Cargando…
DoSDefender: A Kernel-Mode TCP DoS Prevention in Software-Defined Networking
The limited computation resource of the centralized controller and communication bandwidth between the control and data planes become the bottleneck in forwarding the packets in Software-Defined Networking (SDN). Denial of Service (DoS) attacks based on Transmission Control Protocol (TCP) can exhaus...
| Autores principales: | , , , , , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
MDPI
2023
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10302971/ https://www.ncbi.nlm.nih.gov/pubmed/37420592 http://dx.doi.org/10.3390/s23125426 |
| _version_ | 1785065168679469056 |
|---|---|
| author | Wang, Dongbin Zhao, Yu Zhi, Hui Wu, Dongzhe Zhuo, Weihan Lu, Yueming Zhang, Xu |
| author_facet | Wang, Dongbin Zhao, Yu Zhi, Hui Wu, Dongzhe Zhuo, Weihan Lu, Yueming Zhang, Xu |
| author_sort | Wang, Dongbin |
| collection | PubMed |
| description | The limited computation resource of the centralized controller and communication bandwidth between the control and data planes become the bottleneck in forwarding the packets in Software-Defined Networking (SDN). Denial of Service (DoS) attacks based on Transmission Control Protocol (TCP) can exhaust the resources of the control plane and overload the infrastructure of SDN networks. To mitigate TCP DoS attacks, DoSDefender is proposed as an efficient kernel-mode TCP DoS prevention framework in the data plane for SDN. It can prevent TCP DoS attacks from entering SDN by verifying the validity of the attempts to establish a TCP connection from the source, migrating the connection, and relaying the packets between the source and the destination in kernel space. DoSDefender conforms to the de facto standard SDN protocol, the OpenFlow policy, which requires no additional devices and no modifications in the control plane. Experimental results show that DoSDefender can effectively prevent TCP DoS attacks in low computing consumption while maintaining low connection delay and high packet forwarding throughput. |
| format | Online Article Text |
| id | pubmed-10302971 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2023 |
| publisher | MDPI |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-103029712023-06-29 DoSDefender: A Kernel-Mode TCP DoS Prevention in Software-Defined Networking Wang, Dongbin Zhao, Yu Zhi, Hui Wu, Dongzhe Zhuo, Weihan Lu, Yueming Zhang, Xu Sensors (Basel) Article The limited computation resource of the centralized controller and communication bandwidth between the control and data planes become the bottleneck in forwarding the packets in Software-Defined Networking (SDN). Denial of Service (DoS) attacks based on Transmission Control Protocol (TCP) can exhaust the resources of the control plane and overload the infrastructure of SDN networks. To mitigate TCP DoS attacks, DoSDefender is proposed as an efficient kernel-mode TCP DoS prevention framework in the data plane for SDN. It can prevent TCP DoS attacks from entering SDN by verifying the validity of the attempts to establish a TCP connection from the source, migrating the connection, and relaying the packets between the source and the destination in kernel space. DoSDefender conforms to the de facto standard SDN protocol, the OpenFlow policy, which requires no additional devices and no modifications in the control plane. Experimental results show that DoSDefender can effectively prevent TCP DoS attacks in low computing consumption while maintaining low connection delay and high packet forwarding throughput. MDPI 2023-06-08 /pmc/articles/PMC10302971/ /pubmed/37420592 http://dx.doi.org/10.3390/s23125426 Text en © 2023 by the authors. https://creativecommons.org/licenses/by/4.0/Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/). |
| spellingShingle | Article Wang, Dongbin Zhao, Yu Zhi, Hui Wu, Dongzhe Zhuo, Weihan Lu, Yueming Zhang, Xu DoSDefender: A Kernel-Mode TCP DoS Prevention in Software-Defined Networking |
| title | DoSDefender: A Kernel-Mode TCP DoS Prevention in Software-Defined Networking |
| title_full | DoSDefender: A Kernel-Mode TCP DoS Prevention in Software-Defined Networking |
| title_fullStr | DoSDefender: A Kernel-Mode TCP DoS Prevention in Software-Defined Networking |
| title_full_unstemmed | DoSDefender: A Kernel-Mode TCP DoS Prevention in Software-Defined Networking |
| title_short | DoSDefender: A Kernel-Mode TCP DoS Prevention in Software-Defined Networking |
| title_sort | dosdefender: a kernel-mode tcp dos prevention in software-defined networking |
| topic | Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC10302971/ https://www.ncbi.nlm.nih.gov/pubmed/37420592 http://dx.doi.org/10.3390/s23125426 |
| work_keys_str_mv | AT wangdongbin dosdefenderakernelmodetcpdospreventioninsoftwaredefinednetworking AT zhaoyu dosdefenderakernelmodetcpdospreventioninsoftwaredefinednetworking AT zhihui dosdefenderakernelmodetcpdospreventioninsoftwaredefinednetworking AT wudongzhe dosdefenderakernelmodetcpdospreventioninsoftwaredefinednetworking AT zhuoweihan dosdefenderakernelmodetcpdospreventioninsoftwaredefinednetworking AT luyueming dosdefenderakernelmodetcpdospreventioninsoftwaredefinednetworking AT zhangxu dosdefenderakernelmodetcpdospreventioninsoftwaredefinednetworking |