INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH VOLUME 9, ISSUE 03, MARCH 2020 ISSN 2277-8616
6628 IJSTR©2020
www.ijstr.org
Current State Of Art And Key Rationales Of
Application Layer Distributed Denial Of Service
Attacks In Software Defined Networking
Sarabjeet Kaur, Amanpreet Kaur, Abhinav Bhandari
Abstract: Software Defined Networking (SDN) provides the provision of centralized and faster network. It provides the greater control on network traffic by separating the control plane and data plane which is a new network paradigm shift from the traditional network. Although SDN has replaced the traditional networks with its fast and flexible features, yet there are some of the areas where research is being emphasized like reliability, scalability, latency and security. Due to the centralized service based architecture of SDN there occurs various security issues at its different layers like control layer, data layer and application Layer. These issues are unauthorized access to controller, forwarding policy violation or modification, system level security issues, unauthorized access to applications and denial of service etc. Out of these, the DDoS (Distributed Denial of Service) attack is the most leading issue at present. DDoS attack is interruption in normal traffic flow thereby making the services unavailable to legit imate users by consuming victim’s resources. DDoS attack although has an impact on different layers, yet the application layer DDoS attack has become the most distinguished area of discussion for various researchers. So, in this paper, we have covered the most prominent area of security in SDN i.e. DDoS attack. We are going to present a review of the current state of art on an application layer DDoS attack in SDN. Our study identifies and discusses the different defense approaches, its implementations, an idea behind work done and an outcome of recent related works which is helpful in handling the application layer DDoS attack in the SDN. It gives the clear view to the researchers about the recent updates in defense mechanism of an application layer DDoS attack in the SDN. Also the mapping study highlights the limitations of each research which leads to the research findings and gaps out of present research being done yet. The future scope of this research study is to develop a new mitigation framework after analyzing the research gaps highlighted in research article.
Keywords: Software Defined Networking, Denial of Service, Application layer, Defense Mechanism, Internet of Things. ————————————————————
1 INTRODUCTION
The present state of network measurement and its criticality is inadequate. If we discuss briefly about network behavior and generally its operability, it requires high level of manual involvement. This practice indeed becomes difficult in case of large and complex networks. The traditional network faces many of such problems which are overcome SDN (Software Defined Networking) which is emerging technology in trend [5]. It is the new paradigm that solves the issues of traditional networks by centralizing the control and separating it from data plane. It controls the behavior of network equipment through dynamic software approach. SDN is now considered as vital solution to the complexities of traditional networks as the decision path in SDN is handled by its controller and the forwarding part by the switches. This approach of SDN is considered as its biggest strength. Though the SDN has been adopted in wide spectrum, yet it lacks in some features like reliability, latency, scalability and security. The researchers are working on these issues to increase the performance of SDN. But still the limited work has been done on its security issues.
There are several security threats which either may harm the controller or switches of SDN network. These security threats may distress at application layer, control layer and data layer of SDN architecture. There are number of security issues which harm one, two or all of the layers in network. Some of the security threats are like some unauthorized access, configuration issues, denial of service attacks etc. Due to centralized controller at control plane of SDN, it is much targeted by denial of service attacks [9][28]. These attacks block the network equipment as the attackers send multiple requests to controller or switches thereby making it unavailable [11][26][29]. It finds out the opening for an intrusion to process the attack on server [25]. DDoS attacks become more substantial when generated from multiple resources initiating the distributed denial of service (DDoS) attack [19] [20] [23]. The DDoS attack is carried out at different layers of network such as transport layer, network layer as well as an application layer which makes the respective protocols inactive [18].There are different protocols which get affected as per different layer DDoS attacks such as ICMP (Internet Control Message Protocol) in network layer, TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) in transport layer, DNS (Domain Name Service) and HTTP protocols in an application layer. DDoS attack makes the server unavailable for legitimate users [12]. DDoS attacks are becoming more dangerous as per reports of Arbor, McAfee Labs and Kaspersky Labs. The NETSCOUT's annual Worldwide Infrastructure Security Report (WISR) states there is three times increase in SaaS services attacks from 2017 which was 13% to 2018 which was 41% [37]. The highest record of attack is 1.7 TBPS in size as per WISR Arbor’s report 2018. McAfee Lab report says that DDoS are the third largest attacks which tend to grow year by year. As per prediction reports of McAfee Labs the attacks will increase on homely devices connected with Internet of Things for _______________________________
• Sarabjeet Kaur is currently pursuing Ph.D in Computer Applications at Chandigarh University,Gharuan,India, E-mail: [email protected]
• Dr. Amanpreet Kaur is currently working as Associate Prof. at Chandigarh University,Gharuan,India,E-mail: [email protected]
6629 IJSTR©2020
www.ijstr.org monetary gains in 2019 [35]. Likewise the Kaspersky Lab’s
report 2018 says that for the enterprises the cost of handling DDoS attacks is rising gradually worldwide [36]. It recorded this cost upto $2M per attack as an average in 2018. So, all these recent records clearly show the criticality of DDoS attacks increasing day by day globally. In this paper, we have reviewed the research work related to an application layer DDoS attacks in SDN. This paper covers the various features, rationales, tools or simulators used and outcome of different research contributions to detection and defense of an application layer DDoS attacks. Also the mapping study highlights the limitations of each research which leads to the research findings and gaps out of present research being done yet. The future scope of this research study is to develop a new mitigation framework after analyzing the research gaps highlighted in research article.
