Mitigating DDoS Attacks using OpenFlow-based Software Defined Networking

Mattijs Jonker, Anna Sperotto

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    1 Citation (Scopus)
    91 Downloads (Pure)

    Abstract

    Over the last years, Distributed Denial-of-Service (DDoS) attacks have become an increasing threat on the Internet, with recent attacks reaching traffic volumes of up to 500 Gbps. To make matters worse, web-based facilities that offer “DDoS-as-a-service‿ (i.e., Booters) allow for the layman to launch attacks in the order of tens of Gbps in exchange for only a few euros. A recent development in networking is the principle of Software Defined Networking (SDN), and related technologies such as OpenFlow. In SDN, the control plane and data plane of the network are decoupled. This has several advantages, such as centralized control over forwarding decisions, dynamic updating of forwarding rules, and easier and more flexible network configuration. Given these advantages, we expect SDN to be well-suited for DDoS attack mitigation. Typical mitigation solutions, however, are not built using SDN. In this paper we propose to design and to develop an OpenFlow-based mitigation architecture for DDoS attacks. The research involves looking at the applicability of OpenFlow, as well as studying existing solutions built on other technologies. The research is as yet in its beginning phase and will contribute towards a Ph.D. thesis after four years.
    Original languageUndefined
    Title of host publicationProceedings of the 9th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2015
    EditorsSteven Latré, Marinos Charalambides, Jérôme François, Corinna Schmitt, Burkhard Stiller
    Place of PublicationSwitzerland
    PublisherSpringer
    Pages129-133
    Number of pages5
    ISBN (Print)978-3-319-20033-0
    DOIs
    Publication statusPublished - Jun 2015

    Publication series

    NameLecture Notes in Computer Science
    PublisherSpringer International Publishing
    Volume9122
    ISSN (Print)0302-9743
    ISSN (Electronic)1611-3349

    Keywords

    • EWI-26426
    • OpenFlow
    • Software Defined Networking
    • METIS-315011
    • Attack mitigation
    • DDoS attacks
    • IR-98390

    Cite this

    Jonker, M., & Sperotto, A. (2015). Mitigating DDoS Attacks using OpenFlow-based Software Defined Networking. In S. Latré, M. Charalambides, J. François, C. Schmitt, & B. Stiller (Eds.), Proceedings of the 9th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2015 (pp. 129-133). (Lecture Notes in Computer Science; Vol. 9122). Switzerland: Springer. https://doi.org/10.1007/978-3-319-20034-7_13
    Jonker, Mattijs ; Sperotto, Anna. / Mitigating DDoS Attacks using OpenFlow-based Software Defined Networking. Proceedings of the 9th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2015. editor / Steven Latré ; Marinos Charalambides ; Jérôme François ; Corinna Schmitt ; Burkhard Stiller. Switzerland : Springer, 2015. pp. 129-133 (Lecture Notes in Computer Science).
    @inproceedings{c7d29d12dc5e4a85b3ea4a3b0ca93885,
    title = "Mitigating DDoS Attacks using OpenFlow-based Software Defined Networking",
    abstract = "Over the last years, Distributed Denial-of-Service (DDoS) attacks have become an increasing threat on the Internet, with recent attacks reaching traffic volumes of up to 500 Gbps. To make matters worse, web-based facilities that offer “DDoS-as-a-service‿ (i.e., Booters) allow for the layman to launch attacks in the order of tens of Gbps in exchange for only a few euros. A recent development in networking is the principle of Software Defined Networking (SDN), and related technologies such as OpenFlow. In SDN, the control plane and data plane of the network are decoupled. This has several advantages, such as centralized control over forwarding decisions, dynamic updating of forwarding rules, and easier and more flexible network configuration. Given these advantages, we expect SDN to be well-suited for DDoS attack mitigation. Typical mitigation solutions, however, are not built using SDN. In this paper we propose to design and to develop an OpenFlow-based mitigation architecture for DDoS attacks. The research involves looking at the applicability of OpenFlow, as well as studying existing solutions built on other technologies. The research is as yet in its beginning phase and will contribute towards a Ph.D. thesis after four years.",
    keywords = "EWI-26426, OpenFlow, Software Defined Networking, METIS-315011, Attack mitigation, DDoS attacks, IR-98390",
    author = "Mattijs Jonker and Anna Sperotto",
    note = "10.1007/978-3-319-20034-7_13",
    year = "2015",
    month = "6",
    doi = "10.1007/978-3-319-20034-7_13",
    language = "Undefined",
    isbn = "978-3-319-20033-0",
    series = "Lecture Notes in Computer Science",
    publisher = "Springer",
    pages = "129--133",
    editor = "Steven Latr{\'e} and Marinos Charalambides and J{\'e}r{\^o}me Fran{\cc}ois and Corinna Schmitt and Burkhard Stiller",
    booktitle = "Proceedings of the 9th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2015",

