Visible to the public SDN-based network security functions for effective DDoS attack mitigation

TitleSDN-based network security functions for effective DDoS attack mitigation
Publication TypeConference Paper
Year of Publication2017
AuthorsHyun, D., Kim, J., Hong, D., Jeong, J. P.
Conference Name2017 International Conference on Information and Communication Technology Convergence (ICTC)
ISBN Number978-1-5090-4032-2
KeywordsCommunication networks, composability, Computer crime, Data models, DDoS attack mitigation, distributed denial of service, Human Behavior, Metrics, Netconf & YANG, Network Function Virtual, Protocols, pubcrawl, Resiliency, Servers, Software, Software Defined Network, Suricata

Distributed Denial of Service (DDoS) attack has been bringing serious security concerns on banks, finance incorporation, public institutions, and data centers. Also, the emerging wave of Internet of Things (IoT) raises new concerns on the smart devices. Software Defined Networking (SDN) and Network Functions Virtualization (NFV) have provided a new paradigm for network security. In this paper, we propose a new method to efficiently prevent DDoS attacks, based on a SDN/NFV framework. To resolve the problem that normal packets are blocked due to the inspection on suspicious packets, we developed a threshold-based method that provides a client with an efficient, fast DDoS attack mitigation. In addition, we use open source code to develop the security functions in order to implement our solution for SDN-based network security functions. The source code is based on NETCONF protocol [1] and YANG Data Model [2].

Citation Keyhyun_sdn-based_2017