Resource investment for DDoS attack resistant SDN: a practical assessment

Yuan, B; Zhang, F; Wan, J; Zhao, H; Yu, S; Zou, D; Hua, Q; Jin, H

Resource investment for DDoS attack resistant SDN: a practical assessment

Yuan, B Zhang, F Wan, J Zhao, H Yu, S

Zou, D Hua, Q Jin, H

Permalink

Publisher:: Springer Nature
Publication Type:: Journal Article
Citation:: Science China Information Sciences, 2023, 66, (7), pp. 172103
Issue Date:: 2023-07-01

Closed Access

	Filename	Description	Size
	s11432-022-3593-7.pdf	Published version	774.92 kB	Adobe PDF	View/Open

Copyright Clearance Process

Recently Added
In Progress
Closed Access

This item is closed access and not available.

Full metadata record

Field	Value	Language
dc.contributor.author	Yuan, B
dc.contributor.author	Zhang, F
dc.contributor.author	Wan, J
dc.contributor.author	Zhao, H
dc.contributor.author	Yu, S https://orcid.org/0000-0003-4485-6743
dc.contributor.author	Zou, D
dc.contributor.author	Hua, Q
dc.contributor.author	Jin, H
dc.date.accessioned	2024-02-29T04:15:01Z
dc.date.available	2024-02-29T04:15:01Z
dc.date.issued	2023-07-01
dc.identifier.citation	Science China Information Sciences, 2023, 66, (7), pp. 172103
dc.identifier.issn	1674-733X
dc.identifier.issn	1869-1919
dc.identifier.uri	http://hdl.handle.net/10453/175964
dc.description.abstract	Software-defined networks (SDNs) present a novel network architecture that is widely used in various datacenters. However, SDNs also suffer from many types of security threats, among which a distributed denial of service (DDoS) attack, which aims to drain the resources of SDN switches and controllers, is one of the most common. Once the switch or controller is damaged, the network services can be affected. Many defense schemes against DDoS attacks have been proposed from the perspective of attack detection; however, such defense schemes are known to suffer from a time consuming and unpromising accuracy, which could result in an unavailable network service before specific countermeasures are taken. To address this issue through a systematic investigation, we propose an elaborate resource-management mechanism against DDoS attacks in an SDN. Specifically, by considering the SDN topology, we leverage the M/M/c queuing model to measure the resistance of an SDN to DDoS attacks. Network administrators can therefore invest a reasonable number of resources into SDN switches and SDN controllers to defend against DDoS attacks while guaranteeing the quality of service (QoS). Comprehensive analyses and empirical data-based experiments demonstrate the effectiveness of the proposed approach.
dc.language	en
dc.publisher	Springer Nature
dc.relation.ispartof	Science China Information Sciences
dc.relation.isbasedon	10.1007/s11432-022-3593-7
dc.rights	info:eu-repo/semantics/closedAccess
dc.subject	0804 Data Format, 0806 Information Systems, 0899 Other Information and Computing Sciences
dc.subject.classification	Software Engineering
dc.subject.classification	4006 Communications engineering
dc.subject.classification	4007 Control engineering, mechatronics and robotics
dc.subject.classification	4009 Electronics, sensors and digital hardware
dc.title	Resource investment for DDoS attack resistant SDN: a practical assessment
dc.type	Journal Article
utslib.citation.volume	66
utslib.for	0804 Data Format
utslib.for	0806 Information Systems
utslib.for	0899 Other Information and Computing Sciences
pubs.organisational-group	University of Technology Sydney
pubs.organisational-group	University of Technology Sydney/Faculty of Engineering and Information Technology
pubs.organisational-group	University of Technology Sydney/Faculty of Engineering and Information Technology/School of Computer Science
pubs.organisational-group	University of Technology Sydney/Strength - CCSP - Centre for Cyber Security and Privacy
utslib.copyright.status	closed_access	*
dc.date.updated	2024-02-29T04:15:00Z
pubs.issue	7
pubs.publication-status	Published
pubs.volume	66
utslib.citation.issue	7

Abstract:

Software-defined networks (SDNs) present a novel network architecture that is widely used in various datacenters. However, SDNs also suffer from many types of security threats, among which a distributed denial of service (DDoS) attack, which aims to drain the resources of SDN switches and controllers, is one of the most common. Once the switch or controller is damaged, the network services can be affected. Many defense schemes against DDoS attacks have been proposed from the perspective of attack detection; however, such defense schemes are known to suffer from a time consuming and unpromising accuracy, which could result in an unavailable network service before specific countermeasures are taken. To address this issue through a systematic investigation, we propose an elaborate resource-management mechanism against DDoS attacks in an SDN. Specifically, by considering the SDN topology, we leverage the M/M/c queuing model to measure the resistance of an SDN to DDoS attacks. Network administrators can therefore invest a reasonable number of resources into SDN switches and SDN controllers to defend against DDoS attacks while guaranteeing the quality of service (QoS). Comprehensive analyses and empirical data-based experiments demonstrate the effectiveness of the proposed approach.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/175964