BWManager: Mitigating Denial of Service Attacks in Software-Defined Networks Through Bandwidth Prediction

Tao Wang; Zehua Guo; Hongchang Chen; Wei Liu

doi:10.1109/TNSM.2018.2873639

BWManager: Mitigating Denial of Service Attacks in Software-Defined Networks Through Bandwidth Prediction

Tao Wang, Zehua Guo, Hongchang Chen, Wei Liu

Computer Science and Engineering

Research output: Contribution to journal › Article › peer-review

35 Scopus citations

Abstract

Software-defined networking (SDN) has emerged as a new networking paradigm that can provide fine-grained network management service. Since the SDN controller makes control decision for the network, it becomes the main target of denial of service (DoS) attacks. In this paper, we propose BWManager to mitigate.. which mainly consists mitigate the DoS attacks on the SDN controller with BWManager that mainly consists of four key components: 1) simplified DoS detection module; 2) forecasting engine; 3) priority manager; and 4) scheduler. The simplified DoS detection module calculates a comprehensive judgment score for each switch, which indicates the attacking severity of each switch and is used to decide time slice allocation of the controller. The forecasting engine is the basis of the controller scheduling method and forecasts the bandwidth consumption of users to determine the users' trust values. The trust values are used by the priority manager to manage multiple buffer queues with different priorities for the users. The scheduler protects the controller and the normal users under DoS attacks by running a weighted Round-Robin algorithm to process flow requests in different priority queues. We evaluate the performance and overhead of BWManager in both hardware and software OpenFlow environments. The results demonstrate that BWManager is effective with a limited overhead.

Original language	English (US)
Article number	8480449
Pages (from-to)	1235-1248
Number of pages	14
Journal	IEEE Transactions on Network and Service Management
Volume	15
Issue number	4
DOIs	https://doi.org/10.1109/TNSM.2018.2873639
State	Published - Dec 2018

Bibliographical note

Funding Information:
Manuscript received April 14, 2018; revised July 30, 2018 and September 22, 2018; accepted September 28, 2018. Date of publication October 3, 2018; date of current version December 10, 2018. This work is partly supported by the National Key Research and Development Program of China (No.2016YFB0800100, 2016YFB0800101) and the National Natural Science Fund for Creative Research Groups Project(No.61521003). The associate editor coordinating the review of this paper and approving it for publication was S. Scott-Hayward. (Corresponding author: Zehua Guo.) T. Wang and H. Chen are with National Digital Switching System Engineering and Technological Research Center, Zhengzhou 450002, China.

Publisher Copyright:
© 2004-2012 IEEE.

Keywords

DoS attacks
OpenFlow
SDN
controller scheduling method
priority queue
time slice allocation

Access

10.1109/TNSM.2018.2873639

OpenUrl availability

Full text

Cite this

@article{9341a8dba3e94fc99933fddb41144f95,

title = "BWManager: Mitigating Denial of Service Attacks in Software-Defined Networks Through Bandwidth Prediction",

abstract = "Software-defined networking (SDN) has emerged as a new networking paradigm that can provide fine-grained network management service. Since the SDN controller makes control decision for the network, it becomes the main target of denial of service (DoS) attacks. In this paper, we propose BWManager to mitigate.. which mainly consists mitigate the DoS attacks on the SDN controller with BWManager that mainly consists of four key components: 1) simplified DoS detection module; 2) forecasting engine; 3) priority manager; and 4) scheduler. The simplified DoS detection module calculates a comprehensive judgment score for each switch, which indicates the attacking severity of each switch and is used to decide time slice allocation of the controller. The forecasting engine is the basis of the controller scheduling method and forecasts the bandwidth consumption of users to determine the users' trust values. The trust values are used by the priority manager to manage multiple buffer queues with different priorities for the users. The scheduler protects the controller and the normal users under DoS attacks by running a weighted Round-Robin algorithm to process flow requests in different priority queues. We evaluate the performance and overhead of BWManager in both hardware and software OpenFlow environments. The results demonstrate that BWManager is effective with a limited overhead.",

keywords = "DoS attacks, OpenFlow, SDN, controller scheduling method, priority queue, time slice allocation",

author = "Tao Wang and Zehua Guo and Hongchang Chen and Wei Liu",

note = "Funding Information: Manuscript received April 14, 2018; revised July 30, 2018 and September 22, 2018; accepted September 28, 2018. Date of publication October 3, 2018; date of current version December 10, 2018. This work is partly supported by the National Key Research and Development Program of China (No.2016YFB0800100, 2016YFB0800101) and the National Natural Science Fund for Creative Research Groups Project(No.61521003). The associate editor coordinating the review of this paper and approving it for publication was S. Scott-Hayward. (Corresponding author: Zehua Guo.) T. Wang and H. Chen are with National Digital Switching System Engineering and Technological Research Center, Zhengzhou 450002, China. Publisher Copyright: {\textcopyright} 2004-2012 IEEE.",

