TY - GEN
T1 - A reputation-based collaborative schema for the mitigation of distributed attacks in SDN domains
AU - Giotis, Kostas
AU - Apostolaki, Maria
AU - Maglaris, Vasilis
N1 - Publisher Copyright:
© 2016 IEEE.
PY - 2016/6/30
Y1 - 2016/6/30
N2 - In this paper, we investigate collaborative schemes to mitigate Distributed Denial of Service attacks in multi-domain Software Defined Networks (SDNs). The mitigation process itself is distributed, initiated by the domain of the victim, and involving all domains in the path of an attack (transit domains). We emphasize on filtering malicious flows as close to the attack sources as possible. We propose a modular and scalable approach that leverages on the SDNi (SDN interface) protocol, as the enabler for information exchange between adjacent SDN domains. We extend this protocol by publishing and exchanging pointers to incident reports, formatted according to the IETF IODEF standards and exposed through domain SDN Controllers. Thus, an SDN domain hosting the victim of the attack is able to notify the recipients about the malicious flows that they forward, requesting their filtering until the attack ceases. In order to motivate close cooperation of SDN domains governed by diverse authorities, we implemented and evaluated a reputation mechanism, whereby domains historically assess the behavior of their neighbors, discouraging assistance in case the domain of the victim has a poor cooperation track record.
AB - In this paper, we investigate collaborative schemes to mitigate Distributed Denial of Service attacks in multi-domain Software Defined Networks (SDNs). The mitigation process itself is distributed, initiated by the domain of the victim, and involving all domains in the path of an attack (transit domains). We emphasize on filtering malicious flows as close to the attack sources as possible. We propose a modular and scalable approach that leverages on the SDNi (SDN interface) protocol, as the enabler for information exchange between adjacent SDN domains. We extend this protocol by publishing and exchanging pointers to incident reports, formatted according to the IETF IODEF standards and exposed through domain SDN Controllers. Thus, an SDN domain hosting the victim of the attack is able to notify the recipients about the malicious flows that they forward, requesting their filtering until the attack ceases. In order to motivate close cooperation of SDN domains governed by diverse authorities, we implemented and evaluated a reputation mechanism, whereby domains historically assess the behavior of their neighbors, discouraging assistance in case the domain of the victim has a poor cooperation track record.
KW - Attack Mitigation
KW - DDoS
KW - OpenFlow
KW - SDN
KW - SDNi
UR - http://www.scopus.com/inward/record.url?scp=84979776717&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84979776717&partnerID=8YFLogxK
U2 - 10.1109/NOMS.2016.7502849
DO - 10.1109/NOMS.2016.7502849
M3 - Conference contribution
AN - SCOPUS:84979776717
T3 - Proceedings of the NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium
SP - 495
EP - 501
BT - Proceedings of the NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium
A2 - Badonnel, Sema Oktug
A2 - Ulema, Mehmet
A2 - Cavdar, Cicek
A2 - Granville, Lisandro Zambenedetti
A2 - dos Santos, Carlos Raniery P.
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2016 IEEE/IFIP Network Operations and Management Symposium, NOMS 2016
Y2 - 25 April 2016 through 29 April 2016
ER -