Detailed Review on The Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks in Software Defined Networks (SDNs) and Defense Strategies

The development of Software Defined Networking (SDN) has altered the landscape of computer networking in recent years. Its scalable architecture has become a blueprint for the design of several advanced future networks. To achieve improve and efficient monitoring, control and management capabilities of the network, software defined networks differentiate or decouple the control logic from the data forwarding plane. As a result, logical control is centralized solely in the controller. Due to the centralized nature, SDNs are exposed to several vulnerabilities such as Spoofing, Flooding, and primarily Denial of Service (DoS) and Distributed Denial of Service (DDoS) among other attacks. In effect, the performance of SDN degrades based on these attacks. This paper presents a comprehensive review of several DoS and DDoS defense/mitigation strategies and classifies them into distinct classes with regards to the methodologies employed. Furthermore, suggestions were made to enhance current mitigation strategies accordingly

SDHome: Securing Fast Home Networks

Distributed denial of service (DDoS) is a highly discussed network attack in Software Defined Networks. Attacks such as the Mirai Botnet threaten to compromise portion of large networks, including home users. Today, corporations secure their network using enterprise level software to protest their network from DDoS attacks . But their solutions are meant for large networks and depend on expensive hardware. There are few security solutions for home users and most are expensive or require a subscription for full protection. In this paper, we propose a new solution in the form of a plug and play device that will allow home users to easily take control of their network. We will be using the SON controller Faucet and the protocol OpenFlow 1.3 to enable software defined functionalities. In addition to more basic network features such as blocking websites, the device will allow users to receive notifications about possible malicious activities on their network, generate device profiles for all devices on the network, and automatically detect and mitigate flooding attacks using a random forest classifier. We implement our network virtually using Graphic Network Simulator 3

Q-learning based distributed denial of service detection

Distributed denial of service (DDoS) attacks the target service providers by sending a huge amount of traffic to prevent legitimate users from getting the service. These attacks become more challenging in the software-defined network paradigm, due to the separation of the control plane from the data plane. Centralized software defined networks are more vulnerable to DDoS attacks that may cause the failure of all networks. In this work, a new approach is proposed based on q-learning to enhance the detection of DDoS attacks and reduce false positives and false negatives. The results of this work are compared with entropy detection in terms of the number of received packets to detect the attack and also the continuity of service for legitimate users. Moreover, these results indicate that the proposed system detects the DDoS attack from flash crowds and redirects the traffic to the edge of the data center. A second controller is used to redirect traffic to a honeypot server that works as a mirror server. This guarantees the continuity of service for both normal and suspected traffic until further analysis is done. The results indicate an increase of up to 50% in the throughput compared to other approaches

Comparison of ZigBee Replay Attacks Using a Universal Software Radio Peripheral and USB Radio

Low-Rate Wireless Personal Area Networks are a prevalent solution for communication among embedded devices. ZigBee is a leading network protocol stack based on the low-rate IEEE 802.15.4 standard that operates smart utility meters, residential and commercial building automation, and heath care networks. Such networks are essential, but low-rate, low-cost hardware is challenging to protect because end devices have tight limitations on hardware cost, memory use, and power consumption. KillerBee is a python-based framework for attacking ZigBee and other 802.15.4 networks that makes traffic eavesdropping, packet replay, and denial of service attacks straightforward to conduct. Recent works investigate software-defined radios as an even more versatile attack platform. Software defined radios can operate with greater flexibility and at greater transmit power than traditional network hardware. Software-defined radios also enable novel physical-layer attacks including reflexive jamming and synchronization header manipulation that are not possible with traditional hardware. This research implements a replay attack against a ZigBee device using a software defined radio. Replay attacks consist of an attacker recording legitimate traffic on a network and then replaying that traffic at will to cause malicious effects. Replay attacks can be very disruptive to operational systems, from turning valves in industrial controls systems to disarming door locks. Specifically, how software-defined radios can extend the effective attack range far beyond what is possible with hardware currently utilized by KillerBee is investigated. A software defined radio is tested with both directed and omnidirectional antennas and the effective attack range is compared to that of a USB radio. Tests are conducted both line-of-sight outdoors and through interior walls. The replay attack is implemented with beacon request frames

Towards smarter SDN switches:revisiting the balance of intelligence in SDN networks

Software Defined Networks (SDNs) represent a new model for building networks, in which the control plane is separated from the forwarding plane, allowing for centralised, fine grained control of traffic in the network. The benefits of SDN range widely from reducing operational costs of networks to providing better Quality of Service guarantees to its users. Its application has been shown to increase the efficiency of large networks such as data centers and improve security through Denial of Service mitigation systems and other traffic monitoring efforts. While SDN has been shown to be highly beneficial, some of its core features (e.g separation of control and data planes and limited memory) allow malicious users to carry out Denial of Service (DoS) attacks against the network, reducing its availability and performance. Denial of Service attacks are explicit attempts to prevent legitimate users from accessing a service or resource. Such attacks can take many forms but are almost always costly to its victims, both financially and reputationally. SDN applications have been developed to mitigate some forms of DoS attacks aimed at traditional networks however, its intrinsic properties facilitate new attacks. We investigate in this thesis, the opportunity for such Denial of Service attacks in more recent versions of SDN and extensively evaluate its effect on a legitimate user’s throughput. In light of the potential for such DoS attacks which specifically target the SDN infrastructure (controller, switch flow table etc), we propose that increasing the intelligence of SDN switches can increase the resilience of the SDN network by preventing attack traffic from entering the network at its source. To demonstrate this, we put forward in this thesis, designs for an intelligent SDN Switch and implement two additional functionalities towards realising this design into a software version of the SDN switch. These modules allow the switch to efficiently handle high control plane loads, both malicious and legitimate, to ensure the network continues to provide good service even under such circumstances. Evaluation of these modules indicate they effectively preserve the performance of the network under under high control plane loads far better than unmodified switches, with no notable drawbacks

Tackling denial of service attacks on key management in software-defined quantum key distribution networks

A QKD network provides an additional security layer for IT-secure cryptographic key distribution that is added to existing conventional networks. Thus, QKD network components must be resilient to security challenges from conventional network environments. This paper provided a novel solution for designing a Key Management System resistant to DoS attacks. Our solution allows applications to function securely in environments with fewer keys. In addition, we have provided approaches for allocating and managing QKD resources to avoid malicious key reservations. Simulation experiments verified the proposed solutions.Web of Science1011052011051