Flooding DDoS mitigation and traffic management with software defined networking

Aapo Kalliola, Kiryong Lee, Heejo Lee, Tuomas Aura

Research output: Chapter in Book/Report/Conference proceedingConference contribution

28 Citations (Scopus)

Abstract

Mitigating distributed denial-of-service attacks can be a complex task due to the wide range of attack types, attacker adaptation, and defender constraints. We propose a defense mechanism which is largely automated and can be implemented on current software defined networking (SDN)-enabled networks. Our mechanism combines normal traffic learning, external blacklist information, and elastic capacity invocation in order to provide effective load control, filtering and service elasticity during an attack. We implement the mechanism and analyze its performance on a physical SDN testbed using a comprehensive set of real-life normal traffic traces and synthetic attack traces. The results indicate that the mechanism is effective in maintaining roughly 50% to 80% service levels even when hit by an overwhelming attack.

Original languageEnglish
Title of host publication2015 IEEE 4th International Conference on Cloud Networking, CloudNet 2015
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages248-254
Number of pages7
ISBN (Print)9781467395014
DOIs
Publication statusPublished - 2015 Nov 20
Event4th IEEE International Conference on Cloud Networking, CloudNet 2015 - Falls, Canada
Duration: 2015 Oct 52015 Oct 7

Other

Other4th IEEE International Conference on Cloud Networking, CloudNet 2015
CountryCanada
CityFalls
Period15/10/515/10/7

ASJC Scopus subject areas

  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Flooding DDoS mitigation and traffic management with software defined networking'. Together they form a unique fingerprint.

  • Cite this

    Kalliola, A., Lee, K., Lee, H., & Aura, T. (2015). Flooding DDoS mitigation and traffic management with software defined networking. In 2015 IEEE 4th International Conference on Cloud Networking, CloudNet 2015 (pp. 248-254). [7335317] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CloudNet.2015.7335317