Abstract
Software defined networking (SDN) has emerged over the past few years as a novel networking technology that enables fast and easy network management. Separating the control plane and the data plane in SDNs allows for dynamic network management, implementation of new applications, and implementing network specific functions in software. This paper addresses the problem of SYN flood attacks in SDNs which are considered among the most challenging threats because their effect exceeds the targeted end system to the controller and TCAM of OpenFlow switches. These attacks exploit the three-way handshaking connection establishment mechanism in TCP, where attackers overwhelm the victim machine with flood of spoofed SYN packets resulting in a large number of half-open connections that would never complete. Therefore, degrading the performance of the controller and populating OpenFlow switches’ TCAMs with spoofed entries. In this paper, we propose ISDSDN, a mechanism for SYN flood attack mitigation in software defined networks. The proposed mechanism adopts the idea of intentional dropping to distinguish between legitimate and attack SYN packets in the context of software defined networks. ISDSDN is implemented as an extension module of POX controller and is evaluated under different attack scenarios. Performance evaluation shows that the proposed mechanism is very effective in defending against SYN flood attacks.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