The main contributions of this research paper are:-
To list various security issues of SDN architectures. To study the modus operandi of application layer
DDoS attacks in SDN.
To study the current state of art of detection and rationales of application layer DDoS attacks in SDN.
The remainder of this paper covers the study as follows: Section 2 discusses the security challenges in SDN. Section 3 describes the modus operandi of an application layer DDoS attack in SDN and related research in detail. Section 4 presents the current state of art of detection and rationales of application layer DDoS attacks in SDN. Finally, Section 5 concludes the review.
1.
SECURITY CHALLENGES IN SDN
In SDN the traffic is forwarded by the networking elements like switches as per the entries of forwarding tables which is controlled by the centralized controller. There are two different approaches to accomplish the operation i.e. proactive and reactive [4] [21]. In proactive the forwarding rules are set by the controller and only those packets are
forwarded whose entry matches into the table [17]. Whereas in reactive approach, the decision is taken by the controller by considering overall view or state of network. Generally, the focus of researchers is to detect the threats on centralized controller of SDN to prevent the failure. The least focused area of research is SDN security. Our study is mainly concentrated on security features of SDN. There are many security issues according to the research study which can be categorized [15] [16]. The table below shows different security features of SDN which may trigger all of the layers by unauthorized access to either controller or to any application of networks. Some of the attacks may access and modify the data by leakage of flow rules or forwarding tables and policies. Another threat is some malicious attack on an application and controller which makes them unavailable [13]. The DOS attack from among other attacks may affect network layers and elements [1]. If we list out, the Denial of Service attack may affect:
Switch Buffer Flow Table State Table
Data Flows or Processes
The most prominent attack is DDoS attack in SDN [14]. There are some positive and negative features as well as weak areas of SDN which makes it either DDoS resolver or Victim [1]. The centralized controller is one of the features that make SDN a DDoS resolver. As it is a software approach, it can easily program the network decisions and updates the network dynamically by separating the logic from infrastructure. In comparison these features also make SDN a DDoS victim due to failure of SDN controller, the slow processing of controller as compare to routers and switches and dumb switches etc. In next section we have covered the impacts of an application layer DDoS attacks in SDN which is main focus of our study in this paper.
INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH, VOL 1, ISSUE 1
6630
Table 1: Security Issues in SDN
Security Issues Application Layer Control Layer Data Layer
Unauthorized Access to controller
Unauthorized/Unauthenticated Access to an application
Input Buffer Attack
Forwarding Policy Violation
Flow Rule Modification
Malicious and Compromised Applications
Denial of Service Attack
Configuration Issues
System Level SDN Security
2.
MODUS OPERANDI OF APPLICATION
LAYER DDoS ATTACKS IN SDN
We have discussed in our previous section about criticality of security threats in SDN. The DDoS attack amongst the security threats is most noticeable attack [22]. The distributed denial of service attack exerts the influence on an application layer protocols such as DNS and HTTP, which is of much concern. There are many relevant researches available on an application layer DDoS attack. The study of few has been presented in this paper. As an application layer uses genuine HTTP protocol, the attacker tries to exploit the features of protocol by sending the huge traffic. It is sometimes quite difficult to differentiate between the attacker and legitimate user. As per the study there are many algorithms [3] being available to detect an application layer DDoS attack. It classifies the DDoS attacks into two categories as: at an
6631
Figure2:HTTP DDoS attack process.
3.
