A Testbed for the Evaluation of Denial of Service Attacks in Software-Defined Networks

Abstract

Software defined networking (SDN) is being widely deployed within enterprise and carrier networks to streamline network services provisioning and reduce costs. This approach improves upon traditional networking protocol technologies by decoupling the data and control planes and moving all control provisioning decisions to a centralized SDN controller. Overall, centralized control delivers much more cost-effective and flexible networking setups that can support a wide range of customized user-driven network management applications, e.g., traffic engineering, security, survivability, policy control, etc. However, the separation of the data and control layers in a SDN network introduces many attack points for malicious users to exploit. In particular, large-scale denial of service (DoS) attacks are a major concern here, as they can effectively shut down vital communications between the SDN controller and data plane nodes. Given the increasing sophistication of such attacks, SDN DoS detection and mitigation have become vital concerns. Although various studies have addressed this problem area, there is a further need to develop and test solutions in live realistic network settings. Along these lines, this paper overviews this important area and demonstrates the impact of DoS attacks on SDN elements in the NSF GENI network testbed. This work provides a key baseline and set of input data from which to develop further detection and mitigation strategies.