期刊
IEEE SYSTEMS JOURNAL
卷 14, 期 2, 页码 1933-1944出版社
IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
DOI: 10.1109/JSYST.2019.2927223
关键词
Control systems; Protocols; Denial-of-service attack; Monitoring; Routing; Feature extraction; Computer crime; Denial-of-service (DoS) attacks; detection and mitigation system; DoS mitigation; software-defined networking (SDN)
类别
资金
- Higher Education Commission of Pakistan [PIN 315-7318-2EG3-116]
- National Center in Cyber Security, Pakistan, through the Critical Infrastructure Protection and Malware Analysis Lab, Pakistan Institute of Engineering and Applied Sciences
Software-defined networking (SDN) is becoming more and more popular due to its key features like scalability, flexibility, and monitoring. SDN simplifies the network management and enables innovations in the network architecture and protocols. However, this flexible architecture also makes it vulnerable to different types of attacks, such as flooding, spoofing, and denial-of-service (DoS). Among these attacks, the DoS attack has the most severe impact as it can overwhelm the major components of SDN to degrade its performance. In this paper, we propose a simple and lightweight detection and mitigation system (DAISY) to secure SDN from DoS attacks by blocking malicious traffic from the attacker, after analyzing the collected statistics. The proposed system specifically blocks malicious traffic rather than blocking the whole port or a host. In addition, it unblocks a port or a host when there is no more malicious traffic originating from it. We evaluate our proposed system by comparing it with other approaches, and the simulation results show increased performance of SDN with DAISY in terms of CPU usage, response time, control channel bandwidth, packet delivery ratio, and flow requests sent to the controller.
作者
我是这篇论文的作者
点击您的名字以认领此论文并将其添加到您的个人资料中。
推荐
暂无数据