• KSII Transactions on Internet and Information Systems
    Monthly Online Journal (eISSN: 1976-7277)

An OpenFlow User-Switch Remapping Approach for DDoS Defense

Vol. 10, No. 9, September 29, 2016
10.3837/tiis.2016.09.027, Download Paper (Free):

Abstract

DDoS attacks have had a devastating effect on the Internet, which can cause millions of dollars of damage within hours or even minutes. In this paper we propose a practical dynamic defense approach that overcomes the shortage of static defense mechanisms. Our approach employs a group of SDN-based proxy switches to relay data flow between users and servers. By substituting backup proxy switches for attacked ones and reassigning suspect users onto the new proxy switches, innocent users are isolated and saved from malicious attackers through a sequence of remapping process. In order to improve the speed of attacker segregation, we have designed and implemented an efficient greedy algorithm which has been demonstrated to have little influence on legitimate traffic. Simulations, which were then performed with the open source controller Ryu, show that our approach is effective in alleviating DDoS attacks and quarantining the attackers by numerable remapping process. The simulations also demonstrate that our dynamic defense imposes little effect on legitimate users, and the overhead introduced by remapping procedure is acceptable.


Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2015)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article

[IEEE Style]
Q. Wei, Z. Wu, K. Ren, Q. Wang, "An OpenFlow User-Switch Remapping Approach for DDoS Defense," KSII Transactions on Internet and Information Systems, vol. 10, no. 9, pp. 4529-4548, 2016. DOI: 10.3837/tiis.2016.09.027.

[ACM Style]
Qiang Wei, Zehui Wu, Kalei Ren, and Qingxian Wang. 2016. An OpenFlow User-Switch Remapping Approach for DDoS Defense. KSII Transactions on Internet and Information Systems, 10, 9, (2016), 4529-4548. DOI: 10.3837/tiis.2016.09.027.

[BibTeX Style]
@article{tiis:21230, title="An OpenFlow User-Switch Remapping Approach for DDoS Defense", author="Qiang Wei and Zehui Wu and Kalei Ren and Qingxian Wang and ", journal="KSII Transactions on Internet and Information Systems", DOI={10.3837/tiis.2016.09.027}, volume={10}, number={9}, year="2016", month={September}, pages={4529-4548}}