Reducing the effects of DoS attacks in software defined networks using parallel flow installation

Software defined networking (SDN) is becoming more and more popular due to its key features, such as monitoring, fine-grained control, flexibility and scalability. The centralized control of SDN makes it vulnerable to various types of attacks, e.g., flooding, spoofing, and denial of service (DoS). A...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Veröffentlicht in:	Human-centric Computing and Information Sciences 2019-05, Vol.9 (1), p.1-19, Article 16
Hauptverfasser:	Imran, Muhammad, Durad, Muhammad Hanif, Khan, Farrukh Aslam, Derhab, Abdelouahid
Format:	Artikel
Sprache:	eng
Schlagworte:	Artificial Intelligence Communications Engineering Communications traffic Computer Science Computer Systems Organization and Communication Networks Control Controllers Cybersecurity Data security Denial of service attacks Flooding Floods Forecasts and trends Information Systems and Communication Service Information Systems Applications (incl.Internet) Methods Monitoring Networks Overloading Parallel flow Performance degradation Response time Safety and security measures Security management Software-defined networking Spoofing Switches Switching theory Traffic control User Interfaces and Human Computer Interaction Virtual private networks
Online-Zugang:	Volltext
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page	19
container_issue	1
container_start_page	1
container_title	Human-centric Computing and Information Sciences
container_volume	9
creator	Imran, Muhammad Durad, Muhammad Hanif Khan, Farrukh Aslam Derhab, Abdelouahid
description	Software defined networking (SDN) is becoming more and more popular due to its key features, such as monitoring, fine-grained control, flexibility and scalability. The centralized control of SDN makes it vulnerable to various types of attacks, e.g., flooding, spoofing, and denial of service (DoS). Among these attacks, DoS attack has the most severe impact because it degrades the performance of the SDN by overloading its different components, i.e., controller, switch, and control channel. This impact becomes more prominent in SDNs having fine-grained control over traffic for monitoring and management purposes, where large numbers of flow rules are installed. Existing approaches handle DoS attacks in SDN either by dropping malicious packets or by aggregating flow rules, resulting in a legitimate packet drop or loss of fine-grained control over network traffic. In this paper, a parallel flow installation approach is proposed to reduce the effects of DoS attacks, without losing the monitoring capability and fine-grained control over network traffic. The proposed approach installs flow rules in all switches along the path from the source to the destination on a single request from the source; resulting in a considerable reduction of control channel traffic and controller’s utilization. The proposed approach is evaluated by comparing it with the basic SDN controller. The simulation results show that the proposed approach increases the SDN performance in terms of CPU utilization, response time, flow requests, and control channel bandwidth.
doi_str_mv	10.1186/s13673-019-0176-7
format	Article
fullrecord	<record><control><sourceid>gale_proqu</sourceid><recordid>TN_cdi_proquest_journals_2217246268</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><galeid>A584130966</galeid><sourcerecordid>A584130966</sourcerecordid><originalsourceid>FETCH-LOGICAL-c432t-b3ec885eca8c6ac4af898bc52e212d81b25c2c490b2c3712f8e41a9870b07bbb3</originalsourceid><addsrcrecordid>eNp1kE1LxDAQhosoKOv-AG8Bz12TaZukx8VvEAQ_ziFNJ2u1m6xJlsV_b5YKepEQMpl5n5nkLYozRheMSX4RWcVFVVLW5i14KQ6KE2AtlKzlcPgnPi7mMb5TShkV0IjqpNBP2G_N4FYkvSFBa9GkSLwlV_6Z6JS0-YhkcCR6m3Y6IOnRDg574jDtfMjFbdzTGx30OOJI7Oh3GYgpX3UavDstjqweI85_zlnxenP9cnlXPjze3l8uH0pTV5DKrkIjZYNGS8O1qbWVrexMAwgMesk6aAyYuqUdmEowsBJrplspaEdF13XVrDif-m6C_9xiTOrdb4PLIxUAE1Bz4DKrFpNqpUdUg7M-BW3y6nE9GO_y73J-2ciaVbTlPANsAkzwMQa0ahOGtQ5filG1d19N7qvsvtq7r0RmYGJi1roVht-n_A99A8VviAY</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2217246268</pqid></control><display><type>article</type><title>Reducing the effects of DoS attacks in software defined networks using parallel flow installation</title><source>Springer Nature OA Free Journals</source><source>EZB-FREE-00999 freely available EZB journals</source><creator>Imran, Muhammad ; Durad, Muhammad Hanif ; Khan, Farrukh Aslam ; Derhab, Abdelouahid</creator><creatorcontrib>Imran, Muhammad ; Durad, Muhammad Hanif ; Khan, Farrukh Aslam ; Derhab, Abdelouahid</creatorcontrib><description>Software defined networking (SDN) is becoming more and more popular due to its key features, such as monitoring, fine-grained control, flexibility and scalability. The centralized control of SDN makes it vulnerable to various types of attacks, e.g., flooding, spoofing, and denial of service (DoS). Among these attacks, DoS attack has the most severe