For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
MinDoS: A Priority-Based SDN Safe-Guard Architecture for DoS Attacks
Tao WANG Hongchang CHEN Chao QI
IEICE TRANSACTIONS on Information and Systems
Publication Date: 2018/10/01
Online ISSN: 1745-1361
Type of Manuscript: PAPER
Category: Information Network
software-defined networking, denial-of-service attack, priority queue, round-robin scheme,
Full Text: PDF(1.6MB)>>
Software-defined networking (SDN) has rapidly emerged as a promising new technology for future networks and gained considerable attention from both academia and industry. However, due to the separation between the control plane and the data plane, the SDN controller can easily become the target of denial-of service (DoS) attacks. To mitigate DoS attacks in OpenFlow networks, our solution, MinDoS, contains two key techniques/modules: the simplified DoS detection module and the priority manager. The proposed architecture sends requests into multiple buffer queues with different priorities and then schedules the processing of these flow requests to ensure better controller protection. The results show that MinDoS is effective and adds only minor overhead to the entire SDN/OpenFlow infrastructure.