Scribd Logo
Upload

Welcome to Scribd!

  • 30 views

    18i 1467 (Cyber) PDF

    Uploaded by

    Malikijazriaz
    This document discusses detection and prevention of DDoS attacks in SDN networks. It first provides an overview of the SDN architecture and types of DDoS attacks. It then reviews 3 papers on techniques for mitigating DDoS attacks in SDN networks. The first uses a STRIDE threat model to design a secure application. The second uses ArOMA to allow ISPs to deploy policies to mitigate attacks while the third uses entropy-based flow table modifications via OpenFlow. The document compares the approaches on efficiency, overhead, scalability and cost.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    18i 1467 (Cyber) PDF

    Uploaded by

    Malikijazriaz
    30 views9 pages
    This document discusses detection and prevention of DDoS attacks in SDN networks. It first provides an overview of the SDN architecture and types of DDoS attacks. It then reviews 3 papers on techniques for mitigating DDoS attacks in SDN networks. The first uses a STRIDE threat model to design a secure application. The second uses ArOMA to allow ISPs to deploy policies to mitigate attacks while the third uses entropy-based flow table modifications via OpenFlow. The document compares the approaches on efficiency, overhead, scalability and cost.

    Original Description:

    tu le le

    Original Title

    18i-1467(cyber).pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses detection and prevention of DDoS attacks in SDN networks. It first provides an overview of the SDN architecture and types of DDoS attacks. It then reviews 3 papers on techniques for mitigating DDoS attacks in SDN networks. The first uses a STRIDE threat model to design a secure application. The second uses ArOMA to allow ISPs to deploy policies to mitigate attacks while the third uses entropy-based flow table modifications via OpenFlow. The document compares the approaches on efficiency, overhead, scalability and cost.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    30 views9 pages

    18i 1467 (Cyber) PDF

    Uploaded by

    Malikijazriaz
    This document discusses detection and prevention of DDoS attacks in SDN networks. It first provides an overview of the SDN architecture and types of DDoS attacks. It then reviews 3 papers on techniques for mitigating DDoS attacks in SDN networks. The first uses a STRIDE threat model to design a secure application. The second uses ArOMA to allow ISPs to deploy policies to mitigate attacks while the third uses entropy-based flow table modifications via OpenFlow. The document compares the approaches on efficiency, overhead, scalability and cost.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 9

    DDoS Attacks Detection and

    Prevention mechanisms in SDN


    Mohib Ullah
    MS-CNS 18i-1467
    Research Methodology
    SDN(Software Define Network)
     Application Layer
     Control Layer
     Infrastructure Layer

    2
    3
    DDoS Attacks on SDN
     Volumetric Attacks
     Congest network by flooding e.g., UDP reflection attacks
     Create congestion by consuming all available bandwidth
     State-exhaustion Attacks
     Types of protocol abuse e.g., TCP SYN flood
     Application layer Attacks
     Consume application resources e.g., HTTP GET, DNS query Floods

    4
    LITERATURE REVIEW
    REF # Techniques Used Benefits/Results Limitations

    [1] STRIDE Threat model Design a secure application for an SDN against but it causes delays for
    DDOS attack. most users

    ArOMA can systematically bridge between ISP


    and Customers. Outside domain ISP can deploy Quality of Services is
    [2] ArOMA
    policies to mitigate the attacks degraded

    Overhead imposed on
    OpenFlow protocol can effectively mitigate it via
    [3] entropy-based method usage of system
    flow table modifications.
    resources
    Ref
    Approach Efficiency Overhead Scalability Cost
    .

    [1] STRIDE Threat model NO YES YES YES

    [2] AroMA YES NO YES YES

    entropy-based
    [3] YES NO NO NO
    method

    7
    References
     [1]Jantila, Saksit, and Kornchawal Chaipah. "A security analysis of a hybrid
    mechanism to defend DDoS attacks in SDN." Procedia Computer Science 86
    (2016): 437-440.
     [2]Sahay, Rishikesh, et al. "ArOMA: An SDN based autonomic DDoS
    mitigation framework." Computers & Security 70 (2017): 482-499.
     [3]Giotis, Kostas, et al. "Combining OpenFlow and sFlow for an effective
    and scalable anomaly detection and mitigation mechanism on SDN
    environments." Computer Networks 62 (2014): 122-136.

    8
    9

    You might also like