CURRENT STATE OF ART OF DETECTION
AND KEY RATIONALES OF APPLICATION
LAYER DDOS ATTACKS IN SDN
There are many researches done in past few years on SDN DDoS attack detection and defense. In this paper we have reviewed few related research papers particularly on an application layer DDoS attack in SDN. Although in previous researches, the main focus is shown on volumetric attacks in network and transport layers, yet an application layer has not attained much attention from researchers. The papers in our study are taken from past two year’s research work being done by different researches in application layer DDoS attacks in SDN network. The table 2 below shows some of the research features given as per respective papers from past research. The parameters we have focused are like the basics about paper as title, authors, number of citations etc. Apart from this the specific analysis has been done regarding the detection techniques being used in these papers by researchers which are capable of detecting and implementing defense against DDoS attacks. Further study includes the impacts of attacks on SDN network, also the simulators and emulators used to implement work. The rationale of papers in table gives the idea about the aim of work done in these papers and the conclusion highlights the outcome and results achieved in each paper. As per the study of work done by K.Hong and Y.Kim in paper [2], the slow attack done by the attacker sends the incomplete requests to block the server. It uses the NS3 simulator to implement the detection algorithm
INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH, VOL 1, ISSUE 1
6632
deployed the defense against HTTP DDoS attacks in SDN and NVF. Another contribution was done by Grigoryan, Garegin & Liu Yaoqing in 2018 in application layer DDoS attack. This paper used LAMP technique to mitigate application layer with programmable data planes. It prevented the server to get exhausted by huge number of GET and POST requests sent by the attacker. The bmv2 emulator model has been implemented in MININET for P4 programming language. It provided the solution to directly handle the alerts of attack by new architecture LAMP which is quicker to detect and mitigate the attacks. There are many other researches that are not exactly related to application layer DDoS attack in SDN. But these could be studied as base to understand the concept of DDoS attacks. We have also included one contribution given by Gera, J. & Battula in 2018 which throws the light on this. Many researches actually differentiate the DDoS attacks from flash crowds [31]. This paper used NS2 simulator to use source address entropy and traffic cluster entropy values to detect and differentiate the flash events. In another research done by Kim, S., Lee, S., Cho, G., Ahmed, M. E., Jeong, J., & Kim, H in 2017 the other domain of application layer DDoS attack is discussed. This paper covered the defense against DNS Amplification attacks using the novel scheme [30]. The concept behind was to store the history of DNS queries as an evidence to distinguish normal DNS responses from attack packets. The scheme blocked the network traffic for DNS amplification attack completely and provided a highly scalable and centralized data storage for DNS request using SDN. Again the MININET emulator has been used to implement the scheme experimentally in this research. This section also gives the brief view of key rationales behind the study of application layer DDoS attacks in SDN. The ideas represented by different researchers to cover the area of application layer DDoS attacks in SDN are highlighted in Table 2. First paper in table proposed the technique SHDA which receives the HTTP requests on behalf of server to detect the incomplete and suspicious HTTP requests. It uses timeout based DDoS attack detection to track the slow users [2]. Second paper presents the work to detect the behavior of attackers and legitimate users by analyzing the combination of few parameters like count of GET or POST requests, no of IP addresses within
small time span, frame length of protocols and constant mapping [3]. The discussion in third paper emphasized on DNS application data. It used the sFlow to collect the flow traffic data and checks the headers of packets [6]. By matching the query ID sFlow identifies the normal DNS requests or suspicious requests [24]. The technique reduces the cache overload by separately storing the request to normal cache or immediate cache. Fourth paper is based on shuffling of application layer DDoS attack effected virtual machine replicas. It focused the concentration of attackers on few virtual machines by repeatedly resetting the attacked VMs [7]. Fifth paper brought the idea of new framework LAMP. It works by scanning the network for application layer ddos attacks and sending the alert messages. LAMP blocks the suspicious IP addresses to prevent the attacks [8]. The research in sixth paper differentiates the DDoS attacks from flash events. It correlates the packets from different locations to check the general structure. If the packet structure rules are violated it is declared as DDoS attack. The study finds out the source and traffic entropy to detect flash events [10]. The seventh paper in table 2 is based upon novel security framework of SDN to detect the application Layer DDoS attacks. It maps the strict one to one DNS requests with DNS responses to find out the differences [30]. All of these research contributions are discussed below in table along with other features like simulators used, impacts of attacks, detection techniques etc.The study in eighth paper emphasizes on the DNS based DDoS attacks. It makes the network strong so as to prevent the attacks by proposing two hypotheses [32]. One of the hypotheses is based on core network with SDN and another is based on core network without SDN. It is basically representation of previous studies that are applicable in deep packet inspection and DNS of IoT. The study of next paper given by Vishal Gupta and Eklavya Sharma provides the solution to DNS amplification attacks with geographically distributes routers known as Barrier of Routers (BOR) [33] to control the inflow and outflow of network traffic. Lastly, tenth paper is about the solution named KarmaNet [34]. This study uses the Novel DNS response packet routing scheme to prevent the DDoS attacks.
