Gökhan AKIN, Ozan BÜK, Erdem UÇAR

4048

An Inter-Domain Attack Mitigating Solution

Online services on the Internet are increasing day by day, and in parallel, the number of cyber-attacks is rapidly increasing. These attacks are not always about data theft, but they can cause severe damage by denial of service attacks. Intrusion Prevention System products that many organizations use at the border of their enterprise networks are not strong enough to protect against DoS attacks. The typical way to mitigate such attacks is to get support from a service provider. However, a service provider only provides solutions for the traffic originating from itself. If the source of attack is in another ISP domain, it is possible to inform that ISP via phone or e-mail. As a result, the source of the attack is blocked by the manual intervention of the service provider whose domain hosts it. Border Gateway Protocol BGP based solutions are also available for automating a blocking system, but not all enterprise networks support BGP. In this research, we have developed a centralized automation solution for software defined network SDN environments that is capable of preventing cyber-attacks at the source of attack. This solution does not require any BGP support. Non-SDN environments can also use this attack mitigation and notification system. In the long run, we may use this system to create a national protection shield in order to mitigate Cybersecurity attacks.
Keywords:

Denial of service, Cyber, Attack Software defined network, Openflow, Flowspec,

PDF

___

  • [1] Skowyra R, Bahargam S, Bestavros A. Software-defined IDS for securing embedded mobile devices. In: 2013 IEEE High Performance Extreme Computing Conference; Waltham, MA, USA; 2013. pp. 1-7.
  • [2] Zargar ST, Joshi J, Tipper D, Member S. A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks. IEEE Communications Surveys & Tutorials 2013; 15 (4): 2046-2069. doi: 210.1109/SURV.2013.031413.00127
  • [3] World Economic Forum. The global risks report 2018, 13th edition. In: World Economic Forum; Geneva, Switzerland; 2018. pp. 1-20
  • [4] Mirkovic J, Reiher P. A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Computer Communication 2004; 34 (2): 39-54. doi: 10.1145/997150.997156
  • [5] Cui Y, Yan L, Li S, Xing H, Pan W et al. SD-Anti-DDoS: Fast and efficient DDoS defense in software-defined networks. Journal of Network and Computer Applications 2016; 68: 65-79. doi: 10.1016/j.jnca.2016.04.005
  • [6] Douligeris C, Mitrokotsa A. DDoS attacks and defense mechanisms: Classification and state-of-the-art. Computer Networks 2004; 44 (5): 643–666. doi: 10.1016/j.comnet.2003.10.003
  • [7] Wang Z. An elastic and resiliency defense against DDoS attacks on the critical DNS authoritative infrastructure. Journal of Computer and System Sciences 2019; 99: 1–26. doi: 10.1016/j.jcss.2017.05.012
  • [8] Singh K, Singh P, Kumar K. Application layer HTTP-GET flood DDoS attacks: Research landscape and challenges. Computers and Security 2017; 65: 344–372. doi: 10.1016/j.cose.2016.10.005
  • [9] Kurt B, Yıldız Ç, Ceritli TY, Sankur B, Cemgil AT. A Bayesian change point model for detecting SIP-based DDoS attacks. Digital Signal Processing: A Review Journal 2018; 77: 48–62. doi: 10.1016/j.dsp.2017.10.009
  • [10] Saravanan R, Shanmuganathan S, Palanichamy Y. Behavior-based detection of application layer distributed denial of service attacks during flash events. Turkish Journal of Electrical Engineering & Computer Sciences 2016; 24: 510–523. doi: 10.3906/elk-1308-188
  • [11] Zhou L, Guo H, Deng G. A fog computing based approach to DDoS mitigation in IIoT systems. Computers and Security 2019; 85: 51–62. doi: 10.1016/j.cose.2019.04.017
  • [12] Priyadarshini R, Barik RK. A deep learning based intelligent framework to mitigate DDoS attack in fog environment. Journal of King Saud University - Computer and Information Sciences 2019; 1: 1-15. doi: 10.1016/j.jksuci.2019.04.010
