A Cost-effective Shuffling Method against DDoS Attacks using Moving Target Defense

Moving Target Defense (MTD) has emerged as a newcomer into the asymmetric field of attack and defense, and shuffling-based MTD has been regarded as one of the most effective ways to mitigate DDoS attacks. However, previous work does not acknowledge that frequent shuffles would significantly intensify the overhead. MTD requires a quantitative measure to compare the cost and effectiveness of available adaptations and explore the best trade-off between them. In this paper, therefore, we propose a new cost-effective shuffling method against DDoS attacks using MTD. By exploiting Multi-Objective Markov Decision Processes to model the interaction between the attacker and the defender, and designing a cost-effective shuffling algorithm, we study the best trade-off between the effectiveness and cost of shuffling in a given shuffling scenario. Finally, simulation and experimentation on an experimental software defined network (SDN) indicate that our approach imposes an acceptable shuffling overload and is effective in mitigating DDoS attacks

GR-342 Integration of Blockchain in Computer Networking: Overview, Applications, and Future Perspectives for Software-defined Networking (SDN), Network Security and Protocols

The rapid advancement and increasing complexity of computer networks have created a need for robust, secure, and scalable solutions to manage and protect network resources. Blockchain, an emerging distributed ledger technology, offers enhanced security, transparency, and privacy preservation, making it a promising solution for addressing networking challenges. This paper presents a comprehensive survey of blockchain integration in computer networking, focusing on its potential applications, benefits, and future perspectives in Software-defined Networking (SDN), network security, and networking protocols. We identify that blockchain\u27s tamper-proof nature could significantly improve network security by mitigating risks associated with centralized control and single points of failure. The integration of blockchain in computer networking has the potential to increase trust and transparency among network participants, as it allows for secure, verifiable, and auditable transactions and communication. Blockchain also can streamline the management of Software-defined Networking (SDN) by enabling decentralized and automated network control, resource allocation, and orchestration. We also find that utilizing blockchain can address network challenges, such as mitigating DDoS attacks, enhancing intrusion detection and prevention, and securing routing protocols. However, we identify potential limitations of blockchain integration in computer networking, such as scalability challenges arising from the growing size of the distributed ledger and increasing network traffic. We emphasize the need for further research in optimizing consensus mechanisms, enhancing scalability and privacy preservation techniques interoperability, and facilitating standardization of networking protocols and practices

Toward Network-based DDoS Detection in Software-defined Networks

To combat susceptibility of modern computing systems to cyberattack, identifying and disrupting malicious traffic without human intervention is essential. To accomplish this, three main tasks for an effective intrusion detection system have been identified: monitor network traffic, categorize and identify anomalous behavior in near real time, and take appropriate action against the identified threat. This system leverages distributed SDN architecture and the principles of Artificial Immune Systems and Self-Organizing Maps to build a network-based intrusion detection system capable of detecting and terminating DDoS attacks in progress

LineSwitch: Efficiently Managing Switch Flow in Software-Defined Networking while Effectively Tackling DoS Attacks

Software Defined Networking (SDN) is a new networking architecture which aims to provide better decoupling between network control (control plane) and data forwarding functionalities (data plane). This separation introduces several benefits, such as a directly programmable and (virtually) centralized network control. However, researchers showed that the required communication channel between the control and data plane of SDN creates a potential bottleneck in the system, introducing new vulnerabilities. Indeed, this behavior could be exploited to mount powerful attacks, such as the control plane saturation attack, that can severely hinder the performance of the whole network. In this paper we present LineSwitch, an efficient and effective solution against control plane saturation attack. LineSwitch combines SYN proxy techniques and probabilistic blacklisting of network traffic. We implemented LineSwitch as an extension of OpenFlow, the current reference implementation of SDN, and evaluate our solution considering different traffic scenarios (with and without attack). The results of our preliminary experiments confirm that, compared to the state-of-the-art, LineSwitch reduces the time overhead up to 30%, while ensuring the same level of protection.Comment: In Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2015). To appea