OPERETTA: An OPEnflow-based REmedy to mitigate TCP SYNFLOOD Attacks against web servers

Computer Networks

Volumn 92, Issue , 2015, Pages 89-100

  Fichera, Silvia ^a   Galluccio, Laura ^a   Grancagnolo, Salvatore C ^a   Morabito, Giacomo ^a   Palazzo, Sergio ^a  

^a UNIVERSITY OF CATANIA   (Italy)

Author keywords

DDoS; OpenFlow; SDN

Indexed keywords

CONTROLLERS; DENIAL-OF-SERVICE ATTACK; HETEROGENEOUS NETWORKS; INTRUSION DETECTION; NETWORK SECURITY; TRANSMISSION CONTROL PROTOCOL; WEB SERVICES; WORLD WIDE WEB;

CENTRALIZED CONTROLLERS; COMPLETE INFORMATION; DDOS; DISTRIBUTED DENIAL OF SERVICE ATTACK; INTRUSION DETECTION SCHEME; OPENFLOW; SDN; SOFTWARE-DEFINED NETWORKS;

INTERNET PROTOCOLS;

EID: 84944746412     PISSN: 13891286     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.comnet.2015.08.038     Document Type: Article

References (28)

1. B. Ziegler Hacker tangles panix web site Wall Street J. September 12, 1996
2. D. Moore, G. Voelker, and S. Savage Inferring internet denial of service activity Proceedings of USENIX Security Symposium 2001
3. J. Mirkovic, and P. Reiher A taxonomy of DDoS attack and DDoS defense mechanisms ACM SIGCOMM Comput. Commun. Rev. 34 2 April 2004
4. E. Damon, J. Dale, E. Laron, J. Mache, N. Land, and R. Weiss Hands-on denial of service lab exercises using SlowLoris and RUDY Proceedings of INFOCSECD 2012
5. M. Bogdanoski, T. Shuminoski, and A. Risteski Analysis of the SYN Flood DoS Attack Int. J. Comput. Netw. Inf. Secur. 2013
6. Radware, security report, global application & network, 2013, http://www.atsweb.it/fileadmin/ATSWeb/downloads/Radware-2013-ERT-Report.pdf (accessed 2015).
7. Cisco, defining strategies to protect against TCP SYN denial of service attacks, 2006, http://www.cisco.com/en/US/tech/tk828/technologies-tech-note09186a00800f67d5.shtml (accessed 2015).
8. W.M. Eddy Defenses against TCP SYN flooding attacks Internet Protoc. J. 2006
9. J. Lemon Resisting SYN flood DoS attacks with a SYN cache Proceedings of the BSD Conference 2002
10. P. Ferguson, D. Senie, 2000, RFC 2827 Network ingress filtering: defeating denial of service attacks which employ IP source address spoofing, http://www.ietf.org/rfc/rfc2827.txt (accessed 2015).
11. IETF RFC 2960 Stream Control Transmission Protocol.
12. http://www.microsoft.com/en-us/server-cloud/solutions/software-defined-networking.aspx.
13. N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J. Rexford, S. Shenker, and J. Turner OpenFlow: enabling innovation in campus networks ACM SIGCOMM Comput. Commun. Rev. 2008
14. Open Networking Foundation - ONF White Paper, Software-Defined Networking: the new norm for networks, 2012, https://www.opennetworking.org/images/stories/downloads/sdn-resources/white-papers/wp-sdn-newnorm.pdf (accessed 2015).
15. OpenFlow Switch Specification Version 1.1.0 Implemented (Wire Protocol 0x02), 2011, http://archive.openflow.org/documents/openflow-spec-v1.1.0.pdf (accessed 2015).
16. A. Passito, R. Braga, and E. Mota A lightweight DDoS flooding attack detection using NOX/OpenFlow Proceedings of 35th Annual IEEE Conference on Local Computer Networks 2010
17. S. Shin, V. Yegneswaran, P. Porras, and G. Gu AVANT-GUARD: scalable and vigilant switch flow management in software-defined networks Proceedings of ACM CCS 2013
18. Radware & NEC Corporation of America Whitepaper, Denial-of-Service (DoS) Secured Virtual Tenant Networks (VTN) Value-added DoS protection as a service for Software Defined Network (SDN), 2012, http://www.necam.com/docs/?id=0078a286-d99d-4d2c-ab54-d18814b59dd7 (accessed 2015).
19. R. Fielding, J. Gettys, J. Mogul, H. Frystyk, L. Masinter, P. Leach, T. Berners-Lee, 1999, RFC 2616, Hypertext Transfer Protocol - HTTP/1.1, https://www.ietf.org/rfc/rfc2616.txt (accessed 2015).
20. POX Wiki, https://openflow.stanford.edu/display/ONL/POX+Wiki (accessed 2015).
21. Scapy Documentation, http://www.secdev.org/projects/scapy/doc/index.html (accessed 2015).
22. Iperf Documentation, http://iperf.fr/ (accessed 2015).
23. Simple HTTP Server Documentation, http://docs.python.org/2/library/simplehttpserver.html (accessed 2015).
24. B. Lantz, B. Heller, and N. McKeon A network in a laptop: rapid prototyping for software-defined networks Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks 2010
25. A. Tootoonchian, and Y. Ganjali HyperFlow: a distributed Control Plane for OpenFlow Proceedings of the 2010 Internet Network Management Conference on Research on Enterprise Networking 2010
26. H. Wang, D. Zhang, and K.G. Shin Detecting SYN flooding attacks Proceedings of IEEE Infocom 2002
27. A. Hussain, J. Heidemann, and C. Papadopoulos A framework for classifying denial of service attacks Proceedings of ACM SIGCOMM 2003
28. T. Peng, C. Leckie, and K. Ramamohanara Survey of network-based defense mechanisms countering the DoS and DDoS problems CM Commun. Surv. 39 1 2007