Towards autonomic DDoS mitigation using Software Defined NetworkingReport as inadecuate

Towards autonomic DDoS mitigation using Software Defined Networking - Download this document for free, or read online. Document in PDF available to download.

1 RST - Département Réseaux et Services de Télécommunications 2 SAMOVAR - Services répartis, Architectures, MOdélisation, Validation, Administration des Réseaux 3 TL - Telecom Lille 1 Institut Mines-Télécom - Télécom Lille1

Abstract : Distributed Denial of Service attacks DDoS have remained as one of the most destructive attacks in the Internet for over two decades. Despite tremendous efforts on the design of DDoS defense strategies, few of them have been considered for widespread deployment due to strong design assumptions on the Internet infrastructure, prohibitive operational costs and complexity. Recently, the emergence of Software Defined Networking SDN has offered a solution to reduce network management complexity. It is also believed to facilitate security management thanks to its programmability. To explore the advantages of using SDN to mitigate DDoS attacks, we propose a distributed collaborative framework that allows the customers to request DDoS mitigation service from ISPs. Upon request, ISPs can change the label of the anomalous traffic and redirect them to security middleboxes, while attack detection and analysis modules are deployed at customer side, avoiding privacy leakage and other legal concerns. Our preliminary analysis demonstrates that SDN has promising potential to enable autonomic mitigation of DDoS attacks, as well as other large-scale attacks

Keywords : Network virtualisation Sécurité

Author: Rishikesh Sahay - Gregory Blanc - Zonghua Zhang - Hervé Debar -



Related documents