A Dynamic Defense Mechanism for SDN DoS Attacks Based on Network Resource Management Technology
-
Graphical Abstract
-
Abstract
Software defined networking (SDN) has quickly emerged as a new communication network management paradigm and greatly changed the traditional network architecture. It provides fine-grained network management service by decoupling the control plane from the data plane. However, due to the separation of control plane from data plane, controller is easy to be the attacking target of DoS. To address this problem, we make a comprehensive research on DoS attacks in SDN, and propose MinDoS, a lightweight and effective DoS mitigation method. MinDoS mainly contains two key techniques/modules: simplified DoS detection module and priority manager. MinDoS can divide flow requests into multiple buffer queues with different priorities according to the users’ trust values. For a better protection towards controller under DoS attacks, this method then uses the SDN controller to schedule processing these flow requests by a dual polling mechanism. In addition, the design of MinDoS is also combined with dynamic controller assignment strategy so as to minimize the average response time of the control plane and improve the quality of service. Finally, we evaluate the performance of MinDoS in the single controller experimental environment and multi-controller experimental environment respectively. The experimental results show that the defense effect of MinDoS works well and the designed system meets the design objective basically.
-
-