DoSDefender: A Kernel-Mode TCP DoS Prevention in Software-Defined Networking
The limited computation resource of the centralized controller and communication bandwidth between the control and data planes become the bottleneck in forwarding the packets in Software-Defined Networking (SDN). Denial of Service (DoS) attacks based on Transmission Control Protocol (TCP) can exhaus...
| Main Authors: | , , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2023-06-01
|
| Series: | Sensors |
| Subjects: | |
| Online Access: | https://www.mdpi.com/1424-8220/23/12/5426 |
| _version_ | 1827735673847676928 |
|---|---|
| author | Dongbin Wang Yu Zhao Hui Zhi Dongzhe Wu Weihan Zhuo Yueming Lu Xu Zhang |
| author_facet | Dongbin Wang Yu Zhao Hui Zhi Dongzhe Wu Weihan Zhuo Yueming Lu Xu Zhang |
| author_sort | Dongbin Wang |
| collection | DOAJ |
| description | The limited computation resource of the centralized controller and communication bandwidth between the control and data planes become the bottleneck in forwarding the packets in Software-Defined Networking (SDN). Denial of Service (DoS) attacks based on Transmission Control Protocol (TCP) can exhaust the resources of the control plane and overload the infrastructure of SDN networks. To mitigate TCP DoS attacks, DoSDefender is proposed as an efficient kernel-mode TCP DoS prevention framework in the data plane for SDN. It can prevent TCP DoS attacks from entering SDN by verifying the validity of the attempts to establish a TCP connection from the source, migrating the connection, and relaying the packets between the source and the destination in kernel space. DoSDefender conforms to the de facto standard SDN protocol, the OpenFlow policy, which requires no additional devices and no modifications in the control plane. Experimental results show that DoSDefender can effectively prevent TCP DoS attacks in low computing consumption while maintaining low connection delay and high packet forwarding throughput. |
| first_indexed | 2024-03-11T01:58:04Z |
| format | Article |
| id | doaj.art-785f8d1b1b19456ea26bba917ca4c1fe |
| institution | Directory Open Access Journal |
| issn | 1424-8220 |
| language | English |
| last_indexed | 2024-03-11T01:58:04Z |
| publishDate | 2023-06-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Sensors |
| spelling | doaj.art-785f8d1b1b19456ea26bba917ca4c1fe2023-11-18T12:30:51ZengMDPI AGSensors1424-82202023-06-012312542610.3390/s23125426DoSDefender: A Kernel-Mode TCP DoS Prevention in Software-Defined NetworkingDongbin Wang0Yu Zhao1Hui Zhi2Dongzhe Wu3Weihan Zhuo4Yueming Lu5Xu Zhang6School of Cyberspace Engineering, Beijing University of Posts and Telecommunications, Beijing 100876, ChinaSchool of Cyberspace Engineering, Beijing University of Posts and Telecommunications, Beijing 100876, ChinaTravelSky Technology Limited, Beijing 100190, ChinaSchool of Cyberspace Engineering, Beijing University of Posts and Telecommunications, Beijing 100876, ChinaTencent, Shenzhen 518000, ChinaSchool of Cyberspace Engineering, Beijing University of Posts and Telecommunications, Beijing 100876, ChinaSchool of Cyberspace Engineering, Beijing University of Posts and Telecommunications, Beijing 100876, ChinaThe limited computation resource of the centralized controller and communication bandwidth between the control and data planes become the bottleneck in forwarding the packets in Software-Defined Networking (SDN). Denial of Service (DoS) attacks based on Transmission Control Protocol (TCP) can exhaust the resources of the control plane and overload the infrastructure of SDN networks. To mitigate TCP DoS attacks, DoSDefender is proposed as an efficient kernel-mode TCP DoS prevention framework in the data plane for SDN. It can prevent TCP DoS attacks from entering SDN by verifying the validity of the attempts to establish a TCP connection from the source, migrating the connection, and relaying the packets between the source and the destination in kernel space. DoSDefender conforms to the de facto standard SDN protocol, the OpenFlow policy, which requires no additional devices and no modifications in the control plane. Experimental results show that DoSDefender can effectively prevent TCP DoS attacks in low computing consumption while maintaining low connection delay and high packet forwarding throughput.https://www.mdpi.com/1424-8220/23/12/5426software-defined networkingdenial of serviceconnection proxy |
| spellingShingle | Dongbin Wang Yu Zhao Hui Zhi Dongzhe Wu Weihan Zhuo Yueming Lu Xu Zhang DoSDefender: A Kernel-Mode TCP DoS Prevention in Software-Defined Networking Sensors software-defined networking denial of service connection proxy |
| title | DoSDefender: A Kernel-Mode TCP DoS Prevention in Software-Defined Networking |
| title_full | DoSDefender: A Kernel-Mode TCP DoS Prevention in Software-Defined Networking |
| title_fullStr | DoSDefender: A Kernel-Mode TCP DoS Prevention in Software-Defined Networking |
| title_full_unstemmed | DoSDefender: A Kernel-Mode TCP DoS Prevention in Software-Defined Networking |
| title_short | DoSDefender: A Kernel-Mode TCP DoS Prevention in Software-Defined Networking |
| title_sort | dosdefender a kernel mode tcp dos prevention in software defined networking |
| topic | software-defined networking denial of service connection proxy |
| url | https://www.mdpi.com/1424-8220/23/12/5426 |
| work_keys_str_mv | AT dongbinwang dosdefenderakernelmodetcpdospreventioninsoftwaredefinednetworking AT yuzhao dosdefenderakernelmodetcpdospreventioninsoftwaredefinednetworking AT huizhi dosdefenderakernelmodetcpdospreventioninsoftwaredefinednetworking AT dongzhewu dosdefenderakernelmodetcpdospreventioninsoftwaredefinednetworking AT weihanzhuo dosdefenderakernelmodetcpdospreventioninsoftwaredefinednetworking AT yueminglu dosdefenderakernelmodetcpdospreventioninsoftwaredefinednetworking AT xuzhang dosdefenderakernelmodetcpdospreventioninsoftwaredefinednetworking |