DroPPPP: A P4 Approach to Mitigating DoS Attacks in SDN

2020-01-01
Simsek, Goksel
Bostan, Hakan
Sarica, Alper Kaan
Sarikaya, Egemen
KELEŞ, AHMET
Angın, Pelin
Alemdar, Hande
Onur, Ertan
Software-Defined Networking (SDN) has proven itself a useful technology for establishing and managing configurable, dynamic networks with the rapid deployment of services in the past decade. Despite these advantages, the fact that the functionality of SDN relies heavily on the controller with a much less capable data plane creates a single point of failure, which leaves the network susceptible to denial of service (DoS) attacks mainly targeting the controller to affect the operation of the whole network. An effective approach for mitigating DoS attacks in SDN requires identifying and stopping attacks as close to their source as possible, which will require involvement of the data plane in the mitigation strategy. In this work we propose DroPPPP, a DoS prevention approach for SDN that operates in the data plane using the P4 programming language. We demonstrate through experiments in the Mininet that lightweight processing of the packets in the data plane with DroPPPP negates significant overheads through reducing the traffic between switches while keeping the controller’s CPU usage at 0% and below 50% during spoofing and volumetric attacks.

Suggestions

Implementation and Evaluation of Age-Aware Downlink Scheduling Policies in Push-Based and Pull-Based Communication
Oğuz, Tahir Kerem; Ceran Arslan, Elif Tuğçe; Uysal, Elif; Girici, Tolga (2022-5-01)
As communication systems evolve to better cater to the needs of machine-type applications such as remote monitoring and networked control, advanced perspectives are required for the design of link layer protocols. The age of information (AoI) metric has firmly taken its place in the literature as a metric and tool to measure and control the data freshness demands of various applications. AoI measures the timeliness of transferred information from the point of view of the destination. In this study, we exper...
HyFI: Hybrid Flow Initiation in Software Defined Networks
Soltani, Ahmad; Bazlamaçcı, Cüneyt Fehmi (2014-04-03)
Software defined networking (SDN) provides techniques to facilitate the management of computer networks in a centralized and integrated architecture by separating the control plane from the data plane in packet forwarding devices and middleboxes. By creating this abstraction layer, SDN allows control of network middleboxes remotely from a controller point, which is either connected directly (out-of-band control using dedicated links) or indirectly (in-band control using the available data network links) to ...
Automatic quality of service (QOS) evaluation for domain specific web service discovery framework
Aşkaroğlu, Emra; Karagöz, Pınar; Department of Computer Engineering (2011)
Web Service technology is one of the most rapidly developing contemporary technologies. Nowadays, Web Services are being used by a large number of projects and academic studies all over the world. As the use of Web service technology is increasing, it becomes harder to find the most suitable web service which meets the Quality of Service (QoS) as well as functional requirements of the user. In addition, quality of the web services (QoS) that take part in the software system becomes very important. In this t...
Automated Web Services Composition with the Event Calculus
Aydin, Onur; Çiçekli, Fehime Nihan; Cicekli, Ilyas (2007-10-24)
As the web services proliferate and complicate it is becoming an overwhelming job to manually prepare the web service compositions which describe the communication and integration between web services. This paper analyzes the usage of the Event Calculus, which is one of the logical action-effect definition languages, for the automated preparation and execution of web service compositions. In this context, abductive planning capabilities of the Event Calculus are utilized. It is shown that composite process ...
Placement of 5G RAN Slices in Multi-tier O-RAN 5G Networks with Flexible Functional Splits
Sarikaya, Egemen; Onur, Ertan (2021-01-01)
The network slicing concept has gained much attention with the development of software-defined network and network function virtualization technologies, enabling logically isolated networks for different purposes in the same network infrastructure. The virtualization of network functions enables the functional split of radio access network functions to fulfill different 5G radio access network requirements. Functional split can be expressed as deciding the distribution of radio access network functionalitie...
Citation Formats
G. Simsek et al., “DroPPPP: A P4 Approach to Mitigating DoS Attacks in SDN,” 2020, Accessed: 00, 2020. [Online]. Available: https://hdl.handle.net/11511/35298.