impact because it degrades the performance of the SDN by overloading its different components, i.e., controller, switch, and control channel. This impact becomes more prominent in SDNs having fine-grained control over traffic for monitoring and management purposes, where large numbers of flow rules are installed. Existing approaches handle DoS attacks in SDN either by dropping malicious packets or by aggregating flow rules, resulting in a legitimate packet drop or loss of fine-grained control over network traffic. In this paper, a parallel flow installation approach is proposed to reduce the effects of DoS attacks, without losing the monitoring capability and fine-grained control over network traffic. The proposed approach installs flow rules in all switches along the path from the source to the destination on a single request from the source; resulting in a considerable reduction of control channel traffic and controller’s utilization. The proposed approach is evaluated by comparing it with the basic SDN controller. The simulation results show that the proposed approach increases the SDN performance in terms of CPU utilization, response time, flow requests, and control channel bandwidth.</description><identifier>ISSN: 2192-1962</identifier><identifier>EISSN: 2192-1962</identifier><identifier>DOI: 10.1186/s13673-019-0176-7</identifier><language>eng</language><publisher>Berlin/Heidelberg: Springer Berlin Heidelberg</publisher><subject>Artificial Intelligence ; Communications Engineering ; Communications traffic ; Computer Science ; Computer Systems Organization and Communication Networks ; Control ; Controllers ; Cybersecurity ; Data security ; Denial of service attacks ; Flooding ; Floods ; Forecasts and trends ; Information Systems and Communication Service ; Information Systems Applications (incl.Internet) ; Methods ; Monitoring ; Networks ; Overloading ; Parallel flow ; Performance degradation ; Response time ; Safety and security measures ; Security management ; Software-defined networking ; Spoofing ; Switches ; Switching theory ; Traffic control ; User Interfaces and Human Computer Interaction ; Virtual private networks</subject><ispartof>Human-centric Computing and Information Sciences, 2019-05, Vol.9 (1), p.1-19, Article 16</ispartof><rights>The Author(s) 2019</rights><rights>COPYRIGHT 2019 Springer</rights><rights>Human-centric Computing and Information Sciences is a copyright of Springer, (2019). All Rights Reserved. © 2019. This work is published under http://creativecommons.org/licenses/by/4.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c432t-b3ec885eca8c6ac4af898bc52e212d81b25c2c490b2c3712f8e41a9870b07bbb3</citedby><cites>FETCH-LOGICAL-c432t-b3ec885eca8c6ac4af898bc52e212d81b25c2c490b2c3712f8e41a9870b07bbb3</cites><orcidid>0000-0002-7023-7172</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://link.springer.com/content/pdf/10.1186/s13673-019-0176-7$$EPDF$$P50$$Gspringer$$Hfree_for_read</linktopdf><linktohtml>$$Uhttps://doi.org/10.1186/s13673-019-0176-7$$EHTML$$P50$$Gspringer$$Hfree_for_read</linktohtml><link.rule.ids>314,780,784,27922,27923,41118,42187,51574</link.rule.ids></links><search><creatorcontrib>Imran, Muhammad</creatorcontrib><creatorcontrib>Durad, Muhammad Hanif</creatorcontrib><creatorcontrib>Khan, Farrukh Aslam</creatorcontrib><creatorcontrib>Derhab, Abdelouahid</creatorcontrib><title>Reducing the effects of DoS attacks in software defined networks using parallel flow installation</title><title>Human-centric Computing and Information Sciences</title><addtitle>Hum. Cent. Comput. Inf. Sci</addtitle><description>Software defined networking (SDN) is becoming more and more popular due to its key features, such as monitoring, fine-grained control, flexibility and scalability. The centralized control of SDN makes it vulnerable to various types of attacks, e.g., flooding, spoofing, and denial of service (DoS). Among these attacks, DoS attack has the most severe impact because it degrades the performance of the SDN by overloading its different components, i.e., controller, switch, and control channel. This impact becomes more prominent in SDNs having fine-grained control over traffic for monitoring and management purposes, where large numbers of flow rules are installed. Existing approaches handle DoS attacks in SDN either by dropping malicious packets or by aggregating flow rules, resulting in a legitimate packet drop or loss of fine-grained control over network traffic. In this paper, a parallel flow installation approach is proposed to reduce the effects of DoS attacks, without losing the monitoring capability and fine-grained control over network traffic. The proposed approach installs flow rules in all switches along the path from the source to the destination on a single request from the source; resulting in a considerable reduction of control channel traffic and controller’s utilization. The proposed approach is evaluated by comparing it with the basic SDN controller. The simulation results show that the proposed approach increases the SDN performance in terms of CPU utilization, response time, flow requests, and control channel bandwidth.