Table 2: Review of Research features of related papers
S
im
u
la
to
r
u
se
d
N
S
3
S
im
u
la
to
r
S
D
N
e
m
u
la
to
r
(M
INI
N
E
T
)
S
D
N
e
m
u
la
to
r
(M
INI
N
E
T
)
T
h
ro
u
g
h
vi
rt
u
a
l
m
a
ch
in
e
s
u
si
n
g
M
INI
N
E
T
L
im
it
a
tio
n
s
S
H
D
A
g
e
n
e
ra
lly
ru
n
s
o
n
c
o
n
tr
o
lle
r
a
n
d
m
a
y
n
o
t
b
e
p
a
rt
o
f a
n
y
o
th
e
r DD
o
S
a
tt
a
ck
d
e
fe
n
se
p
ro
ce
ss
Im
p
ro
ve
m
e
n
t
is
r
e
q
u
ir
e
d
in
d
e
te
ct
io
n
r
a
te
w
ith
le
ss
n
o
o
f
fa
ls
e
p
o
si
tive
s
a
n
d
in
a
ccu
ra
cy
o
f
d
e
te
ct
io
n
.
A
ls
o
it
is
re
q
u
ir
e
d
t
o
d
if
fe
re
n
tia
te
a
p
p
lica
tio
n
la
ye
r DD
o
S
a
tt
a
cks
fr
o
m
fla
sh
e
ve
n
ts
M
o
re
wo
rk
is
to
b
e
d
o
n
e
t
o
a
n
a
ly
ze
t
h
e
a
m
p
lifica
tio
n
a
tt
a
cks
fo
r
o
th
e
r
p
ro
to
co
ls
a
ls
o
T
h
e
im
p
ro
ve
d
a
lg
o
rith
m
s
a
re
re
q
u
ir
e
d
t
o
o
p
tim
iz
e
t
h
e
co
st
a
n
d
e
ffe
ct
iv
e
n
e
ss
fo
r h
a
n
d
lin
g
D
D
o
S
a
tt
a
cks
Im
p
a
ct
o
f
A
tt
a
ck
It
m
a
ke
s
th
e
w
e
b
s
e
rve
r
u
n
a
va
ila
b
le
b
y
se
n
d
in
g
in
co
m
p
le
te
re
q
u
e
s
ts
U
n
a
b
le
t
o
id
e
n
tif
y
th
e
a
tt
a
cke
r a
n
d
le
g
iti
m
a
te
u
se
r
D
N
S
S
e
rve
r
e
xp
lo
it
a
ti
o
n
to
d
is
tr
ib
u
te
a
m
p
lifie
d
re
sp
o
n
s
e
s
F
re
q
u
e
n
t
sh
u
ffli
n
g
o
f
tr
a
6633 R a tio n a le It p ro p o se d t h e S H D A t e ch n iq u e t h a t h a n d le s th e a tt a ck si tu a tio n wh e n t h e in co m p le te HT T P r e q u e st s a re r e ce iv e d b y th e s e rve r in c re a si n g t h e n u m b e r o f o p e n c o n n e ct io n s. S H D A r e ce iv e s th e H T T P r e q u e s ts b y it se lf o n b e h a lf o f w e b se rve r a s p e r t h e f lo w r u le s u p d a te d b y th e S D N co n tr o lle r. T h is m a k e s S H D A t o d e te ct a n d m a n a g e t h e in c o m p le te o r su sp ic io u s H T T P r e q u e s ts. S H D A u se s th e t im e o u t b a s e d Do S t ta ck d e te ct io n t o fin d o u t th e r e q u e s ts fr o m s lo w c lie n ts. In t h is p a p e r, t h e b e h a vi o r o f a tt a ck e rs a n d le g iti m a te c lie n ts a re a n a ly ze d o n th e b a si s o f fe w p a ra m e te rs su ch a s co u n t o f G E T o r P O S T r e q u e s ts, n o . o f IP a d d re ss e s w ith in s m a ll t im e s p a n , a n a ly zi n g n o . o f o p e n a n d c lo s e d p o rt co n n e ct io n s b y co n s ta n t m a p p in g a n d la st ly , th e f ra m e l e n g th o f p ro to co l. T h e se p a ra m e te rs a re c o lle ct iv e ly u se d to p ro p o se t h e e xp e rim e n ta l re su lt th ro u g h c la ssi fica tio n m o d e l e xe cu tio n , w h ic h d if fe re n tia te s th e a tt a cke rs fr o m le g iti m a te u se rs T h e r e se a rc h p ro p o se d in t h is p a p e r w o rks o n DN S a p p lica tio n d a ta . It u se s th e s F lo w t h a t co lle c ts th e in co m in g f lo w d a ta a n d c h e cks th e p a cke t h e a d e rs fo r it s flo w v a lu e s . T h is id e n tif ie s if t h e tr a ff ic h a s b e e n o rig in a te d f ro m DN S s e rve rs o r n o t. s F lo w m a tc h e s th e Q u e ry ID o f in co m in g r e q u e s ts w ith r e co rd s to id e n tif y th e t ra ffic is n o rm a l D N S r e q u e st o r s u sp ici o u s r e q u e st . T h e g e n u in e f lo w is t h e n f o rw a rd e d t o S D N c o n tr o lle r f o r m iti g a tio n . T h is p a p e r d e scr ib e s th e b e h a vi o r o f H T T P DD o S a tt a cks a n d a ls o p ro p o se s th