DroPPPP: A P4 Approach to Mitigating DoS Attacks in SDN


Simsek G., BOSTAN H., Sarica A. K., Sarikaya E., KELEŞ A., ANGIN P., ...Daha Fazla

20th World Conference on Information Security Applications, WISA 2019, Jeju Island, Güney Kore, 21 - 24 Ağustos 2019, ss.55-66 identifier identifier

  • Yayın Türü: Bildiri / Tam Metin Bildiri
  • Cilt numarası:
  • Doi Numarası: 10.1007/978-3-030-39303-8_5
  • Basıldığı Şehir: Jeju Island
  • Basıldığı Ülke: Güney Kore
  • Sayfa Sayıları: ss.55-66
  • Anahtar Kelimeler: Software-Defined Networking, Denial of service, P4
  • Orta Doğu Teknik Üniversitesi Adresli: Evet

Özet

© 2020, Springer Nature Switzerland AG.Software-Defined Networking (SDN) has proven itself a useful technology for establishing and managing configurable, dynamic networks with the rapid deployment of services in the past decade. Despite these advantages, the fact that the functionality of SDN relies heavily on the controller with a much less capable data plane creates a single point of failure, which leaves the network susceptible to denial of service (DoS) attacks mainly targeting the controller to affect the operation of the whole network. An effective approach for mitigating DoS attacks in SDN requires identifying and stopping attacks as close to their source as possible, which will require involvement of the data plane in the mitigation strategy. In this work we propose DroPPPP, a DoS prevention approach for SDN that operates in the data plane using the P4 programming language. We demonstrate through experiments in the Mininet that lightweight processing of the packets in the data plane with DroPPPP negates significant overheads through reducing the traffic between switches while keeping the controller’s CPU usage at 0% and below 50% during spoofing and volumetric attacks.