Leveraging SDN for efficient anomaly detection and mitigation on legacy networks

Proceedings - 2014 3rd European Workshop on Software-Defined Networks, EWSDN 2014

Volumn , Issue , 2014, Pages 85-90

  Giotis, Kostas ^a   Androulidakis, Georgios ^a   Maglaris, Vasilis ^a  

^a NATIONAL TECHNICAL UNIVERSITY OF ATHENS NTUA   (Greece)

Author keywords

Anomaly detection; Attack mitigation; DDoS; OpenFlow; RTBH; SDN; SFlow; Software defined networking

Indexed keywords

DENIAL-OF-SERVICE ATTACK; NETWORK SECURITY; SOFTWARE DEFINED NETWORKING;

ATTACK MITIGATION; DDOS; OPENFLOW; RTBH; SFLOW;

ANOMALY DETECTION;

EID: 84921033120     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/EWSDN.2014.24     Document Type: Conference Paper

References (24)

1. V. Paxson, An Analysis of Using Reflectors for Distributed Denialof-Service Attacks, ACM SIGCOMM, Vol. 31 Issue 3, July 2001.
2. Cisco Systems, Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks-Document ID 13634, Available at http://www. cisco. com/c/en/us/support/docs/securityvpn/ kerberos/13634-newsflash. pdf
3. W. Kumari, D. McPherson, Remote Triggered Black Hole Filtering with Unicast Reverse Path Forwarding, RFC5635, August 2009
4. W. Zhao, H. Schulzrinne, E. Guttman, C. Bisdikian, W. Jerome, Configuring BGP to Block Denial-of-Service Attacks, RFC 3882, July 2004
5. Cisco Systems, Remotely Triggered Black Hole Filtering- Destination Based And Source Based, White Paper, 2005, Available at:http://www. cisco. com/web/about/security/intelligence /blackhole. pdf
6. S. Shin, et al. FRESCO: Modular composable security services for software-defined networks. In Proceedings of Network and Distributed Security Symposium, 2013.
7. K. Giotis, C. Argyropoulos, G. Androulidakis, D. Kalogeras, and V. Maglaris. 2014. Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments. Comput. Netw. 62 (April 2014), 122-136
8. Ying Zhang. 2013. An adaptive flow counting method for anomaly detection in SDN. In Proceedings of the ninth ACM conference on Emerging networking experiments and technologies(CoNEXT '13). ACM, New York, NY, USA, 25-30
9. N. McKeown, et al., OpenFlow: enabling innovation in campus networks, ACM SIGCOMM Computer Communication Review, vol. 38, no. 2, pp. 69-74, April 2008.
10. R. Braga, E. Mota, and A. Passito, Lightweight DDoS flooding attack detection using NOX/OpenFlow, in LCN '10 Proceedings of the 2010 IEEE 35th Conference on Local Computer, 2010
11. S. A. Mehdi, J. Khalid, and S. A. Khayam, Revisiting traffic anomaly detection using software defined networking. In RAID'11. 161-180, 2011
12. P. Phaal, sFlow Specification Version 5, July 2004
13. Ed. B. Claise, Cisco Systems NetFlow Services Export Version 9, RFC3954, October 2004
14. H. Liu, Y. Sun, M. S. Kim, A Scalable DDoS Detection Framework with Victim Pinpoint Capability, Journal of Communications, Vol 6, No 9 (2011), 660-670, Dec 2011
15. A. C. Gilbert, Y. Kotidis, S. Muthukrishnan, and M. J. Strauss, "Quicksand: Quick summary and analysis of network data," DIMACS, Tech. Rep. 2011-43, 2001
16. Y. Rekhter, T. Li, S. Hares, A Border Gateway Protocol 4 (BGP-4), RFC4271, January 2006
17. C. Kreibich, A. Warfield, J. Crowcraft, S. Hand, and I. Pratt, Using packet symmetry to curtail malicious tra-c. In Proceedings of the Fourth Workshop on Hot Topics in Networks (HotNets-IV), November 2005
18. C. Siaterlis & B. Maglaris,"Detecting DDoS Attacks with Passive Measurement based Heuristic," in Proc IEEE Symposium on Computer and Communication (ISCC), June 2004
19. Open Networking Foundation, OpenFlow switch specification version 1. 3. 0 (wired protocol 0x04), June 25, 2012
20. Pox website, Available at http://www. noxrepo. org/pox/about-pox
21. B. Plaff et al., Extending networking into the virtualization layer, in 8th ACM Workshop on Hot Topics in Networks (HotNets-VIII), New York City, 2009
22. Vyatta Core, http://www. vyatta. org/, Retrieved: April 2014
23. ExaBGP, Available at https://github. com/Exa-Networks/exabgp
24. The CAIDA UCSD "DDoS Attack 2007 Dataset", Available at http://www. caida. org/data/passive/ddos-20070804-dataset. xml