Abstract
Software Defined Networking (SDN) is an evolving network paradigm which promises greater interoperability, more innovation, flexible and effective solutions. Although SDN on the surface provides a simple framework for network programmability and monitoring, few has been said about security measures to make it resilient to hitherto security flaws in traditional network and the new threats the architecture is ushering in. One of the security weaknesses the architecture is ushering in due to separation of control and data plane is Denial of Service (DoS) attack. The main goal of this attack is to make network resources unavailable to legitimate users or introduce large delays. In this paper, the effect of DoS attack on SDN is presented using Mininet, OpenDaylight (ODL) controller and network performance testing tools such as iperf and ping. Internet Control Message Protocol (ICMP) flood attack is performed on a Transmission Control Protocol (TCP) server and a User Datagram Protocol (UDP) server which are both connected to OpenFlow switches. The simulation results reveal a drop in network throughput from 233 Mbps to 87.4 Mbps and the introduction of large jitter between 0.003 ms and 0.789 ms during DoS attack.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L.: OpenFlow: enabling innovation in campus networks. ACM SIGCOMM Comput. Commun. Rev. 38(2), 69–74 (2008)
Kreutz, D., Ramos, F., Verissimo, P.: Towards secure and dependable software-defined networks. In: Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in software Defined Networking, pp. 55–60. ACM (2013)
Das, S., Parulkar, G., McKeown, N.: Rethinking IP core networks. J. Opt. Commun. Netw. 5(12), 1431–1442 (2013)
Kreutz, D., Ramos, F.M., Verissimo, P.E., Rothenberg, C.E., Azodolmolky, S., Uhlig, S.: Software-defined networking: a comprehensive survey. Proc. IEEE 103(1), 14–76 (2015)
Akhunzada, A., Ahmed, E., Gani, A., Khan, M.K., Imran, M., Guizani, S.: Securing software defined networks: taxonomy, requirements, and open issues. IEEE Commun. Mag. 53(4), 36–44 (2015)
Casado, M., Freedman, M.J., Pettit, J., Luo, J., McKeown, N., Shenker, S.: Ethane: taking control of the enterprise. ACM SIGCOMM Comput. Commun. Rev. 37(4), 1–12 (2007)
Jain, S., Kumar, A., Mandal, S., Ong, J., et al.: B4: experience with a globally-deployed software defined WAN. ACM SIGCOMM Comput. Commun. Rev. 43(4), 3–14 (2013)
VMware: Software-Defined Data Center (SDDC) (2017). http://www.vmware.com/products/nsx/
Sezer, S., Scott-Hayward, S., Chouhan, P.K., Fraser, B., Lake, D., Finnegan, J.: Are we ready for SDN? implementation challenges for software-defined networks. IEEE Commun. Mag. 51(7), 36–43 (2013)
Goransson, P., Black, C., Culver, T.: Software Defined Networks: A Comprehensive Approach. Morgan Kaufmann, Burlington (2016)
Scott-Hayward, S., Natarajan, S., Sezer, S.: A survey of security in software defined networks. IEEE Commun. Surv. Tutor. 18(1), 623–654 (2016)
Alsmadi, I., Xu, D.: Security of software defined networks: a survey. Comput. Secur. 53, 79–108 (2015)
Ali, S.T., Sivaraman, V., Radford, A., Jha, S.: A survey of securing networks using software defined networking. IEEE Trans. Reliab. 64(3), 1086–1097 (2015)
Shin, S., Gu, G.: Attacking software-defined networks: a first feasibility study. In: Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, pp. 165–166. ACM (2013)
Li, D., Hong, X., Bowman, J.: Evaluation of security vulnerabilities by using ProtoGENI as a launchpad. In: Global Telecommunications Conference (GLOBECOM 2011), pp. 1–6. IEEE (2011)
Shin, S., Yegneswaran, V., Porras, P., Gu, G.: Avant-guard: scalable and vigilant switch flow management in software-defined networks. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, pp. 413–424. ACM (2013)
Fonseca, P., Bennesby, R., Mota, E., Passito, A.: A replication component for resilient openflow-based networking. In: Network Operations and Management Symposium (NOMS), pp. 933–939 (2013)
Braga, R., Mota, E., Passito, A.: Lightweight DDoS flooding attack detection using NOX/OpenFlow. In: IEEE 35th Conference on Local Computer Networks (LCN), pp. 408–415 (2010)
Gude, N., Koponen, T., Pettit, J., Pfaff, B., Casado, M., McKeown, N., Shenker, S.: NOX: towards an operating system for networks. ACM SIGCOMM Comput. Commun. Rev. 38(3), 105–110 (2008)
Benton, K., Camp, L.J., Small, C.: OpenFlow vulnerability assessment. In: Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, pp. 151–152. ACM (2012)
TeamMininet: Mininet (2017) http://www.mininet.org/download/
Linux-Foundation-Collaborative-Projects: ODL (2017) https://www.opendaylight.org
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Sangodoyin, A., Sigwele, T., Pillai, P., Hu, Y.F., Awan, I., Disso, J. (2018). DoS Attack Impact Assessment on Software Defined Networks. In: Pillai, P., Sithamparanathan, K., Giambene, G., Vázquez, M., Mitchell, P. (eds) Wireless and Satellite Systems. WiSATS 2017. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 231. Springer, Cham. https://doi.org/10.1007/978-3-319-76571-6_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-76571-6_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-76570-9
Online ISBN: 978-3-319-76571-6
eBook Packages: Computer ScienceComputer Science (R0)