In this paper, we propose two simple and practically feasible countermeasures to address the Route Spoofing and Resource Exhaustion attacks in Software Defined Networking (SDN) scenarios. For Route Spoofing attack, we introduce a new technique called “selective blocking” which blocks an adversary node to use a genuine user’s active routes, and for Resource Exhaustion attack, we propose a “periodic monitoring” technique that detect adversary nodes based on the traffic analysis statistics gathered over a period of time at SDN data plane switches. We perform the implementation of the aforementioned attacks and their proposed countermeasures. With our proposed countermeasures installed in the target SDN scenarios, the simulation results indicate 35% reduction in bandwidth consumption, 60% gain in packet delivery rate, and 50% reduction in processing delay.
Practical extensions to countermeasure DoS attacks in software defined networking
Conti M.;
2017
Abstract
In this paper, we propose two simple and practically feasible countermeasures to address the Route Spoofing and Resource Exhaustion attacks in Software Defined Networking (SDN) scenarios. For Route Spoofing attack, we introduce a new technique called “selective blocking” which blocks an adversary node to use a genuine user’s active routes, and for Resource Exhaustion attack, we propose a “periodic monitoring” technique that detect adversary nodes based on the traffic analysis statistics gathered over a period of time at SDN data plane switches. We perform the implementation of the aforementioned attacks and their proposed countermeasures. With our proposed countermeasures installed in the target SDN scenarios, the simulation results indicate 35% reduction in bandwidth consumption, 60% gain in packet delivery rate, and 50% reduction in processing delay.Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.