SD-OVS: SYN flooding attack defending open vswitch for SDN
SCIE
SCOPUS
- Title
- SD-OVS: SYN flooding attack defending open vswitch for SDN
- Authors
- Liu, X.; Cho, B.; Kim, J.
- Date Issued
- 2017-03
- Publisher
- Springer Verlag
- Abstract
- Software defined networking (SDN) is a novel programmable networking paradigm that decouples control and data planes. SDN relies heavily on the controller in control plane that tells the data plane how to handle new packets. Because the entire network may be disrupted if the controller is disabled, many attacks including SYN flooding aim to overload the controller by passing through the ingress switches. In this paper, we propose a security enhanced Open vSwitch (SD-OVS) to protect the controller from SYN flooding. The switch authenticates benign hosts by interchanging cookie packets and generates a short-lived security association (SA). The retransmitted SYN packet from these benign hosts is validated using SA and passed on to the controller. Our evaluation shows that SD-OVS protects the controller from SYN flooding at an acceptable time cost. ? Springer International Publishing AG 2017.
- URI
- https://oasis.postech.ac.kr/handle/2014.oak/96245
- DOI
- 10.1007/978-3-319-56549-1_3
- ISSN
- 0302-9743
- Article Type
- Article
- Citation
- Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10144 LNCS, page. 29 - 41, 2017-03
- Files in This Item:
- There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.