skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Elastically Augmenting the Control-path Throughput in SDN to Deal with Internet DDoS Attacks
Distributed denial of service (DDoS) attacks have been prevalent on the Internet for decades. Albeit various defenses, they keep growing in size, frequency, and duration. The new network paradigm, Software-defined networking (SDN), is also vulnerable to DDoS attacks. SDN uses logically centralized control, bringing the advantages in maintaining a global network view and simplifying programmability. When attacks happen, the control path between the switches and their associated controllers may become congested due to their limited capacity. However, the data plane visibility of SDN provides new opportunities to defend against DDoS attacks in the cloud computing environment. To this end, we conduct measurements to evaluate the throughput of the software control agents on some of the hardware switches when they are under attacks. Then, we design a new mechanism, calledScotch, to enable the network to scale up its capability and handle the DDoS attack traffic. In our design, the congestion works as an indicator to trigger the mitigation mechanism.Scotchelastically scales up the control plane capacity by using an Open vSwitch-based overlay.Scotchtakes advantage of both the high control plane capacity of a large number of vSwitches and the high data plane capacity of commodity physical switches to increase the SDN network scalability and resiliency under abnormal (e.g., DDoS attacks) traffic surges. We have implemented a prototype and experimentally evaluatedScotch. Our experiments in the small-scale lab environment and large-scale GENI testbed demonstrate thatScotchcan elastically scale up the control channel bandwidth upon attacks.  more » « less
Award ID(s):
2008468
PAR ID:
10466809
Author(s) / Creator(s):
; ; ;
Publisher / Repository:
IEEE
Date Published:
Journal Name:
ACM Transactions on Internet Technology
Volume:
23
Issue:
1
ISSN:
1533-5399
Page Range / eLocation ID:
1 to 25
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; (, IEEE ICC 2021 - IEEE International Conference on Communications)
    null (Ed.)
    In recent years, smart grid communications (SGC) has evolved to use new technologies not only for data delivery but also for enhanced smart grid (SG) security and reliability. Software Defined Networks (SDN) has proved to be a reliable and efficient architecture for handling diverse communication systems due to their ability to divide responsibilities of the network using control plane and data plane. This paper presents a graph learning approach for detecting and identifying Distributed Denial of Service (DDoS) attacks in SDN-SGC systems (GLASS). GLASS is a two phase framework that (1) detects if SDN-SGC is under DDoS attack using supervised graph deep learning and then (2) identifies the compromised entities using unsupervised learning methods. Network performance statistics are used for modeling SDN-SGC graphs, which train Graph Convolutional Neural Networks (GCN) to extract latent representations caused by DDoS attacks. Finally, spectral clustering is used to identify compromised entities. The experimental results, obtained by analysis of an IEEE 118-bus system, show the average throughput for compromised entities is able to maintain 84% of normal traffic level with GLASS, compared to achieving only 4% of normal throughput caused by DDoS attacks on compromised entities without the GLASS framework. 
    more » « less
  2. ; (, The 33rd International Conference on Computer Communications and Networks (ICCCN 2024))
    The development of reinforcement learning (RL) algorithms has created a paradigm where the agents are trained to learn directly by observing the environment and learning policies to perform tasks autonomously. In the case of network environments, these agents can control and monitor the traffic as well as help preserve the confidentiality, integrity, and availability of resources and services in the network. In the case of software defined networks (SDN), the centralized controller in the control plane has become the single point of failure for the entire network. Reactive routing in SDNs makes such networks vulnerable to denial-of-service (DoS) attacks that aim to overwhelm switch memory and the control channel between SDN switches and controllers. One potential solution to cope with such attacks is to use an intelligent mechanism to detect and block them with minimal performance overhead for the controller and control channel. In this work, we investigate the practicality and effectiveness of a reinforcement learning (RL) approach to cope with DoS attacks in SDN networks that utilize programmable switches. Assuming the existence of a reliable reward function, we demonstrate that an RL-based approach can successfully adapt to the changing nature of attack traffic to detect and mitigate attacks without overwhelming switch memory and the control channel in SDN. 
    more » « less
  3. ; (, IEEE)
    The development of reinforcement learning (RL) algorithms has created a paradigm where the agents are trained to learn directly by observing the environment and learning policies to perform tasks autonomously. In the case of network environments, these agents can control and monitor the traffic as well as help preserve the confidentiality, integrity, and availability of resources and services in the network. In the case of software defined networks (SDN), the centralized controller in the control plane has become the single point of failure for the entire network. Reactive routing in SDNs makes such networks vulnerable to denial-of-service (DoS) attacks that aim to overwhelm switch memory and the control channel between SDN switches and controllers. One potential solution to cope with such attacks is to use an intelligent mechanism to detect and block them with minimal performance overhead for the controller and control channel. In this work, we investigate the practicality and effectiveness of a reinforcement learning (RL) approach to cope with DoS attacks in SDN networks that utilize programmable switches. Assuming the existence of a reliable reward function, we demonstrate that an RL-based approach can successfully adapt to the changing nature of attack traffic to detect and mitigate attacks without overwhelming switch memory and the control channel in SDN. 
    more » « less
  4. ; (, CoNEXT ’19 Companion)
    Software-Defined Networking (SDN) is a dynamic, and manageable network architecture which is more cost-effective than existing network architectures. The idea behind this architecture is to centralize intelligence from the network hardware and funnel this intelligence to the management system (controller) [2]-[4]. Since the centralized SDN controller controls the entire network and manages policies and the flow of the traffic throughout the network, it can be considered as the single point of failure [1]. It is important to find some ways to identify different types of attacks on the SDN controller [8]. Distributed Denial of Service (DDoS) attack is one of the most dangerous attacks on SDN controller. In this work, we implement DDoS attack on the Ryu controller in a tree network topology using Mininet emulator. Also, we use a machine learning method, Vector Machines (SVM) to detect DDoS attack. We propose to install flows in switches, and we consider time attack pattern of the DDoS attack for detection. Simulation results show the effects of DDoS attacks on the Ryu controller is reduced by 36% using our detection method. 
    more » « less
  5. ; (, 2022 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS))
    A centralized Software-defined Network (SDN) controller, due to its nature, faces many issues such as a single point of failure, computational complexity growth, different types of attacks, reliability challenges and scalability concerns. One of the most common fifth generation cyber-attacks is the Distributed Denial of Service (DDoS) attack. Having a single SDN controller can lead to a plethora of issues with respect to latency, computational complexity in the control plane, reachability, and scalability as the network scale increases. To address these issues, state-of-the-art approaches have investigated multiple SDN controllers in the network. The placement of these multiple controllers has drawn more attention in recent studies. In our previous work, we evaluated an Entropy-based technique and a machine learning-based Support Vector Machine (SVM) to detect DDoS using a single SDN controller. In this paper, we extend our previous work to further decrease the impact of the DDoS attacks on the SDN controller. Our new technique called Hierarchical Classic Controllers (HCC) uses SVM and Entropy methods to detect abnormal traffic which can lead to network failures caused by overwhelming a single controller. Determining the number of controllers and their best placement are major contributions in our new method. Our results show that the combination of the above three methods (HCC with SVM and Entropy), in the case of a network with 3 controllers provides greater accuracy and improves the DDoS attack detection rate to 86.12% compared to 79.03% and 81.33% using Entropy-based HCC and SVM-based HCC, respectively. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email