e d e fe n se m o d e l i n S D N /NV F . It id e n tif ie s th e a tt a ck ty p e s like s e ssi o n flo o d in g , re q u e st f lo o d in g , a sy m m e tr ic a n d s lo w r e q u e st /r e sp o n se a tt a cks. T h e w o rk in t h is p a p e r is b a se d u p o n sh u ffli n g t h e r e p lica s o f V M s if it is u n d e r DD o S a tt a ck. D e te ct io n T e ch n iq u e S lo w HT T P D D o S De fe n se A p p lica tio n (S H D A ) E P A -H T T P D D o S , C A IDA 2007, M L P -G A A lg o rith m s sF lo w wi th S e cu rity C e n tr ic S D N M u lti O b je ct iv e M a rko v d e ci si o n p ro ce sse s, S h u ffli n g b a se d d e fe n se syst e m (S D S S ), B S A a n d CS A R e fe re n c e s [2 ] [3 ] [6 ] [7 ] Y e a r
2018 2017 2017 2017
INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH, VOL 1, ISSUE 1 6634 R a tio n a le In t h is p a p e r, t h e a p p lica tio n la ye r DD o S a tt a ck m iti g a tio n h a s b e e n d e m o n st ra te d wi th L A M P , a n e w c o o p e ra tive fr a m e w o rk. T h e a tt a cke r s e n d s th e a tt a ck a g a in st a p p lica tio n la ye r, w h ic h is n o t d e te ct e d b y th e n e two rk d e vi ce s a n d th e p a cke ts re a ch u p to t h e e n d h o s ts. L A M P d e te c ts su ch a tt a cks b y sca n n in g t h e a tt e m p ts a n d s e n d in g t h e a le rt m e ss a g e s. It t h e n b lo cks th e I P a d d re ss e s fr o m wh ic h th e a tt a ck h a s b e e n in iti a te d . L A M P u se s th e p a rse r , m a tc h a ct io n t a b le s a n d c o n tr o l flo w s fo r im p le m e n ta tio n . T h e r e se a rc h in t h is p a p e r d e te c ts a n d d if fe re n ti a te s th e DD o S a tt a cks fr o m f la sh c ro w d s. T h is is d o n e b y co rr e la ti n g t h e p a cke ts a t d iff e re n t p la ce s t o f in d o u t th e d if fe re n c e s. D u e to t h e DD o S a tt a cks th e g e n e ra l st ru ct u re o f p a cke ts g e ts vi o la te d t o f o rm th e d is o rd e r o f tr a ffic flo w . T h is is kn o w n a s e n tr o p y. T h e wo rk in t h is p a p e r f ir st ly i d e n tif ie s th e s o u rce e n tr o p y a n d t ra ff ic e n tr o p y. W h e n t h e p a ck e ts a re se n d c o n ti n u o u sl y to in cr e a se t h e t ra ffic, t h e s o u rce a n d t ra ffic e n tr o p y is fo u n d . W h e n th e c u rr e n t so u rce e n tr o p y is g re a te r t h a n u p p e r t h re sh o ld so u rce e n tr o p y, th e f la sh e v e n ts a re d e te ct e d . T h is s tu d y u se s th e No ve l se c u rity fr a m e w o rk to d e te ct t h e h u g e v o lu m e o f D N S n a m e lo o ku p re q u e s ts to o p e n DN S s e rve rs. T h e wo rk is d o n e to st o re t h e h is to ry o f D N S q u e rie s a s a n e vi d e n ce t o d is tin g u is h n o rm a l D N S r e sp o n s e s fr o m a tt a c k p a cke ts. I t d o e s o n e t o o n e m a p p in g o f D N S re q u e s ts a n d r e s p o n se s. D e te ct io n T e ch n iq u e L A M P : A p p lica tio n la ye r M iti g a tio n wi th p ro g ra m m a b le d a ta p la n e s D e te ct io n o f s p o o fe d , non -sp o o fe d DD o S a tt a cks a n d d if fe re n tia tin g t h e m fr o m F la sh c ro w d s N o ve l se cu rity fr a m e w o rk u si n g S o ftwa re -D e fin e d N e two rki n g (S D N ) R e fe re n c e s [8 ] [1 0 ] [3 0 ] Y e a r
2018 2018 2017
