Mitigando a Ameaça dos Ataques Slow DDoS a Redes SDN usando Consolidação de Regras
Abstract
This paper presents an approach to mitigate denial of service attacks that exploit the architecture of SDN networks, focusing on low-flow attacks on TCAM memory. The TCAM attack can result in the unavailability of SDN switches, since their TCAM memory is completely occupied by malicious rules coming from a botnet. To face this type of attack, we propose the use of rule consolidation in SDN networks. This approach consists of reducing TCAM memory usage by consolidating similar rules, which avoids excessive resource consumption and minimizes the impact caused by the Slow-TCAM attack.
References
Alsaeedi, M., Mohamad, M. M., and Al-Roubaiey, A. A. (2019). Toward adaptive and scalable openflow-sdn flow control: A survey. IEEE Access, 7:107346–107379.
Altangerel, G., Chuluuntsetseg, T., and Yamkhin, D. (2019). Performance analysis of sdn controllers: Pox, floodlight and opendaylight.
Applegate, D. A., Calinescu, G., Johnson, D. S., Karloff, H., Ligett, K., and Wang, J. (2007). Compressing rectilinear pictures and minimizing access control lists. In Proceedings of the Eighteenth Annual ACM-SIAM Symposium on Discrete Algorithms, SODA ’07, page 1066–1075, USA. Society for Industrial and Applied Mathematics.
Curtis, A. R., Mogul, J. C., Tourrilhes, J., Yalagandula, P., Sharma, P., and Banerjee, S. (2011). Devoflow: Scaling flow management for high-performance networks. In Proceedings of the ACM SIGCOMM 2011 Conference, SIGCOMM ’11, page 254–265, New York, NY, USA. Association for Computing Machinery.
Hong, K., Kim, Y., Choi, H., and Park, J. (2018). Sdn-assisted slow http ddos attack defense method. IEEE communications letters, 22(4):688–691.
Jiahao Cao, Mingwei Xu, Q. L. K. S. Y. Y. (2022). The loft attack: Overflowing sdn flow tables at a low rate. IEEE/ACM TRANSACTIONS ON NETWORKING, pages 1–16.
JMeter (2023). Jmeter. https://jmeter.apache.org/.
Lin, H.-T. and Wang, P.-C. (2023). Tcam-based packet classification for many-field rules of sdns. Computer Communications, 203:89–98.
Luo, S., Yu, H., and Li, L. (2015). Practical flow table aggregation in sdn. Computer Networks, 92:72–88.
Minh, Q. T., Van Le, A., Dang, T. K., Nam, T., and Kitahara, T. (2019). Flow aggregation for sdn-based delay-insensitive traffic control in mobile core networks. IET Communications, 13(8):1051–1060.
Pascoal, T. A., Dantas, Y. G., Fonseca, I. E., and Nigam, V. (2017). Slow tcam exhaustion ddos attack. In IFIP International Conference on ICT Systems Security and Privacy Protection, pages 17–31. Springer.
Pascoal, T. A., Fonseca, I. E., and Nigam, V. (2020). Slow denial-of-service attacks on software defined networks. Comput. Networks, 173:107223.
Punitha, V., Mala, C., and Rajagopalan, N. (2020). A novel deep learning model for detection of denial of service attacks in http traffic over internet. International Journal of Ad Hoc and Ubiquitous Computing, 33(4):240–256.
Yoon, C., Lee, S., Kang, H., Park, T., Shin, S., Yegneswaran, V., Porras, P., and Gu, G. (2017). Flow wars: Systemizing the attack surface and defenses in software-defined networks. IEEE/ACM Trans. Netw., 25(6):3514–3530.
Yungaicela-Naula, N. M., Vargas-Rosales, C., Perez-Diaz, J. A., and Carrera, D. F. (2022). A flexible sdn-based framework for slow-rate ddos attack mitigation by using deep reinforcement learning. Journal of network and computer applications, 205:103444.
Altangerel, G., Chuluuntsetseg, T., and Yamkhin, D. (2019). Performance analysis of sdn controllers: Pox, floodlight and opendaylight.
Applegate, D. A., Calinescu, G., Johnson, D. S., Karloff, H., Ligett, K., and Wang, J. (2007). Compressing rectilinear pictures and minimizing access control lists. In Proceedings of the Eighteenth Annual ACM-SIAM Symposium on Discrete Algorithms, SODA ’07, page 1066–1075, USA. Society for Industrial and Applied Mathematics.
Curtis, A. R., Mogul, J. C., Tourrilhes, J., Yalagandula, P., Sharma, P., and Banerjee, S. (2011). Devoflow: Scaling flow management for high-performance networks. In Proceedings of the ACM SIGCOMM 2011 Conference, SIGCOMM ’11, page 254–265, New York, NY, USA. Association for Computing Machinery.
Hong, K., Kim, Y., Choi, H., and Park, J. (2018). Sdn-assisted slow http ddos attack defense method. IEEE communications letters, 22(4):688–691.
Jiahao Cao, Mingwei Xu, Q. L. K. S. Y. Y. (2022). The loft attack: Overflowing sdn flow tables at a low rate. IEEE/ACM TRANSACTIONS ON NETWORKING, pages 1–16.
JMeter (2023). Jmeter. https://jmeter.apache.org/.
Lin, H.-T. and Wang, P.-C. (2023). Tcam-based packet classification for many-field rules of sdns. Computer Communications, 203:89–98.
Luo, S., Yu, H., and Li, L. (2015). Practical flow table aggregation in sdn. Computer Networks, 92:72–88.
Minh, Q. T., Van Le, A., Dang, T. K., Nam, T., and Kitahara, T. (2019). Flow aggregation for sdn-based delay-insensitive traffic control in mobile core networks. IET Communications, 13(8):1051–1060.
Pascoal, T. A., Dantas, Y. G., Fonseca, I. E., and Nigam, V. (2017). Slow tcam exhaustion ddos attack. In IFIP International Conference on ICT Systems Security and Privacy Protection, pages 17–31. Springer.
Pascoal, T. A., Fonseca, I. E., and Nigam, V. (2020). Slow denial-of-service attacks on software defined networks. Comput. Networks, 173:107223.
Punitha, V., Mala, C., and Rajagopalan, N. (2020). A novel deep learning model for detection of denial of service attacks in http traffic over internet. International Journal of Ad Hoc and Ubiquitous Computing, 33(4):240–256.
Yoon, C., Lee, S., Kang, H., Park, T., Shin, S., Yegneswaran, V., Porras, P., and Gu, G. (2017). Flow wars: Systemizing the attack surface and defenses in software-defined networks. IEEE/ACM Trans. Netw., 25(6):3514–3530.
Yungaicela-Naula, N. M., Vargas-Rosales, C., Perez-Diaz, J. A., and Carrera, D. F. (2022). A flexible sdn-based framework for slow-rate ddos attack mitigation by using deep reinforcement learning. Journal of network and computer applications, 205:103444.
Published
2023-09-18
How to Cite
ALBUQUERQUE JR., Francisco de A. C. de; FONSECA, Iguatemi E..
Mitigando a Ameaça dos Ataques Slow DDoS a Redes SDN usando Consolidação de Regras. In: BRAZILIAN SYMPOSIUM ON INFORMATION AND COMPUTATIONAL SYSTEMS SECURITY (SBSEG), 23. , 2023, Juiz de Fora/MG.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2023
.
p. 293-306.
DOI: https://doi.org/10.5753/sbseg.2023.232808.
