DaMask: Cloud DDoS Defense Mechanism Using Software Defined Networking

Similar documents

DDoS Attack Protection in the Era of Cloud Computing and Software-Defined Networking

Vulnerability Management

The High Availability and Resiliency of the Pertino Cloud Network Engine

Future of DDoS Attacks Mitigation in Software Defined Networks

Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures Sungmin Hong, Lei Xu, Haopei Wang, Guofei Gu

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

F5 BIG DDoS Umbrella. Configuration Guide

Five Steps For Securing The Data Center: Why Traditional Security May Not Work

Towards Autonomic DDoS Mitigation using Software Defined Networking

PRIVACY-PRESERVING PUBLIC AUDITING FOR SECURE CLOUD STORAGE

GENI Laboratory Exercises for a Cloud Computing course

DoS: Attack and Defense

DDOS WALL: AN INTERNET SERVICE PROVIDER PROTECTOR

SDP Hackathon #4 Analysis & Report

How the emergence of OpenFlow and SDN will change the networking landscape

DESIGN AND ANALYSIS OF TECHNIQUES FOR MAPPING VIRTUAL NETWORKS TO SOFTWARE- DEFINED NETWORK SUBSTRATES

Boosting Business Agility through Software-defined Networking

MPLS/SDN Intersections Next Generation Access Networks. Anthony Magee Advanced Technology ADVA Optical Networking MPLS & Ethernet World Congress 2013

Enhanced Unified Communication QoE through Software-defined networking (SDN)

An Elastic and Adaptive Anti-DDoS Architecture Based on Big Data Analysis and SDN for Operators

The Distributed Cloud: Automating, Scaling, Securing & Orchestrating the Edge

How To Ensure Correctness Of Data In The Cloud

A Hybrid Electrical and Optical Networking Topology of Data Center for Big Data Network

ADVANCE SECURITY TO CLOUD DATA STORAGE

CONTENT DELIVERY NETWORKS

DYNAMIC CLOUD PROVISIONING FOR SCIENTIFIC GRID WORKFLOWS

Network functions virtualization and software management

Philosophy of GIMnet

Near Sheltered and Loyal storage Space Navigating in Cloud

Business Cases for Brocade Software-Defined Networking Use Cases

Designing Virtual Network Security Architectures Dave Shackleford

DDoS Protection Technology White Paper

Prevention, Detection, Mitigation

Software defined networking. Your path to an agile hybrid cloud network

Cloud Computing, Software Defined Networking, Network Function Virtualization

Network Virtualization

Cloud Computing for Agent-based Traffic Management Systems

Requirements for Security Services based on Software-Defined Networking draft-jeong-i2nsf-sdn-security-services-00

Network Security Demonstration - Snort based IDS Integration -

Software Defined Networking - a new approach to network design and operation. Paul Horrocks Pre-Sales Strategist 8 th November 2012

How the Emergence of OpenFlow and SDN will Change the Networking Landscape

Juniper Solutions for Turnkey, Managed Cloud Services

Dual Mechanism to Detect DDOS Attack Priyanka Dembla, Chander Diwaker 2 1 Research Scholar, 2 Assistant Professor

A Survey on Security Issues in Service Delivery Models of Cloud Computing

End-to-end Secure Cloud Services a Pertino whitepaper

End-to-End Secure Cloud Services. Pertino Perspective

Epic :: MANAGING YOUR AGENCY :: DRIVE YOUR BUSINESS SUCCESS

Protecting your SQL database with Hybrid Cloud Backup and Recovery. Session Code CL02

SDN and NFV in the WAN

Security Challenges & Opportunities in Software Defined Networks (SDN)

Outline. Institute of Computer and Communication Network Engineering. Institute of Computer and Communication Network Engineering

Private Vs Public Cloud

How To Make A Vpc More Secure With A Cloud Network Overlay (Network) On A Vlan) On An Openstack Vlan On A Server On A Network On A 2D (Vlan) (Vpn) On Your Vlan

Huawei Agile Network FAQ What is an agile network? What is the relationship between an agile network and SDN?... 2

ABSTRACT: [Type text] Page 2109

Leveraging SDN and NFV in the WAN

Panel: The Future of Datacenter Networking Software-Defined Networking (SDN) for Datacenter Interconnect and Cloud Computing

Keywords Cloud Storage, Error Identification, Partitioning, Cloud Storage Integrity Checking, Digital Signature Extraction, Encryption, Decryption

View Point. Performance Monitoring in Cloud. Abstract. - Vineetha V

N TH THIRD PARTY AUDITING FOR DATA INTEGRITY IN CLOUD. R.K.Ramesh 1, P.Vinoth Kumar 2 and R.Jegadeesan 3 ABSTRACT

