A DoS attack mitigation strategy for software defined networks using Frenetic

Abstract

Despite efforts to improve its robustness, the Internet still has important vulnerabilities that can be easily exploited. Denial-of-Service (DoS) attacks are a good example; this kind of attack has the potential to bring down large portions of the Internet by overwhelming the network with a huge amount of useless traffic. One of the possibilities to increase network robustness is a software defined networking (SDN) approach. This type of networking has a logically centralized controller that contains information about the state of the entire network, allowing it to make better decisions than when the network state is distributed between all the switches. In this type of network, is easier for the network manager to detect and mitigate an attack. This thesis presents a DoS mitigation technique that detects and stops such attacks on hosts providing services on a software defined network. Protection of the network infrastructure itself is not targeted by our approach. This mitigation technique was implemented using Frenetic, a domain specific programming language that allows easy programming of the switches using the OpenFlow protocol. It was tested using Mininet, a widely known network emulator for SDN, and several combinations of traffic and network size were used. The strategy presented in this thesis manages to deal with all the different configurations with a reaction time lower than other approaches targeting the same problem.