TY - JOUR
AU - Sahoo, Kshira Sagar
AB - In Software‐Defined Networking (SDN), the routing process involves packet forwarding based on flow rules managed by the controller. However, attackers could exploit this situation by launching Distributed Denial of Service (DDoS) attacks using spoofed source addresses, which can overwhelm the controller with a large number of fake packets. Most of the prior works in this scenario are based on an address binding method; the source address of each packet coming from a host_port of a switch is checked against the entries in a binding table. This table consists of the actual source address of each host attached to a host_port. This approach can identify the source points of attacks within a short time; however, it suffers from high controller overhead because each packet needs to be matched against the entries in the binding table. In this context, we propose a Hybrid Defense System (HDS) which consists of a two‐stage detection method. In the first stage, a lightweight entropy‐based method detects address spoofing in network traffic, which in the process, significantly reduces the overhead of checking every packet against the binding table. If an attack is detected, the second stage gets activated, in which a time‐based address binding approach identifies the source points of attacks. Thereafter, a mitigation method blocks the source points of the attacks. HDS is implemented in the Floodlight controller and is evaluated in different networking scenarios using Mininet. Our experimental results show that HDS reduces the controller overhead by 10%–12%, lowers the False Positive Rate by 20%, and reduces the False Negative Rate by 10% in comparison to the existing address binding methods.
TI - A Hybrid Lightweight Defense System Against Address Spoofing Based DDoS Attacks in SDN
JF - Security and Privacy
DO - 10.1002/spy2.70021
DA - 2025-03-01
UR - https://www.deepdyve.com/lp/wiley/a-hybrid-lightweight-defense-system-against-address-spoofing-based-uGEnkFEk2c
VL - 8
IS - 2
DP - DeepDyve
ER -