year = "2018",

month = dec,

doi = "10.1109/TNSM.2018.2873639",

language = "English (US)",

volume = "15",

pages = "1235--1248",

journal = "IEEE Transactions on Network and Service Management",

issn = "1932-4537",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "4",

}

TY - JOUR

T1 - BWManager

T2 - Mitigating Denial of Service Attacks in Software-Defined Networks Through Bandwidth Prediction

AU - Wang, Tao

AU - Guo, Zehua

AU - Chen, Hongchang

AU - Liu, Wei

N1 - Funding Information: Manuscript received April 14, 2018; revised July 30, 2018 and September 22, 2018; accepted September 28, 2018. Date of publication October 3, 2018; date of current version December 10, 2018. This work is partly supported by the National Key Research and Development Program of China (No.2016YFB0800100, 2016YFB0800101) and the National Natural Science Fund for Creative Research Groups Project(No.61521003). The associate editor coordinating the review of this paper and approving it for publication was S. Scott-Hayward. (Corresponding author: Zehua Guo.) T. Wang and H. Chen are with National Digital Switching System Engineering and Technological Research Center, Zhengzhou 450002, China. Publisher Copyright: © 2004-2012 IEEE.

PY - 2018/12

Y1 - 2018/12

N2 - Software-defined networking (SDN) has emerged as a new networking paradigm that can provide fine-grained network management service. Since the SDN controller makes control decision for the network, it becomes the main target of denial of service (DoS) attacks. In this paper, we propose BWManager to mitigate.. which mainly consists mitigate the DoS attacks on the SDN controller with BWManager that mainly consists of four key components: 1) simplified DoS detection module; 2) forecasting engine; 3) priority manager; and 4) scheduler. The simplified DoS detection module calculates a comprehensive judgment score for each switch, which indicates the attacking severity of each switch and is used to decide time slice allocation of the controller. The forecasting engine is the basis of the controller scheduling method and forecasts the bandwidth consumption of users to determine the users' trust values. The trust values are used by the priority manager to manage multiple buffer queues with different priorities for the users. The scheduler protects the controller and the normal users under DoS attacks by running a weighted Round-Robin algorithm to process flow requests in different priority queues. We evaluate the performance and overhead of BWManager in both hardware and software OpenFlow environments. The results demonstrate that BWManager is effective with a limited overhead.

AB - Software-defined networking (SDN) has emerged as a new networking paradigm that can provide fine-grained network management service. Since the SDN controller makes control decision for the network, it becomes the main target of denial of service (DoS) attacks. In this paper, we propose BWManager to mitigate.. which mainly consists mitigate the DoS attacks on the SDN controller with BWManager that mainly consists of four key components: 1) simplified DoS detection module; 2) forecasting engine; 3) priority manager; and 4) scheduler. The simplified DoS detection module calculates a comprehensive judgment score for each switch, which indicates the attacking severity of each switch and is used to decide time slice allocation of the controller. The forecasting engine is the basis of the controller scheduling method and forecasts the bandwidth consumption of users to determine the users' trust values. The trust values are used by the priority manager to manage multiple buffer queues with different priorities for the users. The scheduler protects the controller and the normal users under DoS attacks by running a weighted Round-Robin algorithm to process flow requests in different priority queues. We evaluate the performance and overhead of BWManager in both hardware and software OpenFlow environments. The results demonstrate that BWManager is effective with a limited overhead.

KW - DoS attacks

KW - OpenFlow

KW - SDN

KW - controller scheduling method

KW - priority queue

KW - time slice allocation

UR - http://www.scopus.com/inward/record.url?scp=85059072341&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85059072341&partnerID=8YFLogxK

U2 - 10.1109/TNSM.2018.2873639

DO - 10.1109/TNSM.2018.2873639

M3 - Article

AN - SCOPUS:85059072341

SN - 1932-4537

VL - 15

SP - 1235

EP - 1248

JO - IEEE Transactions on Network and Service Management

JF - IEEE Transactions on Network and Service Management

IS - 4

M1 - 8480449

ER -

BWManager: Mitigating Denial of Service Attacks in Software-Defined Networks Through Bandwidth Prediction

Abstract

Bibliographical note

Keywords

Access

OpenUrl availability

Other files and links

Fingerprint

Cite this