Counteracting UDP Flooding Attacks in SDN
Software-defined networking (SDN) is a new networking architecture with a centralized control mechanism. SDN has proven to be successful in improving not only the network performance, but also security. However, centralized control in the SDN architecture is associated with new security vulnerabilit...
Main Authors: | , , , , , |
---|---|
Format: | Article |
Language: | English |
Published: |
MDPI AG
2020-08-01
|
Series: | Electronics |
Subjects: | |
Online Access: | https://www.mdpi.com/2079-9292/9/8/1239 |
_version_ | 1797560622773174272 |
---|---|
author | Yung-Hao Tung Hung-Chuan Wei Yen-Wu Ti Yao-Tung Tsou Neetesh Saxena Chia-Mu Yu |
author_facet | Yung-Hao Tung Hung-Chuan Wei Yen-Wu Ti Yao-Tung Tsou Neetesh Saxena Chia-Mu Yu |
author_sort | Yung-Hao Tung |
collection | DOAJ |
description | Software-defined networking (SDN) is a new networking architecture with a centralized control mechanism. SDN has proven to be successful in improving not only the network performance, but also security. However, centralized control in the SDN architecture is associated with new security vulnerabilities. In particular, user-datagram-protocol (UDP) flooding attacks can be easily launched and cause serious packet-transmission delays, controller-performance loss, and even network shutdown. In response to applications in the Internet of Things (IoT) field, this study considers UDP flooding attacks in SDN and proposes two lightweight countermeasures. The first method sometimes sacrifices address-resolution-protocol (ARP) requests to achieve a high level of security. In the second method, although packets must sometimes be sacrificed when undergoing an attack before starting to defend, the detection of the network state can prevent normal packets from being sacrificed. When blocking a network attack, attacks from the affected port are directly blocked without affecting normal ports. The performance and security of the proposed methods were confirmed by means of extensive experiments. Compared with the situation where no defense is implemented, or similar defense methods are implemented, after simulating a UDP flooding attack, our proposed method performed better in terms of the available bandwidth, central-processing-unit (CPU) consumption, and network delay time. |
first_indexed | 2024-03-10T18:02:17Z |
format | Article |
id | doaj.art-7dc5412dac5b4219805ffd59ff84b81e |
institution | Directory Open Access Journal |
issn | 2079-9292 |
language | English |
last_indexed | 2024-03-10T18:02:17Z |
publishDate | 2020-08-01 |
publisher | MDPI AG |
record_format | Article |
series | Electronics |
spelling | doaj.art-7dc5412dac5b4219805ffd59ff84b81e2023-11-20T08:46:03ZengMDPI AGElectronics2079-92922020-08-0198123910.3390/electronics9081239Counteracting UDP Flooding Attacks in SDNYung-Hao Tung0Hung-Chuan Wei1Yen-Wu Ti2Yao-Tung Tsou3Neetesh Saxena4Chia-Mu Yu5Department of Computer Science and Engineering, Yuan Ze University, Taoyuan 32003, TaiwanDepartment of Computer Science and Engineering, Yuan Ze University, Taoyuan 32003, TaiwanCollege of Artificial Intelligence, Yango University, Fuzhou 350015, ChinaDepartment of Communications Engineering, Feng Chia University, Taichung 40724, TaiwanSchool of Computer Science and Informatics, Cardiff University, Wales CF10 3AT, UKDepartment of Information Management and Finance, National Chiao Tung University, Hsinchu 30010, TaiwanSoftware-defined networking (SDN) is a new networking architecture with a centralized control mechanism. SDN has proven to be successful in improving not only the network performance, but also security. However, centralized control in the SDN architecture is associated with new security vulnerabilities. In particular, user-datagram-protocol (UDP) flooding attacks can be easily launched and cause serious packet-transmission delays, controller-performance loss, and even network shutdown. In response to applications in the Internet of Things (IoT) field, this study considers UDP flooding attacks in SDN and proposes two lightweight countermeasures. The first method sometimes sacrifices address-resolution-protocol (ARP) requests to achieve a high level of security. In the second method, although packets must sometimes be sacrificed when undergoing an attack before starting to defend, the detection of the network state can prevent normal packets from being sacrificed. When blocking a network attack, attacks from the affected port are directly blocked without affecting normal ports. The performance and security of the proposed methods were confirmed by means of extensive experiments. Compared with the situation where no defense is implemented, or similar defense methods are implemented, after simulating a UDP flooding attack, our proposed method performed better in terms of the available bandwidth, central-processing-unit (CPU) consumption, and network delay time.https://www.mdpi.com/2079-9292/9/8/1239software-defined networking (SDN)UDP flooding attacknetwork security |
spellingShingle | Yung-Hao Tung Hung-Chuan Wei Yen-Wu Ti Yao-Tung Tsou Neetesh Saxena Chia-Mu Yu Counteracting UDP Flooding Attacks in SDN Electronics software-defined networking (SDN) UDP flooding attack network security |
title | Counteracting UDP Flooding Attacks in SDN |
title_full | Counteracting UDP Flooding Attacks in SDN |
title_fullStr | Counteracting UDP Flooding Attacks in SDN |
title_full_unstemmed | Counteracting UDP Flooding Attacks in SDN |
title_short | Counteracting UDP Flooding Attacks in SDN |
title_sort | counteracting udp flooding attacks in sdn |
topic | software-defined networking (SDN) UDP flooding attack network security |
url | https://www.mdpi.com/2079-9292/9/8/1239 |
work_keys_str_mv | AT yunghaotung counteractingudpfloodingattacksinsdn AT hungchuanwei counteractingudpfloodingattacksinsdn AT yenwuti counteractingudpfloodingattacksinsdn AT yaotungtsou counteractingudpfloodingattacksinsdn AT neeteshsaxena counteractingudpfloodingattacksinsdn AT chiamuyu counteractingudpfloodingattacksinsdn |