Research Article
Defending Blind DDoS Attack on SDN Based on Moving Target Defense
@INPROCEEDINGS{10.1007/978-3-319-23829-6_32, author={Duohe Ma and Zhen Xu and Dongdai Lin}, title={Defending Blind DDoS Attack on SDN Based on Moving Target Defense}, proceedings={International Conference on Security and Privacy in Communication Networks. 10th International ICST Conference, SecureComm 2014, Beijing, China, September 24-26, 2014, Revised Selected Papers, Part I}, proceedings_a={SECURECOMM}, year={2015}, month={11}, keywords={Blind DDoS attack Software defined networking Moving target defense}, doi={10.1007/978-3-319-23829-6_32} }
- Duohe Ma
Zhen Xu
Dongdai Lin
Year: 2015
Defending Blind DDoS Attack on SDN Based on Moving Target Defense
SECURECOMM
Springer
DOI: 10.1007/978-3-319-23829-6_32
Abstract
Software Defined Networking (SDN) provides a new network solution by decoupling control plane and data plane from the closed and proprietary implementations of traditional network devices. With its promisingly advanced architecture, SDN represents the future development trend of network. In its typical structure, collaborative interaction between one controller and multiple switches forms a centralized network topology. As playing a key role in this network architecture, the controller in SDN is very vulnerable to single point of failure. What is worse, the emergence of Blind DDoS attack against SDN’s special structure increases its risks. To address this challenge, we introduce a Moving Target Defense(MTD) system to defend Blind DDoS attack. The approach adopts a multi-controller pool to solve the saturation problem, and it can dynamically shift controllers connecting to switches according to the density of flood flow. By randomly delaying the scanning packets and filtering the flood with route-map, this MTD system can effectively resist the Blind DDoS attack and protect the availability and reliability of SDN.