Attack-Aware Dynamic Upstream Bandwidth Assignment Scheme for Passive Optical Network

Abstract

Abstract Network security is an important component of today’s networks to combat the security attacks. The passive optical network (PON) works at the medium access layer (MAC). A distributed denial of service (DDOS) attack may be launched from the network and transport layers of an Optical Network unit (ONU). Although there are various security techniques to mitigate its impact, however, these techniques cannot mitigate the impact on the MAC Layer of the PON and can cause an ONU to continuously drain too much bandwidth. This will result in reduced bandwidth availability to other ONUs and, thus, causing an increase in US delays and delay variance. In this work we argue that the impact of a DDOS attack can be mitigated by improving the Dynamic bandwidth assignment (DBA) scheme which is used in PON to manage the US bandwidth at the optical line terminal (OLT). The present DBA schemes do not have the capability to combat a security attack. Thus, this study, uses a machine learning approach to learn the ONU traffic demand patterns and presents a security aware DBA (SA-DBA) scheme that detects a rogue (attacker) ONU from its traffic demand pattern and limits its illegitimate bandwidth demand and only allows it the bandwidth assignment to it as per the agreed service level agreement (SLA). The simulation results show that the SA-DBA scheme results in up to 53%, 55% and 90% reduced US delays and up to 84%, 76% and 95% reduced US delay variance of T2, T3 and T4 traffic classes compared to existing insecure DBA schemes.