Abstract:
Recent research demonstrated that software defined
networking (SDN) can be leveraged to enable moving target
defense (MTD) to mitigate distributed denial of service (DDoS)
attacks. The network states are continuously changed in MTD by
effectively collecting information from the network and enforcing
certain security measures on the fly in order to deceive the
attackers. Being motivated from the success of SDN-based maneuvering,
this work targets an emerging type of DDoS attacks,
called Crossfire, and proposes an SDN-based MTD mechanism
to defend against such attacks. We analyze Crossfire attack
planning and utilize the analyzed results to develop the defense
mechanism which in turn reorganize the routes in such a way
that the congested links are avoided during packet forwarding.
The detection and mitigation techniques are implemented using
Mininet emulator and Floodlight SDN controller. The evaluation
results show that the route mutation can effectively reduce the
congestion in the targeted links without making any major
disruption on network services.
Keywords: Software Defined
