Counteracting UDP flooding attacks in SDN

Yung Hao Tung, Hung Chuan Wei, Yen Wu Ti*, Yao Tung Tsou, Neetesh Saxena, Chia-Mu Yu

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

Abstract

Software-defined networking (SDN) is a new networking architecture with a centralized control mechanism. SDN has proven to be successful in improving not only the network performance, but also security. However, centralized control in the SDN architecture is associated with new security vulnerabilities. In particular, user-datagram-protocol (UDP) flooding attacks can be easily launched and cause serious packet-transmission delays, controller-performance loss, and even network shutdown. In response to applications in the Internet of Things (IoT) field, this study considers UDP flooding attacks in SDN and proposes two lightweight countermeasures. The first method sometimes sacrifices address-resolution-protocol (ARP) requests to achieve a high level of security. In the second method, although packets must sometimes be sacrificed when undergoing an attack before starting to defend, the detection of the network state can prevent normal packets from being sacrificed. When blocking a network attack, attacks from the affected port are directly blocked without affecting normal ports. The performance and security of the proposed methods were confirmed by means of extensive experiments. Compared with the situation where no defense is implemented, or similar defense methods are implemented, after simulating a UDP flooding attack, our proposed method performed better in terms of the available bandwidth, central-processing-unit (CPU) consumption, and network delay time.

Original languageEnglish
Article number1239
Pages (from-to)1-28
Number of pages28
JournalElectronics (Switzerland)
Volume9
Issue number8
DOIs
StatePublished - Aug 2020

Keywords

  • Network security
  • Software-defined networking (SDN)
  • UDP flooding attack

Fingerprint Dive into the research topics of 'Counteracting UDP flooding attacks in SDN'. Together they form a unique fingerprint.

Cite this