This paper proposes a study on systems for the detection and prevention of Denial-of-Service attacks (DoS) in Software-Defined Network (SDN) architectures. After a survey of the characteristics of SDN and DoS attacks, we introduce a system based on several components and the sFlow protocol to detect and react to different types of attacks, both from single and distributed sources. The considered attacks include all the main flooding techniques, besides the slowris approach. Finally, an experimental example of an attack on a SDN controller is presented to highlight the interaction between the components and evaluate their timely mitigation effects against the threat.
An Evaluation of Systems for Detection andPrevention of DoS Attacks in SDN Networks
D'Arienzo, Maurizio
2024
Abstract
This paper proposes a study on systems for the detection and prevention of Denial-of-Service attacks (DoS) in Software-Defined Network (SDN) architectures. After a survey of the characteristics of SDN and DoS attacks, we introduce a system based on several components and the sFlow protocol to detect and react to different types of attacks, both from single and distributed sources. The considered attacks include all the main flooding techniques, besides the slowris approach. Finally, an experimental example of an attack on a SDN controller is presented to highlight the interaction between the components and evaluate their timely mitigation effects against the threat.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.