DroPPPP: A P4 Approach to Mitigating DoS Attacks in SDN

2020-01-01
Simsek, Goksel
Bostan, Hakan
Sarica, Alper Kaan
Sarikaya, Egemen
KELEŞ, AHMET
Angın, Pelin
Alemdar, Hande
Onur, Ertan
Software-Defined Networking (SDN) has proven itself a useful technology for establishing and managing configurable, dynamic networks with the rapid deployment of services in the past decade. Despite these advantages, the fact that the functionality of SDN relies heavily on the controller with a much less capable data plane creates a single point of failure, which leaves the network susceptible to denial of service (DoS) attacks mainly targeting the controller to affect the operation of the whole network. An effective approach for mitigating DoS attacks in SDN requires identifying and stopping attacks as close to their source as possible, which will require involvement of the data plane in the mitigation strategy. In this work we propose DroPPPP, a DoS prevention approach for SDN that operates in the data plane using the P4 programming language. We demonstrate through experiments in the Mininet that lightweight processing of the packets in the data plane with DroPPPP negates significant overheads through reducing the traffic between switches while keeping the controller’s CPU usage at 0% and below 50% during spoofing and volumetric attacks.

Suggestions

Automatic quality of service (QOS) evaluation for domain specific web service discovery framework
Aşkaroğlu, Emra; Karagöz, Pınar; Department of Computer Engineering (2011)
Web Service technology is one of the most rapidly developing contemporary technologies. Nowadays, Web Services are being used by a large number of projects and academic studies all over the world. As the use of Web service technology is increasing, it becomes harder to find the most suitable web service which meets the Quality of Service (QoS) as well as functional requirements of the user. In addition, quality of the web services (QoS) that take part in the software system becomes very important. In this t...
Automated Web Services Composition with the Event Calculus
Aydin, Onur; Çiçekli, Fehime Nihan; Cicekli, Ilyas (2007-10-24)
As the web services proliferate and complicate it is becoming an overwhelming job to manually prepare the web service compositions which describe the communication and integration between web services. This paper analyzes the usage of the Event Calculus, which is one of the logical action-effect definition languages, for the automated preparation and execution of web service compositions. In this context, abductive planning capabilities of the Event Calculus are utilized. It is shown that composite process ...
HyFI: Hybrid Flow Initiation in Software Defined Networks
Soltani, Ahmad; Bazlamaçcı, Cüneyt Fehmi (2014-04-03)
Software defined networking (SDN) provides techniques to facilitate the management of computer networks in a centralized and integrated architecture by separating the control plane from the data plane in packet forwarding devices and middleboxes. By creating this abstraction layer, SDN allows control of network middleboxes remotely from a controller point, which is either connected directly (out-of-band control using dedicated links) or indirectly (in-band control using the available data network links) to ...
Pooling through lateral transshipments in service parts systems
Satir, Benhur; Savaşaneril Tüfekci, Seçil; Serin, Yaşar Yasemin (2012-07-16)
We study the inventory management problem of a service center operating in a decentralized service parts network. The service centers collaborate through inventory and service pooling, and through sharing information on the inventory status. Upon demand arrival, a service center may request a part from the other center, in which case a payment is made. Under this competitive and collaborative environment, we first characterize the optimal operating policy of an individual service center. Through computation...
Machine learning algorithms for accurate flow-based network traffic classification: Evaluation and comparison
Soysal, Murat; Schmidt, Şenan Ece (Elsevier BV, 2010-06-01)
The task of network management and monitoring relies on an accurate characterization of network traffic generated by different applications and network protocols. We employ three supervised machine learning (ML) algorithms, Bayesian Networks, Decision Trees and Multilayer Perceptrons for the flow-based classification of six different types of Internet traffic including peer-to-peer (P2P) and content delivery (Akamai) traffic. The dependency of the traffic classification performance on the amount and composi...
Citation Formats
G. Simsek et al., “DroPPPP: A P4 Approach to Mitigating DoS Attacks in SDN,” 2020, Accessed: 00, 2020. [Online]. Available: https://hdl.handle.net/11511/35298.