Detection and mitigation of DDoS attacks in SDN: A comprehensive review, research challenges and future directions
Tài liệu tham khảo
2019
2020
Feily, 2009, A survey of botnet and botnet detection, 268
M. Abu Rajab, J. Zarfoss, F. Monrose, A. Terzis, A multifaceted approach to understanding the botnet phenomenon, in: Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement, 2006, pp. 41–52.
B. Saha, A. Gairola, Botnet: an overview, CERT-In White Paper, CIWP-2005-05, Vol. 240, 2005.
Bawany, 2017, DDoS attack detection and mitigation using SDN: methods, practices, and solutions, Arab. J. Sci. Eng., 42, 425, 10.1007/s13369-017-2414-5
Joëlle, 2018, Strategies for detecting and mitigating DDoS attacks in SDN: A survey, J. Intell. Fuzzy Systems, 35, 5913, 10.3233/JIFS-169833
Dong, 2019, A survey on distributed denial of service (DDoS) attacks in SDN and cloud computing environments, IEEE Access, 7, 80813, 10.1109/ACCESS.2019.2922196
Fajar, 2018, A survey paper of distributed denial-of-service attack in software defined networking (sdn), Int. J. Appl. Eng. Res., 13, 476
Xu, 2017, DDoS attack in software defined networks: a survey, ZTE Commun., 15
Kalkan, 2017, Defense mechanisms against DDoS attacks in SDN environment, IEEE Commun. Mag., 55, 175, 10.1109/MCOM.2017.1600970
Singh, 2020, New-flow based DDoS attacks in SDN: Taxonomy, rationales, and research challenges, Comput. Commun., 10.1016/j.comcom.2020.02.085
Douligeris, 2007
Mukherjee, 1994, Network intrusion detection, IEEE Netw., 8, 26, 10.1109/65.283931
Kreutz, 2014, Software-defined networking: A comprehensive survey, Proc. IEEE, 103, 14, 10.1109/JPROC.2014.2371999
Benson, 2009, Unraveling the complexity of network management, 335
Xia, 2014, A survey on software-defined networking, IEEE Commun. Surv. Tutor., 17, 27, 10.1109/COMST.2014.2330903
Pan, 2011, A survey of the research on future internet architectures, IEEE Commun. Mag., 49, 26, 10.1109/MCOM.2011.5936152
L. Popa, A. Ghodsi, I. Stoica, HTTP as the narrow waist of the future Internet, in: Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks, 2010, pp. 1–6.
Zhang, 2010, Named data networking (ndn) project, 158
Campbell, 1999, A survey of programmable networks, ACM SIGCOMM Comput. Commun. Rev., 29, 7, 10.1145/505733.505735
O.N. Fundation, Software-defined networking: The new norm for networks, ONF White Paper, Vol. 2, pp. 2–6.
Ahmad, 2015, Security in software defined networks: A survey, IEEE Commun. Surv. Tutor., 17, 2317, 10.1109/COMST.2015.2474118
S. Shin, G. Gu, Attacking software-defined networks: A first feasibility study, in: Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, 2013, pp. 165–166.
Fonseca, 2012, A replication component for resilient OpenFlow-based networking, 933
Scott-Hayward, 2015, A survey of security in software defined networks, IEEE Commun. Surv. Tutor., 18, 623, 10.1109/COMST.2015.2453114
Ali, 2015, A survey of securing networks using software defined networking, IEEE Trans. Reliab., 64, 1086, 10.1109/TR.2015.2421391
Bhushan, 2019, Distributed denial of service (DDoS) attack mitigation in software defined network (SDN)-based cloud computing environment, J. Ambient Intell. Humaniz. Comput., 10, 1985, 10.1007/s12652-018-0800-9
Koponen, 2010, Onix: A distributed control platform for large-scale production networks, 1
2020
McKeown, 2008, OpenFlow: enabling innovation in campus networks, ACM SIGCOMM Comput. Commun. Rev., 38, 69, 10.1145/1355734.1355746
2020
Lara, 2013, Network innovation using openflow: A survey, IEEE Commun. Surv. Tutor., 16, 493, 10.1109/SURV.2013.081313.00105
Nunes, 2014, A survey of software-defined networking: Past, present, and future of programmable networks, IEEE Commun. Surv. Tutor., 16, 1617, 10.1109/SURV.2014.012214.00180
Jarraya, 2014, A survey and a layered taxonomy of software-defined networking, IEEE Commun. Surv. Tutor., 16, 1955, 10.1109/COMST.2014.2320094
Presuhn, 2002
A. Ghodsi, S. Shenker, T. Koponen, A. Singla, B. Raghavan, J. Wilcox, Intelligent design enables architectural evolution, in: Proceedings of the 10th ACM Workshop on Hot Topics in Networks, 2011, pp. 1–6.
