Mitigando a Ameaça dos Ataques Slow DDoS a Redes SDN usando Consolidação de Regras
Resumo
Este artigo apresenta uma abordagem para mitigar ataques de negação de serviço que exploram a arquitetura das redes SDN, com foco em ataques de baixo fluxo a memória TCAM. O ataque a TCAM pode resultar na indisponibilidade de switches SDN, uma vez que sua memória TCAM é preenchida completamente por regras maliciosas provenientes de uma botnet. Para enfrentar esse tipo de ataque, propomos a utilização da consolidação de regras em redes SDN. Essa abordagem consiste em reduzir o uso da memória TCAM por meio da consolidação de regras semelhantes, o que evita o consumo excessivo de recursos e minimiza o impacto causado pelo ataque Slow-TCAM.
Referências
Alsaeedi, M., Mohamad, M. M., and Al-Roubaiey, A. A. (2019). Toward adaptive and scalable openflow-sdn flow control: A survey. IEEE Access, 7:107346–107379.
Altangerel, G., Chuluuntsetseg, T., and Yamkhin, D. (2019). Performance analysis of sdn controllers: Pox, floodlight and opendaylight.
Applegate, D. A., Calinescu, G., Johnson, D. S., Karloff, H., Ligett, K., and Wang, J. (2007). Compressing rectilinear pictures and minimizing access control lists. In Proceedings of the Eighteenth Annual ACM-SIAM Symposium on Discrete Algorithms, SODA ’07, page 1066–1075, USA. Society for Industrial and Applied Mathematics.
Curtis, A. R., Mogul, J. C., Tourrilhes, J., Yalagandula, P., Sharma, P., and Banerjee, S. (2011). Devoflow: Scaling flow management for high-performance networks. In Proceedings of the ACM SIGCOMM 2011 Conference, SIGCOMM ’11, page 254–265, New York, NY, USA. Association for Computing Machinery.
Hong, K., Kim, Y., Choi, H., and Park, J. (2018). Sdn-assisted slow http ddos attack defense method. IEEE communications letters, 22(4):688–691.
Jiahao Cao, Mingwei Xu, Q. L. K. S. Y. Y. (2022). The loft attack: Overflowing sdn flow tables at a low rate. IEEE/ACM TRANSACTIONS ON NETWORKING, pages 1–16.
JMeter (2023). Jmeter. https://jmeter.apache.org/.
Lin, H.-T. and Wang, P.-C. (2023). Tcam-based packet classification for many-field rules of sdns. Computer Communications, 203:89–98.
Luo, S., Yu, H., and Li, L. (2015). Practical flow table aggregation in sdn. Computer Networks, 92:72–88.
Minh, Q. T., Van Le, A., Dang, T. K., Nam, T., and Kitahara, T. (2019). Flow aggregation for sdn-based delay-insensitive traffic control in mobile core networks. IET Communications, 13(8):1051–1060.
Pascoal, T. A., Dantas, Y. G., Fonseca, I. E., and Nigam, V. (2017). Slow tcam exhaustion ddos attack. In IFIP International Conference on ICT Systems Security and Privacy Protection, pages 17–31. Springer.
Pascoal, T. A., Fonseca, I. E., and Nigam, V. (2020). Slow denial-of-service attacks on software defined networks. Comput. Networks, 173:107223.
Punitha, V., Mala, C., and Rajagopalan, N. (2020). A novel deep learning model for detection of denial of service attacks in http traffic over internet. International Journal of Ad Hoc and Ubiquitous Computing, 33(4):240–256.
Yoon, C., Lee, S., Kang, H., Park, T., Shin, S., Yegneswaran, V., Porras, P., and Gu, G. (2017). Flow wars: Systemizing the attack surface and defenses in software-defined networks. IEEE/ACM Trans. Netw., 25(6):3514–3530.
Yungaicela-Naula, N. M., Vargas-Rosales, C., Perez-Diaz, J. A., and Carrera, D. F. (2022). A flexible sdn-based framework for slow-rate ddos attack mitigation by using deep reinforcement learning. Journal of network and computer applications, 205:103444.
Altangerel, G., Chuluuntsetseg, T., and Yamkhin, D. (2019). Performance analysis of sdn controllers: Pox, floodlight and opendaylight.
Applegate, D. A., Calinescu, G., Johnson, D. S., Karloff, H., Ligett, K., and Wang, J. (2007). Compressing rectilinear pictures and minimizing access control lists. In Proceedings of the Eighteenth Annual ACM-SIAM Symposium on Discrete Algorithms, SODA ’07, page 1066–1075, USA. Society for Industrial and Applied Mathematics.
Curtis, A. R., Mogul, J. C., Tourrilhes, J., Yalagandula, P., Sharma, P., and Banerjee, S. (2011). Devoflow: Scaling flow management for high-performance networks. In Proceedings of the ACM SIGCOMM 2011 Conference, SIGCOMM ’11, page 254–265, New York, NY, USA. Association for Computing Machinery.
Hong, K., Kim, Y., Choi, H., and Park, J. (2018). Sdn-assisted slow http ddos attack defense method. IEEE communications letters, 22(4):688–691.
Jiahao Cao, Mingwei Xu, Q. L. K. S. Y. Y. (2022). The loft attack: Overflowing sdn flow tables at a low rate. IEEE/ACM TRANSACTIONS ON NETWORKING, pages 1–16.
JMeter (2023). Jmeter. https://jmeter.apache.org/.
Lin, H.-T. and Wang, P.-C. (2023). Tcam-based packet classification for many-field rules of sdns. Computer Communications, 203:89–98.
Luo, S., Yu, H., and Li, L. (2015). Practical flow table aggregation in sdn. Computer Networks, 92:72–88.
Minh, Q. T., Van Le, A., Dang, T. K., Nam, T., and Kitahara, T. (2019). Flow aggregation for sdn-based delay-insensitive traffic control in mobile core networks. IET Communications, 13(8):1051–1060.
Pascoal, T. A., Dantas, Y. G., Fonseca, I. E., and Nigam, V. (2017). Slow tcam exhaustion ddos attack. In IFIP International Conference on ICT Systems Security and Privacy Protection, pages 17–31. Springer.
Pascoal, T. A., Fonseca, I. E., and Nigam, V. (2020). Slow denial-of-service attacks on software defined networks. Comput. Networks, 173:107223.
Punitha, V., Mala, C., and Rajagopalan, N. (2020). A novel deep learning model for detection of denial of service attacks in http traffic over internet. International Journal of Ad Hoc and Ubiquitous Computing, 33(4):240–256.
Yoon, C., Lee, S., Kang, H., Park, T., Shin, S., Yegneswaran, V., Porras, P., and Gu, G. (2017). Flow wars: Systemizing the attack surface and defenses in software-defined networks. IEEE/ACM Trans. Netw., 25(6):3514–3530.
Yungaicela-Naula, N. M., Vargas-Rosales, C., Perez-Diaz, J. A., and Carrera, D. F. (2022). A flexible sdn-based framework for slow-rate ddos attack mitigation by using deep reinforcement learning. Journal of network and computer applications, 205:103444.
Publicado
18/09/2023
Como Citar
ALBUQUERQUE JR., Francisco de A. C. de; FONSECA, Iguatemi E..
Mitigando a Ameaça dos Ataques Slow DDoS a Redes SDN usando Consolidação de Regras. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 23. , 2023, Juiz de Fora/MG.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2023
.
p. 293-306.
DOI: https://doi.org/10.5753/sbseg.2023.232808.
