We found a match
Your institution may have rights to this item. Sign in to continue.
- Title
An OpenFlow User-Switch Remapping Approach for DDoS Defense.
- Authors
Qiang Wei; Zehui Wu; Kalei Ren; Qingxian Wang
- Abstract
DDoS attacks have had a devastating effect on the Internet, which can cause millions of dollars of damage within hours or even minutes. In this paper we propose a practical dynamic defense approach that overcomes the shortage of static defense mechanisms. Our approach employs a group of SDN-based proxy switches to relay data flow between users and servers. By substituting backup proxy switches for attacked ones and reassigning suspect users onto the new proxy switches, innocent users are isolated and saved from malicious attackers through a sequence of remapping process. In order to improve the speed of attacker segregation, we have designed and implemented an efficient greedy algorithm which has been demonstrated to have little influence on legitimate traffic. Simulations, which were then performed with the open source controller Ryu, show that our approach is effective in alleviating DDoS attacks and quarantining the attackers by numerable remapping process. The simulations also demonstrate that our dynamic defense imposes little effect on legitimate users, and the overhead introduced by remapping procedure is acceptable.
- Subjects
OPENFLOW (Computer network protocol); INTERNET users; DENIAL of service attacks; MALWARE; GREEDY algorithms
- Publication
KSII Transactions on Internet & Information Systems, 2016, Vol 10, Issue 9, p4529
- ISSN
1976-7277
- Publication type
Article
- DOI
10.3837/tiis.2016.09.027