B. Raghavan, M. Casado, T. Koponen, S. Ratnasamy, A. Ghodsi, S. Shenker, Software-defined internet architecture: decoupling architecture from infrastructure, in: Proceedings of the 11th ACM Workshop on Hot Topics in Networks, 2012, pp. 43–48.
Kim, 2013, Improving network management with software defined networking, IEEE Commun. Mag., 51, 114, 10.1109/MCOM.2013.6461195
Sherry, 2012
2019
H. Jamjoom, D. Williams, U. Sharma, Don’t call them middleboxes, call them middlepipes, in: Proceedings of the Third Workshop on Hot Topics in Software Defined Networking, 2014, pp. 19–24.
S. Shenker, M. Casado, T. Koponen, N. McKeown, et al. The future of networking, and the past of protocols, Open Networking Summit, Vol. 20, 2011, pp. 1–30.
Alkhatib, 2014
Scott-Hayward, 2013, SDN security: A survey, 1
Doria, 2010, Forwarding and control element separation (ForCES) protocol specification, RFC, 5810, 1
Tewari, 2018, Security, privacy and trust of different layers in Internet-of-Things (IoTs) framework, Future Gener. Comput. Syst.
H. Song, Protocol-oblivious forwarding: Unleash the power of SDN through a future-proof forwarding plane, in: Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, 2013, pp. 127–132.
Ubale, 2020, Survey on DDoS attack techniques and solutions in software-defined network, 389
2020
2020
2020
2020
Khan, 2016, FML: A novel forensics management layer for software defined networks, 619
A. Voellmy, H. Kim, N. Feamster, Procera: a language for high-level reactive network control, in: Proceedings of the First Workshop on Hot Topics in Software Defined Networks, 2012, pp. 43–48.
Anderson, 2014, NetKAT: Semantic foundations for networks, ACM SIGPLAN Not., 49, 113, 10.1145/2578855.2535862
Foster, 2011, Frenetic: A network programming language, ACM SIGPLAN Not., 46, 279, 10.1145/2034574.2034812
A. Tootoonchian, Y. Ganjali, Hyperflow: A distributed control plane for openflow, in: Proceedings of the 2010 Internet Network Management Conference on Research on Enterprise Networking, Vol. 3, 2010.
2020
Uppal, 2010
Gude, 2008, NOX: towards an operating system for networks, ACM SIGCOMM Comput. Commun. Rev., 38, 105, 10.1145/1384609.1384625
Dhamecha, 2013, Sdn issues-a survey, Int. J. Comput. Appl., 73
Voellmy, 2011, Nettle: Taking the sting out of programming network routers, 235
Stallings, 2013, Software-defined networks and openflow, Internet Protocol J., 16, 2
Hu, 2014, A survey on software-defined network and openflow: From concept to implementation, IEEE Commun. Surv. Tutor., 16, 2181, 10.1109/COMST.2014.2326417
Manso, 2019, SDN-based intrusion detection system for early detection and mitigation of DDoS attacks, Information, 10, 106, 10.3390/info10030106
Zheng, 2018, Realtime DDoS defense using COTS SDN switches via adaptive correlation analysis, IEEE Trans. Inf. Forensics Secur., 13, 1838, 10.1109/TIFS.2018.2805600
Xu, 2016, DDoS attack detection under SDN context, 1
Liu, 2003, Active security support for active networks, IEEE Trans. Syst. Man Cybern. C Appl. Rev., 33, 432, 10.1109/TSMCC.2003.818498
Shin, 2013, A framework for integrating security services into software-defined networks
X. Wen, Y. Chen, C. Hu, C. Shi, Y. Wang, Towards a secure controller platform for openflow applications, in: Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, 2013, pp. 171–172.