</description><subject>Artificial Intelligence</subject><subject>Communications Engineering</subject><subject>Communications traffic</subject><subject>Computer Science</subject><subject>Computer Systems Organization and Communication Networks</subject><subject>Control</subject><subject>Controllers</subject><subject>Cybersecurity</subject><subject>Data security</subject><subject>Denial of service attacks</subject><subject>Flooding</subject><subject>Floods</subject><subject>Forecasts and trends</subject><subject>Information Systems and Communication Service</subject><subject>Information Systems Applications (incl.Internet)</subject><subject>Methods</subject><subject>Monitoring</subject><subject>Networks</subject><subject>Overloading</subject><subject>Parallel flow</subject><subject>Performance degradation</subject><subject>Response time</subject><subject>Safety and security measures</subject><subject>Security management</subject><subject>Software-defined networking</subject><subject>Spoofing</subject><subject>Switches</subject><subject>Switching theory</subject><subject>Traffic control</subject><subject>User Interfaces and Human Computer Interaction</subject><subject>Virtual private networks</subject><issn>2192-1962</issn><issn>2192-1962</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2019</creationdate><recordtype>article</recordtype><sourceid>C6C</sourceid><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><sourceid>GNUQQ</sourceid><recordid>eNp1kE1LxDAQhosoKOv-AG8Bz12TaZukx8VvEAQ_ziFNJ2u1m6xJlsV_b5YKepEQMpl5n5nkLYozRheMSX4RWcVFVVLW5i14KQ6KE2AtlKzlcPgnPi7mMb5TShkV0IjqpNBP2G_N4FYkvSFBa9GkSLwlV_6Z6JS0-YhkcCR6m3Y6IOnRDg574jDtfMjFbdzTGx30OOJI7Oh3GYgpX3UavDstjqweI85_zlnxenP9cnlXPjze3l8uH0pTV5DKrkIjZYNGS8O1qbWVrexMAwgMesk6aAyYuqUdmEowsBJrplspaEdF13XVrDif-m6C_9xiTOrdb4PLIxUAE1Bz4DKrFpNqpUdUg7M-BW3y6nE9GO_y73J-2ciaVbTlPANsAkzwMQa0ahOGtQ5filG1d19N7qvsvtq7r0RmYGJi1roVht-n_A99A8VviAY</recordid><startdate>20190501</startdate><enddate>20190501</enddate><creator>Imran, Muhammad</creator><creator>Durad, Muhammad Hanif</creator><creator>Khan, Farrukh Aslam</creator><creator>Derhab, Abdelouahid</creator><general>Springer Berlin Heidelberg</general><general>Springer</general><general>Korea Information Processing Society, Computer Software Research Group</general><scope>C6C</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>IAO</scope><scope>3V.</scope><scope>7XB</scope><scope>8AL</scope><scope>8FE</scope><scope>8FG</scope><scope>8FK</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>GNUQQ</scope><scope>HCIFZ</scope><scope>JQ2</scope><scope>K7-</scope><scope>M0N</scope><scope>P5Z</scope><scope>P62</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>Q9U</scope><orcidid>https://orcid.org/0000-0002-7023-7172</orcidid></search><sort><creationdate>20190501</creationdate><title>Reducing the effects of DoS attacks in software defined networks using parallel flow installation</title><author>Imran, Muhammad ; Durad, Muhammad Hanif ; Khan, Farrukh Aslam ; Derhab, Abdelouahid</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c432t-b3ec885eca8c6ac4af898bc52e212d81b25c2c490b2c3712f8e41a9870b07bbb3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2019</creationdate><topic>Artificial Intelligence</topic><topic>Communications Engineering</topic><topic>Communications traffic</topic><topic>Computer Science</topic><topic>Computer Systems Organization and Communication Networks</topic><topic>Control</topic><topic>Controllers</topic><topic>Cybersecurity</topic><topic>Data security</topic><topic>Denial of service attacks</topic><topic>Flooding</topic><topic>Floods</topic><topic>Forecasts and trends</topic><topic>Information Systems and Communication Service</topic><topic>Information Systems Applications (incl.Internet)</topic><topic>Methods</topic><topic>Monitoring</topic><topic>Networks</topic><topic>Overloading</topic><topic>Parallel flow</topic><topic>Performance degradation</topic><topic>Response time</topic><topic>Safety and security measures</topic><topic>Security management</topic><topic>Software-defined networking</topic><topic>Spoofing</topic><topic>Switches</topic><topic>Switching theory</topic><topic>Traffic control</topic><topic>User Interfaces and Human Computer Interaction</topic><topic>Virtual private networks</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Imran, Muhammad</creatorcontrib><creatorcontrib>Durad, Muhammad Hanif</creatorcontrib><creatorcontrib>Khan, Farrukh Aslam</creatorcontrib><creatorcontrib>Derhab, Abdelouahid</creatorcontrib><collection>Springer Nature OA Free Journals</collection><collection>CrossRef</collection><collection>Gale Academic OneFile</collection><collection>ProQuest Central (Corporate)</collection><collection>ProQuest Central (purchase pre-March 2016)</collection><collection>Computing