• KSII Transactions on Internet and Information Systems
    Monthly Online Journal (eISSN: 1976-7277)

A Dynamic Defense Using Client Puzzle for Identity-Forgery Attack on the South-Bound of Software Defined Networks

Vol. 11, No. 2, February 27, 2017
10.3837/tiis.2017.02.012, Download Paper (Free):

Abstract

Software Defined Network (SDN) realizes management and control over the underlying forwarding device, along with acquisition and analysis of network topology and flow characters through south bridge protocol. Data path Identification (DPID) is the unique identity for managing the underlying device, so forged DPID can be used to attack the link of underlying forwarding devices, as well as carry out DoS over the upper-level controller. This paper proposes a dynamic defense method based on Client-Puzzle model, in which the controller achieves dynamic management over requests from forwarding devices through generating questions with multi-level difficulty. This method can rapidly reduce network load, and at the same time separate attack flow from legal flow, enabling the controller to provide continuous service for legal visit. We conduct experiments on open-source SDN controllers like Fluid and Ryu, the result of which verifies feasibility of this defense method. The experimental result also shows that when cost of controller and forwarding device increases by about 2%-5%, the cost of attacker’s CPU increases by near 90%, which greatly raises the attack difficulty for attackers.


Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2015)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article

[IEEE Style]
Z. Wu, Q. Wei, K. Ren, Q. Wang, "A Dynamic Defense Using Client Puzzle for Identity-Forgery Attack on the South-Bound of Software Defined Networks," KSII Transactions on Internet and Information Systems, vol. 11, no. 2, pp. 846-864, 2017. DOI: 10.3837/tiis.2017.02.012.

[ACM Style]
Zehui Wu, Qiang Wei, Kailei Ren, and Qingxian Wang. 2017. A Dynamic Defense Using Client Puzzle for Identity-Forgery Attack on the South-Bound of Software Defined Networks. KSII Transactions on Internet and Information Systems, 11, 2, (2017), 846-864. DOI: 10.3837/tiis.2017.02.012.

[BibTeX Style]
@article{tiis:21359, title="A Dynamic Defense Using Client Puzzle for Identity-Forgery Attack on the South-Bound of Software Defined Networks", author="Zehui Wu and Qiang Wei and Kailei Ren and Qingxian Wang and ", journal="KSII Transactions on Internet and Information Systems", DOI={10.3837/tiis.2017.02.012}, volume={11}, number={2}, year="2017", month={February}, pages={846-864}}