Visible to the public DDoS Attack Mitigation in Internet of Things Using Software Defined Networking

TitleDDoS Attack Mitigation in Internet of Things Using Software Defined Networking
Publication TypeConference Paper
Year of Publication2017
AuthorsAhmed, M. E., Kim, H.
Conference Name2017 IEEE Third International Conference on Big Data Computing Service and Applications (BigDataService)
KeywordsADS, anomaly detection algorithm, anomaly detection systems, composability, Computer crime, computer network security, core networks, DDoS Attack, DDoS attack mitigation, Human Behavior, Internet of Things, IoT systems, Metrics, Monitoring, Network security, OpenFlow, pubcrawl, Real-time Systems, Resiliency, Routing, sampling-based anomaly detection, SDN, Software, software defined networking, Switches, telecommunication traffic

Securing Internet of Things (IoT) systems is a challenge because of its multiple points of vulnerability. A spate of recent hacks and security breaches has unveiled glaring vulnerabilities in the IoT. Due to the computational and memory requirement constraints associated with anomaly detection algorithms in core networks, commercial in-line (part of the direct line of communication) Anomaly Detection Systems (ADSs) rely on sampling-based anomaly detection approaches to achieve line rates and truly-inline anomaly detection accuracy in real-time. However, packet sampling is inherently a lossy process which might provide an incomplete and biased approximation of the underlying traffic patterns. Moreover, commercial routers uses proprietary software making them closed to be manipulated from the outside. As a result, detecting malicious packets on the given network path is one of the most challenging problems in the field of network security. We argue that the advent of Software Defined Networking (SDN) provides a unique opportunity to effectively detect and mitigate DDoS attacks. Unlike sampling-based approaches for anomaly detection and limitation of proprietary software at routers, we use the SDN infrastructure to relax the sampling-based ADS constraints and collect traffic flow statistics which are maintained at each SDN-enabled switch to achieve high detection accuracy. In order to implement our idea, we discuss how to mitigate DDoS attacks using the features of SDN infrastructure.

Citation Keyahmed_ddos_2017