Hartman, 2013
Xie, 2012
J. Naous, D. Erickson, G.A. Covington, G. Appenzeller, N. McKeown, Implementing an OpenFlow switch on the NetFPGA platform, in: Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems, 2008, pp. 1–9.
S. Shin, V. Yegneswaran, P. Porras, G. Gu, Avant-guard: Scalable and vigilant switch flow management in software-defined networks, in: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, 2013, pp. 413–424.
Yao, 2013, On the cascading failures of multi-controllers in software defined networks, 1
1998
N.Z. Bawany, J.A. Shamsi, Application layer DDoS attack defense framework for smart city using SDN, in: The Third International Conference on Computer Science, Computer Engineering, and Social Media, CSCESM2016, 2016, p. 1.
Jajodia, 2014
Bu, 2011, Structural results for combined continuous user authentication and intrusion detection in high security mobile ad-hoc networks, IEEE Trans. Wireless Commun., 10, 3064, 10.1109/TWC.2011.071411.102123
Sezer, 2013, Are we ready for SDN? Implementation challenges for software-defined networks, IEEE Commun. Mag., 51, 36, 10.1109/MCOM.2013.6553676
A. Wang, Y. Guo, F. Hao, T. Lakshman, S. Chen, Scotch: Elastically scaling up sdn control-plane using vswitch based overlay, in: Proceedings of the 10th ACM International on Conference on Emerging Networking Experiments and Technologies, 2014, pp. 403–414.
Yan, 2015, Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: A survey, some research issues, and challenges, IEEE Commun. Surv. Tutor., 18, 602, 10.1109/COMST.2015.2487361
Ubale, 2018, Taxonomy of DDoS attacks in software-defined networking environment, 278
Wang, 2015, DDoS attack protection in the era of cloud computing and software-defined networking, Comput. Netw., 81, 308, 10.1016/j.comnet.2015.02.026
D. Kreutz, F.M. Ramos, P. Verissimo, Towards secure and dependable software-defined networks, in: Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, 2013, pp. 55–60.
Schehlmann, 2014, Blessing or curse? Revisiting security aspects of software-defined networking, 382
2015
Spitznagel, 2003, Packet classification using extended TCAMs, 120
Parashar, 2019, A survey of attacks and their mitigations in software defined networks, 1
Akhunzada, 2015, Securing software defined networks: taxonomy, requirements, and open issues, IEEE Commun. Mag., 53, 36, 10.1109/MCOM.2015.7081073
Dover, 2013
Kandoi, 2015, Denial-of-service attacks in OpenFlow SDN networks, 1322
Zhang, 2016, On denial of service attacks in software defined networks, IEEE Netw., 30, 28, 10.1109/MNET.2016.1600109NM
Shannon, 1948, A mathematical theory of communication, Bell Syst. Tech. J., 27, 379, 10.1002/j.1538-7305.1948.tb01338.x
Bennett, 1998, Information distance, IEEE Trans. Inform. Theory, 44, 1407, 10.1109/18.681318
Giotis, 2014, Combining openFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments, Comput. Netw., 62, 122, 10.1016/j.bjp.2013.10.014
Wang, 2015, An entropy-based distributed DDoS detection mechanism in software-defined networking, 310
Mousavi, 2015, Early detection of DDoS attacks against SDN controllers, 77
Boite, 2017, Statesec: Stateful monitoring for DDoS protection in software defined networks, 1
Tsai, 2017, Defending cloud computing environment against the challenge of DDoS attacks based on software defined network, 285
Kalkan, 2018, JESS: Joint entropy-based DDoS defense scheme in SDN, IEEE J. Sel. Areas Commun., 36, 2358, 10.1109/JSAC.2018.2869997
Sahoo, 2018, An early detection of low rate DDoS attack to SDN based data center networks using information distance metrics, Future Gener. Comput. Syst., 89, 685, 10.1016/j.future.2018.07.017
Sahoo, 2018, Detection of high rate DDoS attack from flash events using information metrics in software defined networks, 421
Jiang, 2016, An entropy-based DDoS defense mechanism in software defined networks, 169
Hong, 2019, Dynamic threshold for DDoS mitigation in SDN environment, 1
Bawany, 2019, SEAL: SDN based secure and agile framework for protecting smart city applications from DDoS attacks, J. Netw. Comput. Appl., 145, 10.1016/j.jnca.2019.06.001
Ahalawat, 2019, Entropy based DDoS detection and mitigation in openflow enabled SDN, 1
M. Xuanyuan, V. Ramsurrun, A. Seeam, Detection and mitigation of DDoS attacks using conditional entropy in software-defined networking.