6635 L im it a tio n s L im ite d kn o w le d g e is b e in g p ro vi d e d n o t co n si d e rin g m u ch f a ct o rs th a t m a y a ff e ct t h e p re ve n ti o n o f D N S b a se d D D o S a tt a cks. E xp e n si ve s e tu p and m a in te n a n ce . C o st e ffe ct iv e n e ss, T ru st o n sw itch e s, ch o ki n g o f lin k a n d e n fo rse m e n t o f sa m e p a th f o r re q u e st a n d re sp o n s e Im p a ct o f A tt a ck D is tu rb s th e n o rm a l w o rki n g o f u se r a n d in te rn e t s e rvi ce p ro vi d e r D e g ra d e s t h e n e two rk p e rfo rm a n c e b y flo o d in g t h e la rg e n u m b e r o f D N S r e q u e st s to DN S se rve rs. D is ru p t th e n e two rk se rvi ce s b y D D o S a tt a cks R a tio n a le In t h is a rticl e t h e n e two rk h a s m a d e s tr o n g e n o u g h t o p re ve n t t h e DN S b a s e d DD o S a tt a kcs. I t p ro p o se d t h e t w o h yp o th e si s i.e S D N b a se d n e two rk a n d wi th o u t n e two rk. I t is b a si ca lly re p re se n ta tio n o f p re vi o u s s tu d ie s th a t a re a p p lica b le in d e e p p a ck e t h yp o th e si s a n d D N S o f In te rn e t o f T h in g s. T h e s tu d y p ro vi d e s th e s o lu tio n t o DN S a m p lifica tio n a tt a cks w ith g e o g ra p h ic a lly d is tr ib u te d r o u te rs k n o w n a s B a rr ie r o f R o u te rs (B O R ). T h e se a re u s e d t o r o u te t h e t ra ff ic in flo w a n d o u tflo w o f n e tw o rk. T h e se b a rr ie rs sca n t h e tr a ffic to d e te ct t h e DN S b a se d DD o S a tt a cks. T h is s tu d y u se s th e No ve l D N S r e sp o n se p a ck e t ro u tin g s c h e m e t o p re ve n t t h e DD o S a tt a cks. It in te n d s th e DD o S a tt a cks to d e st ru ct it se lf u si n g IP s p o o fin g . T h is h a p p e n s if th e p a th o f D N S re sp o n s e p a cke t is s a m e a s th a t o f re q u e st p a cke t. D e te ct io n T e ch n iq u e T w o h yp o th e si s - n e two rk w ith S D N a n d n e tw o rk w ith o u t S D N (B O R ) B a rr ie r o f ro u te rs N o ve l D N S r e sp o n se p a cke t ro u tin g s ch e m e R e fe re n c e s [3 2 ] [3 3 ] [3 4 ] Y e a r
2019 2018 2019
INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH, VOL 1, ISSUE 1
6636
4.
CONCLUSION
The purpose of this paper is to find out the different reviews on HTTP DDoS attack in SDN. We have considered few papers which are very close to our study and are quite relevant. Although not much work has been done in this domain, yet we have found the research proposals by different researchers which may better detect and mitigate the attacks. Also we have studied the techniques and key rationales of these papers. The main security issues as discussed like
unauthorized access of application, configuration issues, malicious applications and denial of service attacks are highlighted research problems to be worked on in near future. As our research problem and this article we are working on DDoS attacks on application layer of SDN network. In the future, the work on detection and defense of HTTP DDoS attack in SDN could be considered as serious area of research. New detection techniques and methods need to be developed against attacks. Also, from the study we found the most suitable emulator to be used is MININET for better performance and understanding. A new mitigation framework will be developed in future after analyzing the research gaps highlighted in this research article.
