• KSII Transactions on Internet and Information Systems
    Monthly Online Journal (eISSN: 1976-7277)

FuzzyGuard: A DDoS attack prevention extension in software-defined wireless sensor networks


Abstract

Software defined networking brings unique security risks such as control plane saturation attack while enhancing the performance of wireless sensor networks. The attack is a new type of distributed denial of service (DDoS) attack, which is easy to launch. However, it is difficult to detect and hard to defend. In response to this, the attack threat model is discussed firstly, and then a DDoS attack prevention extension, called FuzzyGuard, is proposed. In FuzzyGuard, a control network with both the protection of data flow and the convergence of attack flow is constructed in the data plane by using the idea of independent routing control flow. Then, the attack detection is implemented by fuzzy inference method to output the current security state of the network. Different probabilistic suppression modes are adopted subsequently to deal with the attack flow to cost-effectively reduce the impact of the attack on the network. The prototype is implemented on SDN-WISE and the simulation experiment is carried out. The evaluation results show that FuzzyGuard could effectively protect the normal forwarding of data flow in the attacked state and has a good defensive effect on the control plane saturation attack with lower resource requirements.


Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2015)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article

[IEEE Style]
M. Huang and B. Yu, "FuzzyGuard: A DDoS attack prevention extension in software-defined wireless sensor networks," KSII Transactions on Internet and Information Systems, vol. 13, no. 7, pp. 3671-3689, 2019. DOI: 10.3837/tiis.2019.07.019.

[ACM Style]
Meigen Huang and Bin Yu. 2019. FuzzyGuard: A DDoS attack prevention extension in software-defined wireless sensor networks. KSII Transactions on Internet and Information Systems, 13, 7, (2019), 3671-3689. DOI: 10.3837/tiis.2019.07.019.

[BibTeX Style]
@article{tiis:22163, title="FuzzyGuard: A DDoS attack prevention extension in software-defined wireless sensor networks", author="Meigen Huang and Bin Yu and ", journal="KSII Transactions on Internet and Information Systems", DOI={10.3837/tiis.2019.07.019}, volume={13}, number={7}, year="2019", month={July}, pages={3671-3689}}