Cui, 2019, DDoS detection and defense mechanism based on cognitive-inspired computing in SDN, Future Gener. Comput. Syst., 97, 275, 10.1016/j.future.2019.02.037
Li, 2020, Early detection of DDoS based on phi-entropy in SDN networks, 731
Pitropakis, 2019, A taxonomy and survey of attacks against machine learning, Comp. Sci. Rev., 34
Bindra, 2019, Detecting DDoS attacks using machine learning techniques and contemporary intrusion detection dataset, Autom. Control Comput. Sci., 53, 419, 10.3103/S0146411619050043
Niyaz, 2016
Hurley, 2016, HMM-based intrusion detection system for software defined networking, 617
A. Alshamrani, A. Chowdhary, S. Pisharody, D. Lu, D. Huang, A defense system for defeating DDoS attacks in SDN based networks, in: Proceedings of the 15th ACM International Symposium on Mobility Management and Wireless Access, 2017, pp. 83–92.
Hu, 2017, FADM: DDoS flooding attack detection and mitigation system in software-defined networking, 1
A.B. Dehkordi, M. Soltanaghaie, F.Z. Boroujeni, A New DDoS Detection Method in Software Defined Network.
Li, 2018, Ai-based two-stage intrusion detection for software defined iot networks, IEEE Internet Things J., 6, 2093, 10.1109/JIOT.2018.2883344
Guozi, 2018, DDoS attacks and flash event detection based on flow characteristics in SDN, 1
Deepa, 2019, Design of ensemble learning methods for DDoS detection in SDN environment, 1
Phan, 2019, Efficient distributed denial-of-service attack defense in SDN-based cloud, IEEE Access, 7, 18701, 10.1109/ACCESS.2019.2896783
Myint Oo, 2019, Advanced support vector machine-(ASVM-) based detection for distributed denial of service (DDoS) attack on software defined networking (SDN), J. Comput. Netw. Commun., 2019
Li, 2010, DDoS attack detection based on neural network, 196
Braga, 2010, Lightweight DDoS flooding attack detection using NOX/OpenFlow, 408
Cui, 2016, SD-Anti-DDoS: Fast and efficient DDoS defense in software-defined networks, J. Netw. Comput. Appl., 68, 65, 10.1016/j.jnca.2016.04.005
Cui, 2018, TDDAD: Time-based detection and defense scheme against DDoS attack on SDN controller, 649
Li, 2018, Detection and defense of DDoS attack–based on deep learning in OpenFlow-based SDN, Int. J. Commun. Syst., 31, 10.1002/dac.3497
Nam, 2018, Self-organizing map-based approaches in DDoS flooding detection using SDN, 249
Novaes, 2020, Long short-term memory and fuzzy logic for anomaly detection and mitigation in software-defined network environment, IEEE Access, 8, 83765, 10.1109/ACCESS.2020.2992044
Dotcenko, 2014, A fuzzy logic-based information security management for software-defined networks, 167
Chin, 2015, Selective packet inspection to detect DoS flooding using software defined networking (SDN), 95
Xiao, 2016, An efficient DDoS detection with bloom filter in SDN, 1
AlEroud, 2017, Identifying cyber-attacks on software defined networks: An inference-based intrusion detection approach, J. Netw. Comput. Appl., 80, 152, 10.1016/j.jnca.2016.12.024
Conti, 2017, A comprehensive and effective mechanism for DDoS detection in SDN, 1
Kalkan, 2017, Sdnscore: A statistical defense mechanism against DDoS attacks in sdn environment, 669
Wang, 2018, Detecting and mitigating target link-flooding attacks using sdn, IEEE Trans. Dependable Secure Comput., 16, 944, 10.1109/TDSC.2018.2822275
