Affordable Access

Access to the full text

An SDN-Assisted Defense Mechduanism for the Shrew DDoS Attack in a Cloud Computing Environment

Authors
  • Agrawal, Neha1
  • Tapaswi, Shashikala2
  • 1 Indian Institute of Information Technology Sri City, Chittoor, Andhra Pradesh, India , Chittoor (India)
  • 2 ABV- Indian Institute of Information Technology and Management, Gwalior, India , Gwalior (India)
Type
Published Article
Journal
Journal of Network and Systems Management
Publisher
Springer US
Publication Date
Jan 20, 2021
Volume
29
Issue
2
Identifiers
DOI: 10.1007/s10922-020-09580-7
Source
Springer Nature
Keywords
License
Yellow

Abstract

The integration of cloud computing with Software Defined Networking (SDN) addresses several challenges of a typical cloud infrastructure such as complex inter-networking, data collection, fast response, etc. Though SDN-based cloud opens new opportunities, the SDN controller may itself become vulnerable to several attacks. The unique features of SDN are used by the attackers to implement the severe Distributed Denial of Service (DDoS) attacks. Several approaches are available in literature to defend against the traditional DDoS flooding attacks in SDN-cloud. To elude the detection systems, attackers try to employ the cultivated attack strategies. Such sophisticated DDoS attack strategies are implemented by generating low-rate attack traffic. The most common type of Low-Rate DDoS (LR-DDoS) attack is the Shrew attack. The existing approaches are not capable to detect, mitigate, and traceback such attacks. Thus, this work discusses a new mechanism which not only detects and mitigates the shrew attack but traces back the location of the attack sources as well. The attack is detected using the information entropy variations, and the attack sources are traced-back using the deterministic packet marking scheme. The experiments are performed in a real SDN-cloud scenario, and the experimental results show that the approach requires 1 packet and 8.27 packets on an average to locate the bots and attackers respectively. The approach detects and traces back the attack sources in between 14.45 ms to 10.02 s and provides 97.6% accuracy.

Report this publication

Statistics

Seen <100 times