The Transactions of The Korean Institute of Electrical Engineers (전기학회논문지)

The Korean Institute of Electrical Engineers (대한전기학회)
권호 표지
DOI QR코드

DOI QR Code

New Distributed SDN Framework for Mitigating DDoS Attacks

DDoS 공격 완화를 위한 새로운 분산 SDN 프레임워크

  • Alshehhi, Ahmed (Dept. of ECE, Khalifa University of Science and Technology) ;
  • Yeun, Chan Yeob (Dept. of ECE, Khalifa University of Science and Technology) ;
  • Damiani, Ernesto (Dept. of ECE, Khalifa University of Science and Technology)
  • Received : 2017.11.10
  • Accepted : 2017.11.26
  • Published : 2017.12.01
Download PDF
⟨ Previous Next ⟩

Abstract

Software Defined Networking creates totally new concept of networking and its applications which is based on separating the application and control layer from the networking infrastructure as a result it yields new opportunities in improving the network security and making it more automated in robust way, one of these applications is Denial of Service attack mitigation but due to the dynamic nature of Denial of Service attack it would require dynamic response which can mitigate the attack with the minimum false positive. In this paper we will propose a new mitigation Framework for DDoS attacks using Software Defined Networking technology to protect online services e.g. websites, DNS and email services against DoS and DDoS attacks.

Keywords

References

  1. Yeun, C.Y., Han, K., Vo, D.L., Kim, K., "Secure authenticated group key agreement protocol in the MANET environment," information security technical report, Vol. 13, No. 3, pp. 158-164, 2008. https://doi.org/10.1016/j.istr.2008.10.002
  2. Bariah, L., Shehada, D., Salahat, E., Yeun, C.Y., "Recent advances in VANET security: a survey," In proceeding of the 82nd IEEE Vehicular Technology Conference, pp. 1-7, September 2015.
  3. Shehada, D., Yeun, C.Y., Zemerly, M.J., Al Qutayri, M., Al Hammadi, Y., Damiani, E., Hu, J., "BROSMAP: A Novel Broadcast Based Secure Mobile Agent Protocol for Distributed Service Applications," Security and Communication Networks, Wiley, Vol. 2017, 3606424, 2017.
  4. Baek, J., Vu, Q.H., Jones, A., Al Mulla, S., Yeun, C.Y., "Smart-frame: A flexible, scalable, and secure information management framework for smart grids," In proceeding of International Conference for Internet Technology And Secured Transactions, pp. 668-673, December 2012.
  5. Al Alkeem, E., Shehada, D., Yeun, C.Y., Zemerly, M.J., Hu, J., "New secure healthcare system using cloud of things," Cluster Computing, Vol. 20, No. 3, Springer, pp. 2211-2219, 2017. https://doi.org/10.1007/s10586-017-0872-x
  6. Han, K., Yeun, C.Y., Shon, T., Park, J., Kim, K., "A scalable and 6.efficient key escrow model for lawful interception of IDBC‐based secure communication," International Journal of Communication Systems, Vol. 24, No. 4, pp. 461-472, 2011. https://doi.org/10.1002/dac.1165
  7. Gajparia, A.S., Mitchell, C.J. , Yeun, C.Y., "Supporting user privacy 7.in location based services," IEICE transactions on communications, Vol. 88, No. 7, pp. 2837-2847, 2005.
  8. Konidala, D.M., Yeun, C.Y., Kim, K., "A secure and privacy enhanced protocol for location-based services in ubiquitous society," In proceeding of IEEE Global Telecommunications Conference, GLOBECOM'04, Vol. 4, pp. 2164-2168, 2004
  9. Lu, Y., Wang, M.: An Easy Defense Mechanism Against Botnet-based DDoS Flooding Attack Originated in SDN Environment Using sFlow. In: ACM, New York (2016)
  10. Xiulei, W., Ming, C., Xianglin, W., Guomin, Z.: Defending DDoS attacks in software defined networking based on improved Shiryaev-Roberts detection algorithm. J. High. Speed. Networks. 22, 285-298, (2015)
  11. Trung, P.V, Huong, T.T, Tuyen, D.V, Duc, D.M, Thanh, N.H, Marshall, A.: A Multi-Criteria-based DDoS-Attack Prevention Solution using Software Defined Networking. In: ATC, (2015)
  12. Buragohain, C., Medhi, N.: FlowTrApp: An SDN Based Architecture for DDoS Attack Detection and Mitigation in Data Centers. In: International Conference on Signal Processing and Integrated Networks, (2016)
  13. Xu, Y., Liu, Y.: DDoS Attack Detection under SDN Context. In: The 35th Annual IEEE International Conference on Computer Communications, (2016)
  14. Dharma, G., Muthohar, M.F, Prayuda, A.J.D., Priagung, K., Choi, D.: Time-based DDoS Detection and Mitigation for SDN Controller. In: APNOMS, (2015)
  15. SAHRI, N., OKAMURA, K.: Protecting DNS services from IP spoofing - SDN collaborative authentication approach. In: ACM, New York (2016)
  16. Lim, S., Ha, J., Kim, H., Kim, Y., Yang, S.: A SDNOriented DDoS Blocking Scheme for Botnet-Based Attacks. In: ICUFN, (2014)
  17. Dao, N., Park, J., Park, M., Cho, S.: A Feasible Method to combat against DDoS Attack in SDN Network. In: ICOIN, (2015)
  18. Li, J., Berg, S., Zhang, M., Reiher, P., Wei, T.: DrawBridge-Software-Defined DDoS-Resistant Traffic Engineering. In: ACM, 2014