    }

    Jonker, M & Sperotto, A 2015, Mitigating DDoS Attacks using OpenFlow-based Software Defined Networking. in S Latré, M Charalambides, J François, C Schmitt & B Stiller (eds), Proceedings of the 9th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2015. Lecture Notes in Computer Science, vol. 9122, Springer, Switzerland, pp. 129-133. https://doi.org/10.1007/978-3-319-20034-7_13

    Mitigating DDoS Attacks using OpenFlow-based Software Defined Networking. / Jonker, Mattijs; Sperotto, Anna.

    Proceedings of the 9th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2015. ed. / Steven Latré; Marinos Charalambides; Jérôme François; Corinna Schmitt; Burkhard Stiller. Switzerland : Springer, 2015. p. 129-133 (Lecture Notes in Computer Science; Vol. 9122).

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    TY - GEN

    T1 - Mitigating DDoS Attacks using OpenFlow-based Software Defined Networking

    AU - Jonker, Mattijs

    AU - Sperotto, Anna

    N1 - 10.1007/978-3-319-20034-7_13

    PY - 2015/6

    Y1 - 2015/6

    N2 - Over the last years, Distributed Denial-of-Service (DDoS) attacks have become an increasing threat on the Internet, with recent attacks reaching traffic volumes of up to 500 Gbps. To make matters worse, web-based facilities that offer “DDoS-as-a-service‿ (i.e., Booters) allow for the layman to launch attacks in the order of tens of Gbps in exchange for only a few euros. A recent development in networking is the principle of Software Defined Networking (SDN), and related technologies such as OpenFlow. In SDN, the control plane and data plane of the network are decoupled. This has several advantages, such as centralized control over forwarding decisions, dynamic updating of forwarding rules, and easier and more flexible network configuration. Given these advantages, we expect SDN to be well-suited for DDoS attack mitigation. Typical mitigation solutions, however, are not built using SDN. In this paper we propose to design and to develop an OpenFlow-based mitigation architecture for DDoS attacks. The research involves looking at the applicability of OpenFlow, as well as studying existing solutions built on other technologies. The research is as yet in its beginning phase and will contribute towards a Ph.D. thesis after four years.

    AB - Over the last years, Distributed Denial-of-Service (DDoS) attacks have become an increasing threat on the Internet, with recent attacks reaching traffic volumes of up to 500 Gbps. To make matters worse, web-based facilities that offer “DDoS-as-a-service‿ (i.e., Booters) allow for the layman to launch attacks in the order of tens of Gbps in exchange for only a few euros. A recent development in networking is the principle of Software Defined Networking (SDN), and related technologies such as OpenFlow. In SDN, the control plane and data plane of the network are decoupled. This has several advantages, such as centralized control over forwarding decisions, dynamic updating of forwarding rules, and easier and more flexible network configuration. Given these advantages, we expect SDN to be well-suited for DDoS attack mitigation. Typical mitigation solutions, however, are not built using SDN. In this paper we propose to design and to develop an OpenFlow-based mitigation architecture for DDoS attacks. The research involves looking at the applicability of OpenFlow, as well as studying existing solutions built on other technologies. The research is as yet in its beginning phase and will contribute towards a Ph.D. thesis after four years.

    KW - EWI-26426

    KW - OpenFlow

    KW - Software Defined Networking

    KW - METIS-315011

    KW - Attack mitigation

    KW - DDoS attacks

    KW - IR-98390

    U2 - 10.1007/978-3-319-20034-7_13

    DO - 10.1007/978-3-319-20034-7_13

    M3 - Conference contribution

    SN - 978-3-319-20033-0

    T3 - Lecture Notes in Computer Science

    SP - 129

    EP - 133

    BT - Proceedings of the 9th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2015

    A2 - Latré, Steven

    A2 - Charalambides, Marinos

    A2 - François, Jérôme

    A2 - Schmitt, Corinna

    A2 - Stiller, Burkhard

    PB - Springer

    CY - Switzerland

    ER -

    Jonker M, Sperotto A. Mitigating DDoS Attacks using OpenFlow-based Software Defined Networking. In Latré S, Charalambides M, François J, Schmitt C, Stiller B, editors, Proceedings of the 9th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2015. Switzerland: Springer. 2015. p. 129-133. (Lecture Notes in Computer Science). https://doi.org/10.1007/978-3-319-20034-7_13