Attacks in SDN Domains Kostas Giotis , Maria Apostolaki, Vasilis - - PowerPoint PPT Presentation

attacks in sdn domains kostas giotis maria apostolaki
SMART_READER_LITE
LIVE PREVIEW

Attacks in SDN Domains Kostas Giotis , Maria Apostolaki, Vasilis - - PowerPoint PPT Presentation

Jul 29, 2023 535 likes •632 views

NATIONAL TECHNICAL UNIVERSITY OF ATHENS - NTUA SCHOOL OF ELECTRICAL & COMPUTER ENGINEERING NETWORK MANAGEMENT & OPTIMAL DESIGN LABORATORY (NETMODE) A Reputation-based Collaborative Schema for the Mitigation of Distributed Attacks in SDN

slide-1
SLIDE 1

Kostas Giotis, Maria Apostolaki, Vasilis Maglaris

IEEE/IFIP Network Operations and Management Symposium 2016

Istanbul, April 2016

A Reputation-based Collaborative Schema for the Mitigation of Distributed Attacks in SDN Domains NATIONAL TECHNICAL UNIVERSITY OF ATHENS - NTUA

SCHOOL OF ELECTRICAL & COMPUTER ENGINEERING

NETWORK MANAGEMENT & OPTIMAL DESIGN LABORATORY (NETMODE)

slide-2
SLIDE 2

High-level Description

.

  • Gradual path identification

for malicious flows

 SDN domains are aware of

their adjacent domain that forward malicious flows

  • Distributed mitigation of

distributed attacks (DDoS), in a per-flow manner

 Requirement: SDN-enabled

Domains at AS premises

2

slide-3
SLIDE 3

Overall Approach

  • Cooperative Mitigation

Manager:

 Evaluate cooperation level  Inject new OpenFlow rules on

behalf of “reputable” domains under attack

  • Incident Manager:

 Victim Domain: Assemble and

disseminate Incident Reports (IRP)

 Transit or Source Domains:

Receive and disseminate Incident Reports (IRH, IRP)

3

slide-4
SLIDE 4

Cooperation and Reputation between SDNs

.

  • Assess cooperation level of adjacent SDN Domains

 Employ Beta (𝑏, 𝑐) distribution  Parameters 𝑏, 𝑐 are updated for a given SDN domain after accepting

(s=1) or declining (s=0) to contribute in the mitigation of a DDoS attack 𝑏𝑜+1 = 𝑏𝑜 ∙ 𝑣 + 𝑡, 𝑐𝑜+1 = 𝑐𝑜 ∙ 𝑣 + 1 − 𝑡

  • Reputation Score

 Adjacent Domain: 𝑏𝑜 / (𝑏𝑜 + 𝑐𝑜)  Disjoint Domain: Based on reputation score advertised by SDN

domains that have prior experience regarding the domain in question

4

slide-5
SLIDE 5

Incident Reports Dissemination via URIs

  • SDNi: Enables the exchange of information between SDN

domains under a single administrative entity

 Leverages on BGP signaling  SDNi-related messages are enclosed within the NLRI field  SDNi messages: BGP updates without Withdrawn Routes and Path

Attribute fields

  • Proposed extension of the ODL-SDNi application

 Include Content-URI Address Family as a BGP Capability (RFC 3392)  Content-URI field is added to the NLRI field  Content-URI field stores appropriate pointers (URIs) to respective

IODEF-formatted incident reports

5

slide-6
SLIDE 6

Large Scale Experimentation via Simulation

.

6

Topology Simulator

slide-7
SLIDE 7

Assessment of the proposed approach

Benefits delivered by the Reputation mechanism

  • Experiment:
  • Multiple DDoS Attacks
  • 33% non-cooperative SDN

domains

  • Observe Transit Domain
  • Outcome:
  • 42% less flow entries
  • Transit domain preserves its

Reputation level towards other reputable domains. 1st Experimental Procedure 2nd Experimental Procedure

7

slide-8
SLIDE 8

Conclusion and Future Works

  • DDoS mitigation is pushed close to the malicious sources.
  • Victim SDN domain requires significantly less network

resources to handle and mitigate a distributed attack.

  • The reputation mechanism provides the necessary incentives

to promote and preserve cooperation between SDN Domains. Future Work

  • NETCONF-based implementation for a legacy networks-

compatible approach

  • Case studies for potential (malicious) exploitation of the

cooperative mechanism

8

slide-9
SLIDE 9

Questions?

Thank you!

coyiotis@netmode.ntua.gr

9