5.
REFERENCES:
[1]. Dayal, Neelam, Prasenjit Maity, Shashank Srivastava and M. Rahamatullah Khondoker. ―Research Trends in Security and DDoS in SDN.‖ Security and Communication Networks9: 6386-6411. (2016) [2]. K. Hong, Y. Kim, H. Choi and J. Park, "SDN-Assisted
Slow HTTP DDoS Attack Defense Method," in IEEE Communications Letters, vol. 22, no. 4, pp. 688-691doi: 10.1109/LCOMM.2017.2766636. (2018) [3]. Khundrakpam Johnson Singh, Tanmay De, ―MLP-GA
based algorithm to detect application layer DDoS attack‖, Journal of Information Security and Applications, Volume 36, Pages 145-153, ISSN 2214-2126, https://doi.org/10.1016/j.jisa.2017.09.004. (2017)
[4]. R. Durner, C. Lorenz, M. Wiedemann and W. Kellerer, "Detecting and mitigating denial of service attacks against the data plane in software defined networks," 2017 IEEE Conference on Network Softwarization (NetSoft), Bologna, pp. 1-6.doi: 10.1109/NETSOFT.2017.8004229. (2017)
[5]. M. V. O. De Assis, M. P. Novaes, C. B. Zerbini, L. F.
Carvalho, T. Abrãao and M. L. Proença, "Fast Defense System Against Attacks in Software Defined Networks," in IEEE Access, vol. 6, pp. 69620-69639, doi: 10.1109/ACCESS.2018.2878576. (2018)
[6]. Ariff Aizuddin Mohd Atan, Ahmad & Megat Mohamed Noor, Megat Norulazmi &Akimi, Shadil & Zainal Abidin, Shadil Akimi, DNS amplification attack detection and mitigation via sFlow with security-centric SDN.1-7. 10.1145/3022227.3022230. (2017) [7]. Y. Lin, J. Kuo, D. Yang and W. Chen, "A cost-effective
shuffling-based defense against HTTP DDoS attacks with SDN/NFV," 2017 IEEE International Conference on Communications (ICC), Paris, pp. 1-7. doi: 10.1109/ICC.2017.7997190. (2017)
[8]. Grigoryan, Garegin& Liu, Yaoqing. LAMP: prompt application layer attack mitigation with programmable
data planes. 158-159. 10.1145/3230718.3232106. (2018)
[9]. K. Kalkan, G. Gur and F. Alagoz, "Defense Mechanisms against DDoS Attacks in SDN Environment," in IEEE Communications Magazine,
vol. 55, no. 9, pp. 175-179, doi:
10.1109/MCOM.2017.1600970. (2017)
[10]. Gera, J., &Battula, B. P. (2018). Detection of spoofed and non-spoofed DDoS attacks and discriminating them from flash crowds. EURASIP Journal on Information Security, doi:10.1186/s13635-018-0079-6. (2018)
[11]. Yan, Q., Yu, F. R., Gong, Q., & Li, J. Software-Defined Networking (SDN) and Distributed Denial of Service (DDoS) Attacks in Cloud Computing Environments: A Survey, Some Research Issues, and Challenges. IEEE Communications Surveys & Tutorials, 18(1), 602–622.doi:10.1109/comst.2015.2487361. (2016) [12]. Wang, Bing et al. ―DDoS attack protection in the era
of cloud computing and Software-Defined Networking.‖ Computer Networks 81: 308-319. ( (2015)
[13]. Fichera, Silvia et al. ―OPERETTA: An OPEnflow-based REmedy to mitigate TCP SYNFLOOD Attacks against web servers.‖ Computer Networks 92: 89-100. (2015)
[14]. Wang, Xiulei et al. ―SDSNM: A Software-Defined Security Networking Mechanism to Defend against DDoS Attacks.‖ 2015 Ninth International Conference on Frontier of Computer Science and Technology : 115-121. (2015)
[15]. Dhawan, Mohan et al. ―SPHINX: Detecting Security Attacks in Software-Defined Networks.‖ NDSS (2015). [16]. Shin, Seungwon and GuofeiGu. ―Attacking software-defined networks: a first feasibility study.‖ HotSDN (2013).
