The limitations of network resource and the dispersion of network management are the two major difficulties for traditional networks to address the Distributed Denial of Service (DDoS) attacks. However, current defense methods are static and hysteresis, which are unable to locate the attackers accurately. Therefore, a dynamic defense using the two pivotal features, centralized control and dynamic management, of Software Defined Networks (SDN) is proposed. An OpenFlow-based switch shuffling model is built which employs greedy algorithm to remap user-switch link dynamically. After several shuffling, attacker could be differentiated from legitimate users and provide the latter with low latency uninterrupted services. The proposed approach is implemented in Ryu, the open source SDN controller, and the prototype is tested in a real SDN. The results of performance test show that with this approach attackers in limited times of shuffling can be isolated and the effects of DDoS attacks on legal flows can be reduced. The outcomes of defense ability test demonstrate that the efficiency of the proposed dynamic approach has nothing to do with the size of attack flow, but is only related to the number of attackers in the ring topology structure which is composed of a single controller.
PRAS A, SANTANNA J, and STEINBERGER J. DDoS 3.0-How Terrorists Bring Down the Internet[M]. New York: Springer, 2016: 1-4. doi: 10.1007/978-3-319-31559-1_1.
[2]
YADAV V K, TRIVEDI C, and MEHTRE M. DDA: an approach to handle DDoS (Ping Flood) attack[C]. International Conference on ICT for Sustainable Development, Singapore, 2016: 11-23. doi: rg/10.1007/978- 981-10-0129-1_2.
[3]
NAGPAL B, SHARMA P, and CHAUHAN N. DDoS tools: classification, analysis and comparison[C]. IEEE International Conference on Computing for Sustainable Global Development, New Delhi, India, 2015: 342-346.
[4]
LIU Xia, YANG Xin, and XIA Yu. Netfence: preventing internet denial of service from inside out[C]. ACM Sigcomm Computer Communication Review, New York, NY, USA, 2010: 255-266. doi: 10.1145/1851182.1851214.
[5]
BRAGA R, MOTA E, and PASSITO A. Lightweight DDoS flooding attack detection using NOX/OpenFlow[C]. International Conference on Local Computer Networks, Washington, DC, USA, 2010: 408-415. doi: 10.1109/lcn. 2010.5735752.
[6]
YEGANEH S and CANJALI Y. Kandoo: a framework for efficient and scalable offloading of control applications[C]. ACM Workshop on Hot Topics in Software Defined Networks, Helsinki, Finland, 2012: 19-24. doi: 10.1145/ 2342441. 2342446.
[7]
SHIN S and PORRAS P. AVANT-GUARD: scalable and vigilant switch flow management in software-defined networks[C]. International Conference on Computer and Communications Security. Berlin, Germany, 2013: 413-424. doi: 10.1145 /2508859.2516684.
[8]
LIM S, HA J, KIM H, et al. A SDN-oriented DDoS blocking scheme for botnet-based attacks[C]. International Conference on Ubiquitous and Future Networks, Shanghai, China, 2014: 63-68. doi: 10.1109/icufn.2014.6876752.
[9]
JOHNSON N and KOTZ S. Urn models and their applications: an approach to modern discrete probability theory[J]. Journal of International Statistical Review, 1978, 20(4): 104-119. doi: 10.2307/3617688.
[10]
EGER S. Stirling’s approximation for central extended binomial coefficients[J]. Journal of American Mathematica, 2014, 121(4): 344-349. doi: 10.4169/amer.math.monthly.121. 04.344.
[11]
MATSUMOTO M and NISHIMURA T. Mersenne twister: a 623-dimensionally equidistributed uniform pseudo-random number generator[J], Journal of Model, 1998, 8(1): 3-30. doi: 10.1145/272991.272995.