  • [13] Yusop ZM, Abawajy JH. Analysis of insiders attack mitigation strategies. Procedia - Social and Behavioral Sciences 2014; 129: 611–618. doi: 10.1016/j.sbspro.2014.06.002
  • [14] Miao R, Yu M, Jain N. NIMBUS: Cloud-Scale Attack Detection and Mitigation. In: ACM conference on SIGCOMM; August 2014; Chicago, IL, USA. pp. 121–122.
  • [15] Agrawal N, Tapaswi S. Low rate cloud DDoS attack defense method based on power spectral density analysis. Information Processing Letters 2018; 138: 44–50. doi: 10.1016/j.ipl.2018.06.001
  • [16] Bhushan K, Gupta BB. Hypothesis Test for Low-rate DDoS Attack Detection in Cloud Computing Environment. Procedia Computer Science 2018; 132: 947–955. doi: 10.1016/j.procs.2018.05.110
  • [17] Serrano Mamolar A, Salvá-García P, Chirivella-Perez E, Pervez Z, Alcaraz Calero JM et al. Autonomic protection of multi-tenant 5G mobile networks against UDP flooding DDoS attacks. Journal of Network and Computer Applications 2019; 145: 1-12. doi: 10.1016/j.jnca.2019.102416
  • [18] Sotelo Monge MA, Herranz González A, Lorenzo Fernández B, Maestre Vidal D, Rius García G et al. Traffic-flow analysis for source-side DDoS recognition on 5G environments. Journal of Network and Computer Applications 2019; 136: 114–131. doi: 10.1016/j.jnca.2019.02.030
  • [19] Mamolar AS, Pervez Z, Calero JMA, Khattak AM. Towards the transversal detection of DDoS network attacks in 5G multi-tenant overlay networks. Computers and Security 2018; 79: 132–147. doi: 10.1016/j.cose.2018.07.017
  • [20] Demir N, Dalkiliç G. Modified stacking ensemble approach to detect network intrusion. Turkish Journal of Electrical Engineering & Computer Sciences 2018; 26: 418–433. doi: 10.3906/elk-1702-279
  • [21] Patil NV, Rama Krishna C, Kumar K, Behal S. E-Had: A distributed and collaborative detection framework for early detection of DDoS attacks. Journal of King Saud University - Computer and Information Sciences 2019. doi: 10.1016/j.jksuci.2019.06.016
  • [22] Behal S, Kumar K, Sachdeva M. D-FACE: An anomaly based distributed approach for early detection of DDoS attacks and flash events. Journal of Network and Computer Applications 2018; 111: 49–63. doi: 10.1016/j.jnca.2018.03.024
  • [23] Chen Y, Hwang K, Ku WS. Collaborative detection of DDoS attacks over multiple network domains. IEEE Transactions on Parallel and Distributed Systems 2007; 18 (12): 1649–1662. doi: 10.1109/TPDS.2007.1111
  • [24] Zhu L, Tang X, Shen M, Du X, Guizani M. Privacy-preserving DDoS attack detection using cross-domain traffic in software defined networks. IEEE Journal on Selected Areas in Communications 2018; 36 (3): 628-643. doi: 10.1109/JSAC.2018.2815442
  • [25] Caesar M, Caldwell D, Feamster N, Rexford J, Shaikh A et al. Design and implementation of a routing control platform. In: 2nd Conference on Symposium on Networked Systems Design; Boston, MA, USA; 2005. pp. 15–28.
  • [26] Mckeown N, Anderson T, Peterson L, Rexford J, Shenker S et al. OpenFlow: enabling innovation in campus networks. ACM SIGCOMM Computer Communication Review 2008; 38 (2): 69-74. doi: 10.1145/1355734.1355746
  • [27] Farhady H, Lee H, Nakao A. Software-defined networking: A survey. Computer Networks 2015; 81: 79–95. doi: 10.1016/j.comnet.2015.02.014
  • [28] Sezer S, Scott-Hayward S, Chouhan PK, Fraser B, Lake D et al. Are we ready for SDN? Implementation challenges for Software-Defined Networks. IEEE Communications Magazine 2013; 51 (7): 36–43. doi: 10.1109/MCOM.2013.6553676
  • [29] Vissicchio S, Vanbever L, Bonaventure O. Opportunities and research challenges of hybrid software defined networks. ACM SIGCOMM Computer Communication Review 2014; 44 (2): 70–75. doi: 10.1145/2602204.2602216
  • [30] Ding AY, Crowcroft J, Tarkoma S, Flinck H. Software defined networking for security enhancement in wireless mobile networks. Computer Networks 2014; 66: 94–101. doi: 10.1016/j.comnet.2014.03.009
