Advanced search
Start date
Betweenand
(Reference retrieved automatically from Web of Science through information on FAPESP grant and its corresponding number as mentioned in the publication by the authors.)

Slow denial-of-service attacks on software defined networks

Full text
Author(s):
Pascoal, Tulio A. [1, 2] ; Fonseca, Iguatemi E. [3] ; Nigam, Vivek [3, 4]
Total Authors: 3
Affiliation:
[1] Univ Luxembourg, Interdisciplinary Ctr Secur Reliabil & Trust SnT, Luxembourg - Luxembourg
[2] Univ Paraiba, Joao Pessoa, Paraiba - Brazil
[3] Univ Fed Paraiba, Informat Ctr, Joao Pessoa, Paraiba - Brazil
[4] Fortiss GmbH, Munich - Germany
Total Affiliations: 4
Document type: Journal article
Source: Computer Networks; v. 173, MAY 22 2020.
Web of Science Citations: 0
Abstract

Software Defined Networking (SDN) is a network paradigm that decouples the network's control plane, delegated to the SDN controller, from the data plane, delegated to SDN switches. For increased efficiency, SDN switches use a high-performance Ternary Content-Addressable memory (TCAM) to install rules. However, due to the TCAM's high cost and power consumption, switches have a limited amount of TCAM memory. Consequently, a limited number of rules can be installed. This limitation has been exploited to carry out Distributed Denial of Service (DDoS) attacks, such as Saturation attacks, that generate large amounts of traffic. Inspired by slow application layer DDoS attacks, this paper presents and investigates DDoS attacks on SDN that do not require large amounts of traffic, thus bypassing existing defenses that are triggered by traffic volume. In particular, we offer two slow attacks on SDN. The first attack, called Slow TCAM Exhaustion attack (SlowTCAM), is able to consume all SDN switch's TCAM memory by forcing the installation of new forwarding rules and maintaining them indeterminately active, thus disallowing new rules to be installed to serve legitimate clients. The second attack, called Slow Saturation attack, combines Slow-TCAM attack with a lower rate instance of the Saturation attack. A Slow Saturation attack is capable of denying service using a fraction of the traffic of typical Saturation attacks. Moreover, the Slow Saturation attack can also impact installed legitimate rules, thus causing a greater impact than the Slow-TCAM attack. In addition, it also affects the availability of other network's components, e.g., switches, even the ones not being directly targeted by the attack, as has been proven by our experiments. We propose a number of variations of these attacks and demonstrate their effectiveness by means of an extensive experimental evaluation. The Slow-TCAM is able to deny service to legitimate clients requiring only 38 s and sending less than 40 packets per second without abruptly changing network resources, such as CPU and memory. Moreover, besides denying service as a Slow-TCAM attack, the Slow Saturation attack can also disrupt multiple SDN switches (not only the targeted ones) by sending a lower-rate traffic when compared to current known Saturation attacks. (AU)

FAPESP's process: 15/24516-1 - SecureSDN -- mitigating DDoS attacks in software defined networks
Grantee:Iguatemi Eduardo da Fonseca
Support Opportunities: Regular Research Grants