[17]. Wang, Haopei et al. ―FloodGuard: A DoS Attack Prevention Extension in Software-Defined Networks.‖ 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks : 239-250. (2015)
[18]. Singh, B., Kumar, K., & Bhandari, A.. Simulation studyof application layer DDoS attack. In Green Computing and Internet of Things (ICGCIoT), 2015 International Conference on (pp. 893-898). IEEE. (2015)
[19]. Wang, Rui et al. ―An Entropy-Based Distributed DDoS Detection Mechanism in Software-Defined Networking.‖ 2015 IEEE Trustcom/BigDataSE/ISPA 1: 310-317. (2015)
[20]. Luo, Shibo et al. ―A Defense Mechanism for Distributed Denial of Service Attack in Software-Defined Networks.‖ 2015 Ninth International Conference on Frontier of Computer Science and Technology : 325-329. (2015)
[21]. R. Durner, C. Lorenz, M. Wiedemann and W. Kellerer, "Detecting and mitigating denial of service attacks against the data plane in software defined networks," 2017 IEEE Conference on Network Softwarization (NetSoft), Bologna, pp. 1-6. doi: 10.1109/NETSOFT.2017.8004229. (2017)
Software-6637
Defined Networks," in IEEE Latin America Transactions, vol. 16, no. 8, pp. 2296-2301, doi: 10.1109/TLA.2018.8528249. (2018)
[23]. Bhandari, A., Sangal, A. L., & Kumar, K. Characterizing flash events and distributed denial-of-service attacks: an empirical investigation. Security
and Communication Networks, n/a–
n/a.doi:10.1002/sec.1472, (2016).
[24]. C. Buragohain and N. Medhi, "FlowTrApp: An SDN Based Architecture for DDoS Attack Detection and Mitigation in Data Centers," in 3rd International Conference on Signal Processing and Integrated Networks (SPIN ), (2016)
[25]. Y.-L. Hu and W.-B. Su, "Design of Event-Based Intrusion Detection System on OpenFlow Network," in 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), (2013) [26]. Zebari, R. R., Zeebaree, S. R. M., &Jacksi, K.. Impact
Analysis of HTTP and SYN Flood DDoS Attacks on Apache 2 and IIS 10.0 Web Servers. 2018 International Conference on Advanced Science and Engineering
(ICOASE).doi:10.1109/icoase.2018.8548783. (2018) [27]. Gabriel IM, Valeriu PV. Achieving DdoS resiliency in a
software defined network by Intelligent Risk Assessment based on neural networks and danger theory. 5th IEEE International Symposium on Computational Intelligence and Informatics;319–324. (2014)
[28]. Wei L, Fung C. FlowRanger: A Request Prioritizing Algorithm for Controller DoS Attacks in Software Defined Networks, IEEE ICC. Next Generation Networking Symposium, (2015)
[29]. Wang, B., Zheng, Y., Lou, W., &Hou, Y. T. DDoS attack protection in the era of cloud computing and Software-Defined Networking. Computer Networks, 81, 308–319.doi:10.1016/j.comnet.2015.02.026. (2015)
[30]. Kim, S., Lee, S., Cho, G., Ahmed, M. E., Jeong, J., & Kim, H. Preventing DNS Amplification Attacks Using the History of DNS Queries with SDN. Lecture Notes in Computer Science, 135–152.doi:10.1007/978-3-319-66399-9_8 55–60. (2017)
[31]. Khalaf, B. A., Mostafa, S. A., Mustapha, A., & Abdullah, N. An Adaptive Model for Detection and Prevention of DDoS and Flash Crowd Flooding Attacks. 2018 International Symposium on Agent,
Multi-Agent Systems and Robotics
(ISAMSR).doi:10.1109/isamsr.2018.8540546. (2018) [32]. S. Saharan and V. Gupta. Prevention and Mitigation
of DNS based DDoS attacks in SDN Environment. 11th International Conference on Communication Systems & Networks (COMSNETS), Bengaluru, India, pp. 571-573. doi: 10.1109/COMSNETS.2019.8711258 (2019)
[33]. Gupta, V., & Sharma, E. Mitigating DNS Amplification Attacks Using a Set of Geographically Distributed SDN Routers. 2018 International Conference on Advances in Computing, Communications and Informatics
(ICACCI).doi:10.1109/icacci.2018.8554459 (2018) [34]. Mittal, G., & Gupta, V. KarmaNet: SDN Solution to
DNS-Based Denial-of-Service. Security in Computing
and Communications, 431–442. doi:10.1007/978-981-13-5826-5_33 (2019)
[35]. https://www.mcafee.com/enterprise/en-in/threat-center/mcafee-labs/reports.html
[36]. https://securelist.com/kaspersky-security-bulletin-threat-predictions-for-2019/88878/
