDoS, identifies and discusses their limitations, and proposes a Software-Defined Networking (SDN) model as a more flexible, efficient, effective, and automated mitigation solution. This study focuses on Internet Service Provider (ISP) networks and uses the SDN security implementation at Verizon networks as a case study.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Akamai. (2016). State of the Internet combined executive review. Retrieved from: https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/state-of-the-internet-report-connectivity-executive-review-q1-2016-akamai.pdf
Al-Ali, Z., Al-Duwairi, B., & Al-Hammouri, A.T. (2015). c DDoS attacks and flash crowd events. 2015 I.E. 2nd International Conference on Cyber Security and Cloud Computing.
Alqahtani, S., & Gamble, R. F. (2015). DDoS attacks in service clouds. 2015 48th Hawaii International Conference on System Sciences, 5331–5340.
Behal, S., & Kumar, K. (2016). Trends in validation of DDoS research. Procedia Computer Science, 85, 7–15.
Benton, K., Camp, L. J., & Small, C. (2013). OpenFlow vulnerability assessment. Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking – HotSDN ’13, pp. 151–152.
Bhuyan, M. H., Bhattacharyya, D., & Kalita, J. (2015). An empirical evaluation of information metrics for low-rate and high-rate DDoS attack detection. Pattern Recognition Letters, 51, 1–7.
Braga, R., Mota, E., & Passito, A. (2010). Lightweight DDoS flooding attack detection using NOX/OpenFlow. IEEE Local Computer Network Conference, 408–415.
Chen, C., & Chang, C. (2013). A two-tier coordination system against DDoS attacks. International Journal of Online Engineering (iJOE), 9(4), 15–21.
David, J., & Thomas, C. (2015). DDoS attack detection using fast entropy approach on flow-based network traffic. Procedia Computer Science, 50, 30–36.
Deshpande, H. A. (2015). Honey Mesh: Preventing distributed denial of service attacks using virtualized honeypots. International Journal of Engineering Research & Technology, 4(8), 263–267.
Fichera, S., Galluccio, L., Grancagnolo, S. C., Morabito, G., & Palazzo, S. (2015). OPERETTA: An OPEnflow-based REmedy to mitigate TCP SYNFLOOD attacks against web servers. Computer Networks, 92, 89–100.
Giotis, K., Argyropoulos, C., Androulidakis, G., Kalogeras, D., & Maglaris, V. (2014). Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments. Computer Networks, 62, 122–136.
Jantila, S., & Chaipah, K. (2016). A security analysis of a hybrid mechanism to defend DDoS attacks in SDN. Procedia Computer Science, 86, 437–440.
Jun, J., Ahn, C., & Kim, S. (2014). DDoS attack detection by using packet sampling and flow features. Proceedings of the 29th Annual ACM Symposium on Applied Computing - SAC ’14, pp. 185–190.
Jyothi, V., Wang, X., Addepalli, S. K., & Karri, R. (2016). BRAIN: Behavior based adaptive intrusion detection in networks: Using hardware performance counters to detect DDoS attacks. 2016 29th International Conference on VLSI Design and 2016 15th International Conference on Embedded Systems (VLSID), 587–588.
Krylov, V., Kravtsov, K., & Sokolova, E. (2016). Fast IP hopping protocol SDI implementation. Indian Journal of Science and Technology, 8(36), 1–7.
Li, J., Berg, S., Zhang, M., Reiher, P., & Wei, T. (2014). DrawBridge – Software-defined DDoS resistant traffic engineering. Proceedings of the 2014 ACM conference on SIGCOMM – SIGCOMM ’14, pp. 691–592.
Lim, S., Yang, S., Kim, Y., Kim, H., & Yang, S. (2015). Controller scheduling for continued SDN operation under DDoS attacks. Electronics Letters, 51(16), 1259–1261.
Luo, S., Wu, J., Li, J., & Pei, B. (2015). A defense mechanism for distributed denial of service attack in software-defined networks. 2015 Ninth International Conference on Frontier of Computer Science and Technology, 325–329.
Lu, Y., & Wang, M. (2016). An easy defense mechanism against botnet-based DDoS flooding attack originated in SDN environment using sFlow. Proceedings of the 11th International Conference on Future Internet Technologies – CFI ’16.
Mowla, N. I., Doh, I., & Chae, K. (2014). Multi-defense mechanism against DDoS in SDN based CDNi. 2014 Eighth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, pp. 447–451.
Nayana, Y., Gopinath, J., & Girish, L. (2015). DDoS mitigation using Software Defined Network. International Journal of Engineering Trends and Technology (IJETT), 24(5), 258–264.
Qin, X., Xu, T., & Wang, C. (2015). DDoS attack detection using flow entropy and clustering technique. 2015 11th International Conference on Computational Intelligence and Security, pp. 412–415.
Rodriguez, C. (2015). The expanding role of service providers in DDoS mitigation. Stratecast Perspectives and Insight for Executives (SPIE), 15(10), 1–10.
Sahay, R., Blanc, G., Zhang, Z., & Debar, H. (2015). Towards autonomic DDoS mitigation using software defined networking. Proceedings 2015 Workshop on Security of Emerging Networking Technologies.
Schneider, J., & Koch, S. (2010). HTTPreject: Handling overload situations without losing the contact to the user. European Conference on Computer Network Defense, 2010, 29–34.
Selvaraj, R., Marwala, T., & Madhav Kuthadi, V. (2016). Ant-based distributed denial of service detection technique using roaming virtual honeypots. IET Communications, 10(8), 929–935.
Singh, K. J., & De, T. (2015). DDOS attack detection and mitigation technique based on Http count and verification using CAPTCHA. 2015 International Conference on Computational Intelligence and Networks, pp. 196–197.
Verizon. (2016). Verizon network infrastructure planning: SDN-NFV reference architecture. Retrieved from: http://innovation.verizon.com/
Wang, H., Xu, L., & Gu, G. (2015). FloodGuard: A DoS attack prevention extension in software-defined networks. 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.
Wang, X., Chen, M., & Xing, C. (2015). SDSNM: A software-defined security networking mechanism to defend against DDoS attacks. 2015 Ninth International Conference on Frontier of Computer Science and Technology, pp. 115–121.
Xiulei, W., Ming, C., Xianglin, W., & Guomin, Z. (2015). Defending DDoS attacks in software defined networking based on improved Shiryaev–Roberts detection algorithm. Journal of High Speed Networks, 21(4), 285–298.
Yu, J., Fang, C., Lu, L., & Li, Z. (2010). Mitigating application layer distributed denial of service attacks via effective trust management. IET Communications, 4(16), 1952–1962.
Yu, S., Tian, Y., Guo, S., & Wu, D. O. (2014). Can we beat DDoS attacks in clouds? IEEE Transactions on Parallel and Distributed Systems, 25(9), 2245–2254.
Zargar, S. T., Joshi, J., & Tipper, D. (2013). A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Communications Surveys & Tutorials, 15(4), 2046–2069.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
D’Cruze, H., Wang, P., Sbeit, R.O., Ray, A. (2018). A Software-Defined Networking (SDN) Approach to Mitigating DDoS Attacks. In: Latifi, S. (eds) Information Technology - New Generations. Advances in Intelligent Systems and Computing, vol 558. Springer, Cham. https://doi.org/10.1007/978-3-319-54978-1_19
Download citation
DOI: https://doi.org/10.1007/978-3-319-54978-1_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-54977-4
Online ISBN: 978-3-319-54978-1
eBook Packages: EngineeringEngineering (R0)