Database (Alumni Edition)</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni) (purchase pre-March 2016)</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>Advanced Technologies & Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>ProQuest Central Student</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Computer Science Collection</collection><collection>Computer Science Database</collection><collection>Computing Database</collection><collection>Advanced Technologies & Aerospace Database</collection><collection>ProQuest Advanced Technologies & Aerospace Collection</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>ProQuest Central Basic</collection><jtitle>Human-centric Computing and Information Sciences</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Imran, Muhammad</au><au>Durad, Muhammad Hanif</au><au>Khan, Farrukh Aslam</au><au>Derhab, Abdelouahid</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Reducing the effects of DoS attacks in software defined networks using parallel flow installation</atitle><jtitle>Human-centric Computing and Information Sciences</jtitle><stitle>Hum. Cent. Comput. Inf. Sci</stitle><date>2019-05-01</date><risdate>2019</risdate><volume>9</volume><issue>1</issue><spage>1</spage><epage>19</epage><pages>1-19</pages><artnum>16</artnum><issn>2192-1962</issn><eissn>2192-1962</eissn><abstract>Software defined networking (SDN) is becoming more and more popular due to its key features, such as monitoring, fine-grained control, flexibility and scalability. The centralized control of SDN makes it vulnerable to various types of attacks, e.g., flooding, spoofing, and denial of service (DoS). Among these attacks, DoS attack has the most severe impact because it degrades the performance of the SDN by overloading its different components, i.e., controller, switch, and control channel. This impact becomes more prominent in SDNs having fine-grained control over traffic for monitoring and management purposes, where large numbers of flow rules are installed. Existing approaches handle DoS attacks in SDN either by dropping malicious packets or by aggregating flow rules, resulting in a legitimate packet drop or loss of fine-grained control over network traffic. In this paper, a parallel flow installation approach is proposed to reduce the effects of DoS attacks, without losing the monitoring capability and fine-grained control over network traffic. The proposed approach installs flow rules in all switches along the path from the source to the destination on a single request from the source; resulting in a considerable reduction of control channel traffic and controller’s utilization. The proposed approach is evaluated by comparing it with the basic SDN controller. The simulation results show that the proposed approach increases the SDN performance in terms of CPU utilization, response time, flow requests, and control channel bandwidth.</abstract><cop>Berlin/Heidelberg</cop><pub>Springer Berlin Heidelberg</pub><doi>10.1186/s13673-019-0176-7</doi><tpages>19</tpages><orcidid>https://orcid.org/0000-0002-7023-7172</orcidid><oa>free_for_read</oa></addata></record>
fulltext	fulltext
identifier	ISSN: 2192-1962
ispartof	Human-centric Computing and Information Sciences, 2019-05, Vol.9 (1), p.1-19, Article 16
issn	2192-1962 2192-1962
language	eng
recordid	cdi_proquest_journals_2217246268
source	Springer Nature OA Free Journals; EZB-FREE-00999 freely available EZB journals
subjects	Artificial Intelligence Communications Engineering Communications traffic Computer Science Computer Systems Organization and Communication Networks Control Controllers Cybersecurity Data security Denial of service attacks Flooding Floods Forecasts and trends Information Systems and Communication Service Information Systems Applications (incl.Internet) Methods Monitoring Networks Overloading Parallel flow Performance degradation Response time Safety and security measures Security management Software-defined networking Spoofing Switches Switching theory Traffic control User Interfaces and Human Computer Interaction Virtual private networks
title	Reducing the effects of DoS attacks in software defined networks using parallel flow installation
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-10T03%3A06%3A18IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-gale_proqu&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Reducing%20the%20effects%20of%20DoS%20attacks%20in%20software%20defined%20networks%20using%20parallel%20flow%20installation&rft.jtitle=Human-centric%20Computing%20and%20Information%20Sciences&rft.au=Imran,%20Muhammad&rft.date=2019-05-01&rft.volume=9&rft.issue=1&rft.spage=1&rft.epage=19&rft.pages=1-19&rft.artnum=16&rft.issn=2192-1962&rft.eissn=2192-1962&rft_id=info:doi/10.1186/s13673-019-0176-7&rft_dat=%3Cgale_proqu%3EA584130966%3C/gale_proqu%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2217246268&rft_id=info:pmid/&rft_galeid=A584130966&rfr_iscdi=true