Wang, 2015, Floodguard: A dos attack prevention extension in software-defined networks, 239
Piedrahita, 2015, Flowfence: a denial of service defense system for software defined networking, 1
Wang, 2015, SDSNM: a software-defined security networking mechanism to defend against DDoS attacks, 115
Yuan, 2016, Defending against flow table overloading attack in software-defined networks, IEEE Trans. Serv. Comput., 12, 231, 10.1109/TSC.2016.2602861
Dridi, 2016, SDN-guard: DoS attacks mitigation in SDN networks, 212
Phan, 2016, OpenFlowSIA: An optimized protection scheme for software-defined networks from flooding attacks, 13
Sahay, 2017, ArOMA: An SDN based autonomic DDoS mitigation framework, Comput. Secur., 70, 482, 10.1016/j.cose.2017.07.008
Hameed, 2018, SDN based collaborative scheme for mitigation of DDoS attacks, Future Internet, 10, 23, 10.3390/fi10030023
Conti, 2019, Lightweight solutions to counter DDoS attacks in software defined networking, Wirel. Netw., 25, 2751, 10.1007/s11276-019-01991-y
Karmakar, 2019, Mitigating attacks in software defined networks, Cluster Comput., 22, 1143, 10.1007/s10586-018-02900-2
Wang, 2019, SGS: Safe-guard scheme for protecting control plane against DDoS attacks in software-defined networking, IEEE Access, 7, 34699, 10.1109/ACCESS.2019.2895092
Da Silva, 2015, Identification and selection of flow features for accurate traffic classification in SDN, 134
Agarwal, 2013, Traffic engineering in software defined networks, 2211
C.E. Rothenberg, M.R. Nascimento, M.R. Salvador, C.N.A. Corrêa, S. Cunha de Lucena, R. Raszuk, Revisiting routing control platforms with the eyes and muscles of software-defined networking, in: Proceedings of the First Workshop on Hot Topics in Software Defined Networks, 2012, pp. 13–18.
Xie, 2018, A survey of machine learning techniques applied to software defined networking (SDN): Research issues and challenges, IEEE Commun. Surv. Tutor., 21, 393, 10.1109/COMST.2018.2866942
Vissicchio, 2014, Opportunities and research challenges of hybrid software defined networks, ACM SIGCOMM Comput. Commun. Rev., 44, 70, 10.1145/2602204.2602216
J. McCauley, A. Panda, M. Casado, T. Koponen, S. Shenker, Extending SDN to large-scale networks, Open Networking Summit, 2013, pp. 1–2.
S. Hassas Yeganeh, Y. Ganjali, Kandoo: a framework for efficient and scalable offloading of control applications, in: Proceedings of the First Workshop on Hot Topics in Software Defined Networks, 2012, pp. 19–24.
Li, 2016, A survey on openFlow-based software defined networks: Security challenges and countermeasures, J. Netw. Comput. Appl., 68, 126, 10.1016/j.jnca.2016.04.011
Bhatia, 2011, Parametric differences between a real-world distributed denial-of-service attack and a flash event, 210
Behal, 2017, Characterizing DDoS attacks and flash events: Review, research gaps and future directions, Comp. Sci. Rev., 25, 101, 10.1016/j.cosrev.2017.07.003
Floyd, 2001, Difficulties in simulating the Internet, IEEE/ACM Trans. Netw., 9, 392, 10.1109/90.944338
Yao, 2014, Evaluating the controller capacity in software defined networking, 1
Wang, 2016, An efficient flow control approach for SDN-based network threat detection and migration using support vector machine, 56