  • [31] Yoon C, Park T, Lee S, Kang H, Shin S et al. Enabling security functions with SDN: A feasibility study. Computer Networks 2015; 85: 19–35. doi: 10.1016/j.comnet.2015.05.005
  • [32] Jantila S, Chaipah K. A Security analysis of a hybrid mechanism to defend DDoS Attacks in SDN. Procedia Computer Science 2016; 86: 437–440. doi: 10.1016/j.procs.2016.05.072
  • [33] Jafarian JH, Al-Shaer E, Duan Q. Openflow random host mutation: Transparent moving target defense using SDN. In: Hot Topics in Software Defined Networks (HotSDN 2012); Helsinki, Finland; 2012. pp. 127–132.
  • [34] Giotis K, Argyropoulos C, Androulidakis G, Kalogeras D, Maglaris V. Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments. Computer Networks 2014; 62: 122–136. doi: 10.1016/j.bjp.2013.10.014
  • [35] Mantur B, Desai A, Nagegowda KS. Centralized control signature-based firewall and statistical-based network Intrusion Detection System (NIDS) in Software Defined Networks (SDN). Emerging Research in Computing, Information, Communication and Applications 2015; 1: 497-506. doi: 10.1007/978-81-322-2550-8
  • [36] Joldzic O, Djuric Z, Vuletic P. A transparent and scalable anomaly-based DoS detection method. Computer Networks 2016; 104: 27–42. doi: 10.1016/j.comnet.2016.05.004
  • [37] Wang L, Li Q, Jiang Y, Jia X, Wu J. Woodpecker: Detecting and mitigating link-flooding attacks via SDN. Computer Networks 2018; 147: 1–13. doi: 10.1016/j.comnet.2018.09.021
  • [38] Sahoo KS, Puthal D, Tiwary M, Rodrigues JJPC, Sahoo B et al. An early detection of low rate DDoS attack to SDN based data center networks using information distance metrics. Future Generation Computer Systems 2018; 89: 685–697. doi: 10.1016/j.future.2018.07.017
  • [39] Carvalho LF, Abrão T, Mendes L de S, Proença ML. An ecosystem for anomaly detection and mitigation in softwaredefined networking. Expert Systems with Applications 2018; 104: 121–133. doi: 10.1016/j.eswa.2018.03.027
  • [40] Yuan B, Zou D, Jin H, Yu S, Yang LT. HostWatcher: Protecting hosts in cloud data centers through software-defined networking. Future Generation Computer Systems 2017; 1: 1-20. doi: 10.1016/j.future.2017.04.023
  • [41] Wang B, Zheng Y, Lou W, Hou YT. DDoS attack protection in the era of cloud computing and Software-Defined Networking. Computer Networks 2015; 81: 308–319. doi: 10.1016/j.comnet.2015.02.026
  • [42] Sahay R, Blanc G, Zhang Z, Debar H, ArOMA: An SDN based autonomic DDoS mitigation framework. Computers and Security 2017; 70: 482–499. doi: 10.1016/j.cose.2017.07.008
  • [43] Porras P, Shin S, Yegneswaran V, Fong M, Tyson M et al. A security enforcement kernel for OpenFlow networks. In: First workshop on hot topics in software defined networks - HotSDN ’12; Helsinki, Finland; 2012. pp. 121-126.
  • [44] Xing T, Huang D, Xu L, Chung CJ, Khatkar P. SnortFlow: A OpenFlow-Based IPS in Cloud Environment. In: Second GENI Research and Educational Experiment Workshop; Salt Lake, UT, USA; 2013. pp. 89–92.
  • [45] Li L, Sun H, Zhang Z. The research and design of honeypot system applied in the LAN security. In: ICSESS 2011; Beijing, China; 2011. pp. 360–363.
  • [46] Baykara M, Das R. A novel honeypot based security approach for real-time intrusion detection and prevention systems. Journal of Information Security and Applications 2018; 41: 103–116. doi: 10.1016/j.jisa.2018.06.004
Turkish Journal of Electrical Engineering and Computer Science-Cover
  • ISSN: 1300-0632
  • Yayın Aralığı: Yılda 6 Sayı
  • Yayıncı: TÜBİTAK
Arşiv
Sayıdaki Diğer Makaleler

Alper AKARSU, Tolga GİRİCİ

Aytuğ ONAN, Mansur Alp TOÇOĞLU

Swapna GANAPANENI, Srınıvasa Varma PINNI

Zıtao SUN, Xıaohong JIAO

Nadhır Ben HALIMA, Boujemaa HATEM

Weı ZHOU, Juan LIU, Lıqun GAN

Yekta TÜRK, Engin ZEYDAN, İbrahim Fatih MERCİMEK, Engin DANIŞMAN

Mohsen JANNATI, Alı Akbar AKBARI

Shuang LI, Yı JIN

Omıd ZARE, Sadjad GALVANI, Murtaza FARSADI