Abstract
The convergent communication network will play an important role as a single platform to unify heterogeneous networks and integrate emerging technologies and existing legacy networks. Although there have been proposed many feasible solutions, they could not become convergent frameworks since they mainly focused on converting functions between various protocols and interfaces in edge networks, and handling functions for multiple services in core networks, e.g., the Multi-protocol Label Switching (MPLS) technique. Software-defined networking (SDN), on the other hand, is expected to be the ideal future for the convergent network since it can provide a controllable, dynamic, and cost-effective network. However, SDN has an original structural vulnerability behind a lot of advantages, which is the centralized control plane. As the brains of the network, a controller manages the whole network, which is attractive to attackers. In this context, we proposes a novel solution called adaptive suspicious prevention (ASP) mechanism to protect the controller from the Denial of Service (DoS) attacks that could incapacitate an SDN. The ASP is integrated with OpenFlow protocol to detect and prevent DoS attacks effectively. Our comprehensive experimental results show that the ASP enhances the resilience of an SDN network against DoS attacks by up to 38%.
Highlights
Convergent communication network composes of multiple network architectures and technologies that supports interconnection feature over a heterogeneous network to reduce the dependence on underlying infrastructure of communication services
In order to protect Software-defined networking (SDN)-based convergent networks from such attacks, we propose a novel mechanism called adaptive suspicious prevention (ASP), to protect the controller against Denial of Service (DoS) attacks
We have developed a mechanism based on the OpenFlow protocol
Summary
Convergent communication network composes of multiple network architectures and technologies that supports interconnection feature over a heterogeneous network to reduce the dependence on underlying infrastructure of communication services. That problem can occur when the switches are used to forward many packets to the controller in a short time period This will eventually lead to a situation that the packets coming from normal users will be dropped at the controller’s input buffer. Another potential security problem which makes a network malfunction is a switch flow table overload. In order to protect SDN-based convergent networks from such attacks, we propose a novel mechanism called adaptive suspicious prevention (ASP), to protect the controller against DoS attacks. The fundamental idea is to operate the controller of an SDN-based network using specific policies to handle incoming packets differently for each user type.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
