DroPPPP: A P4 Approach to Mitigating DoS Attacks in SDN


Simsek G., BOSTAN H. , Sarica A. K. , Sarikaya E., KELEŞ A., ANGIN P. , ...More

20th World Conference on Information Security Applications, WISA 2019, Jeju Island, South Korea, 21 - 24 August 2019, pp.55-66 identifier identifier

  • Publication Type: Conference Paper / Full Text
  • Volume:
  • Doi Number: 10.1007/978-3-030-39303-8_5
  • City: Jeju Island
  • Country: South Korea
  • Page Numbers: pp.55-66
  • Keywords: Software-Defined Networking, Denial of service, P4

Abstract

© 2020, Springer Nature Switzerland AG.Software-Defined Networking (SDN) has proven itself a useful technology for establishing and managing configurable, dynamic networks with the rapid deployment of services in the past decade. Despite these advantages, the fact that the functionality of SDN relies heavily on the controller with a much less capable data plane creates a single point of failure, which leaves the network susceptible to denial of service (DoS) attacks mainly targeting the controller to affect the operation of the whole network. An effective approach for mitigating DoS attacks in SDN requires identifying and stopping attacks as close to their source as possible, which will require involvement of the data plane in the mitigation strategy. In this work we propose DroPPPP, a DoS prevention approach for SDN that operates in the data plane using the P4 programming language. We demonstrate through experiments in the Mininet that lightweight processing of the packets in the data plane with DroPPPP negates significant overheads through reducing the traffic between switches while keeping the controller’s CPU usage at 0% and below 50% during spoofing and volumetric attacks.