Leveraging SDN for Efficient Anomaly Detection and Mitigation on Legacy Networks

• Published in: European Workshop on Software Defined Networking (Print) pp. 85 - 90
• Main Authors: Giotis, Kostas, Androulidakis, Georgios, Maglaris, Vasilis
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.09.2014
• Subjects: Anomaly Detection; Attack Mitigation; Computer crime; DDoS; Image edge detection; IP networks; OpenFlow; Protocols; Radiation detectors; RTBH; SDN; sFlow; Software Defined Networking; Switches; Telecommunication traffic
• ISSN: 2379-0350
• DOI: 10.1109/EWSDN.2014.24

In this paper, we investigate the applicability of Software-Defined Networking (SDN), and specifically the use of the OpenFlow protocol as a means to enhance the legacy Remote Triggered Black-Hole (RTBH) routing approach, towards Distributed Denial of Service (DDoS) attack mitigation. More specifically, we exploit the network programmability of OpenFlow to match and handle traffic on a per-flow level, in order to preserve normal operation of the victim, while pushing the mitigation process upstream towards the edge of the network. To this end, we implemented and evaluated a sketch-based anomaly detection and identification mechanism, capable of pinpointing the victim and remotely triggering the mitigation of the offending network traffic. The evaluation is based on the combination of datasets containing real DDoS attacks and normal background traffic from an operational university campus network. Our results demonstrated that the proposed approach succeeds in identifying the victim of the attack and efficiently filtering the malicious sources.