Countering crossfire DDoS attacks through moving target defense in SDN networks using OpenFlow traffic modification

Abstract

AbstractSoftware‐Defined Networking (SDN) is an evolving networking technique due to its flexibility and programmability. OpenFlow is the primary protocol behind SDN. Moving Target Defense (MTD) is an emerging security technique to counter attacks by dynamically changing the attack surface. SDN‐based MTD security solutions are gaining popularity due to the centralized control and monitoring capabilities of the SDN control plane. Crossfire is a type of indirect Distributed Denial of Service (DDoS) attack intending to impact the neighbors of the actual target. Crossfire DDoS attacks are gaining momentum in recent times. In this paper, a mechanism for the protection of crossfire DDoS attacks is proposed by exploiting OpenFlow‐based traffic modifications. We employed the Moving Target Defense scheme to redirect the traffic from the actual host to the shadow host to counter the crossfire DDoS attack and from the default domain name system port to another predefined port. Traffic redirection helps in diverting the attacker to shadow host and thus getting the incorrect network path and subsequently crossfire attack was unable to be executed properly. The proposed scheme utilized the ONOS cluster with Mininet. The results showed successful traffic redirection for countering the Crossfire DDoS attacks at a low computational cost.