SDN-based network security functions for effective DDoS attack mitigation
| Title | SDN-based network security functions for effective DDoS attack mitigation |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Hyun, D., Kim, J., Hong, D., Jeong, J. P. |
| Conference Name | 2017 International Conference on Information and Communication Technology Convergence (ICTC) |
| Publisher | IEEE |
| ISBN Number | 978-1-5090-4032-2 |
| Keywords | Communication networks, composability, Computer crime, Data models, DDoS attack mitigation, distributed denial of service, Human Behavior, Metrics, Netconf & YANG, Network Function Virtual, Protocols, pubcrawl, Resiliency, Servers, Software, Software Defined Network, Suricata |
| Abstract | Distributed Denial of Service (DDoS) attack has been bringing serious security concerns on banks, finance incorporation, public institutions, and data centers. Also, the emerging wave of Internet of Things (IoT) raises new concerns on the smart devices. Software Defined Networking (SDN) and Network Functions Virtualization (NFV) have provided a new paradigm for network security. In this paper, we propose a new method to efficiently prevent DDoS attacks, based on a SDN/NFV framework. To resolve the problem that normal packets are blocked due to the inspection on suspicious packets, we developed a threshold-based method that provides a client with an efficient, fast DDoS attack mitigation. In addition, we use open source code to develop the security functions in order to implement our solution for SDN-based network security functions. The source code is based on NETCONF protocol [1] and YANG Data Model [2]. |
| URL | https://ieeexplore.ieee.org/document/8190794 |
| DOI | 10.1109/ICTC.2017.8190794 |
| Citation Key | hyun_sdn-based_2017 |