Solid State Drive Architecture

A Software-Defined WAN Is a Business Imperative

Accurate Anomaly Detection using Adaptive Monitoring and Fast Switching in SDN

A NOVEL APPROACH FOR MULTI-KEYWORD SEARCH WITH ANONYMOUS ID ASSIGNMENT OVER ENCRYPTED CLOUD DATA

Software-Defined Networking: A Service Provider s Perspective draft-sin-sdnrg-sdn-approach

Sharing Of Multi Owner Data in Dynamic Groups Securely In Cloud Environment

Copyright Soleran, Inc. esalestrack On-Demand CRM. Trademarks and all rights reserved. esalestrack is a Soleran product Privacy Statement

IDG Connect DDoS Survey

IMPLEMENTATION CONCEPT FOR ADVANCED CLIENT REPUDIATION DIVERGE AUDITOR IN PUBLIC CLOUD

Research Topics on Information-Centric Networking: Caching, Routing and Virtualization

VMware vcloud Networking and Security

Cryptographic Data Security over Cloud

Tufin Orchestration Suite

SDN Software Defined Networks

Cloud.. Migration? Bursting? Orchestration? Vincent Lavergne SED EMEA, South Gary Newe Sr SEM EMEA, UKISA

Abstraction of a failure free Software Defined Network (SDN Application)

Software Defined Networking to Improve Mobility Management Performance

Secure Data transfer in Cloud Storage Systems using Dynamic Tokens.

WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION

Enhancing Data Security in Cloud Storage Auditing With Key Abstraction

Transcription:

Using Software Defined Networking Mortada Aman Department of Electrical & Computer Engineering Missouri University of Science and Technology maaf4d@mst.edu 24 March 2016 rev. 4 2016 Mortada Aman

Using Software Defined Networking Introduction Model Design Evaluation Conclusion 24 March 2016 Outline 2

Using Software Defined Networking Introduction Model Design Evaluation Conclusion 24 March 2016 Outline 3

Introduction Cloud Computing: provides remote data storage and computation for low cost Software Defined Networking (SDN): High-level network management The two can be combined to increase the security of Cloud Computing and defend against Distributed Denial of Service (DDoS) attacks 24 March 2016 Cloud Computing and SDN 4

Introduction Existing DDoS defense mechanism assume that the networks are fully controlled by the admins DaMask does not make this assumption since that it is not the case in most networks DaMask is a DDoS attack mitigation architecture using software-defined networking 24 March 2016 DaMask 5

Using Software Defined Networking Introduction Model Design Evaluation Conclusion 24 March 2016 Outline 6

Model Design This paper aims to achieve the following: Enhance the security and DDoS defense by combining cloud computing with SDN Propose a highly scalable and flexible DDoS attack mitigation architecture: DaMask Introduce a model update phase to detect new complex attacks (DaMask-D) Implement the structure and evaluate it using simulation on Amazon EC2 clouds 24 March 2016 Goals 7

Model Design DaMask analyzes the effectiveness of the defense mechanism on hybrid clouds Cloud computing properties: Cloud providers control the network Resource allocation and virtualization can be used to change the network topology All users share the same network infrastructure Cloud Computing Challenges: Public accessibility Dynamic network allocation 24 March 2016 Cloud Computing Properties 8

Model Design 24 March 2016 Cloud Structure 9

Model Design SDN separates the control plane from the data plane and allows the network control (application) to take over the control plane SDN important properties: Centralized network control Simplified packet forward Software based network function implementation Virtualized networks 24 March 2016 SDN 10

Model Design Model design s requirements: Effective: Virtualization and slicing Small overhead: reduce communication overhead while speeding up detection Inexpensive: fast re-configuration scheme to avoid disruption DaMask consists of two modules: DaMask-D: Anamoly-based detection system DaMask-M: Attack reaction system 24 March 2016 Architecture 11

Model Design 24 March 2016 Workflow 12

Using Software Defined Networking Introduction Model Design Evaluation Conclusion 24 March 2016 Outline 13

Setup 24 March 2016 Cloud Topology 14

Using Software Defined Networking Overhead Computation Cost: 3 aspects: Offline training process Online testing process Model updating process: local and global Local update is cheaper than global Communication: only related to round trip time between clouds (constant overhead) Overall relatively small Topology change: DaMask can adapt to topology changes caused by virtualization 24 March 2016 Evaluation 15

Using Software Defined Networking 24 March 2016 Communication Overhead 16

Using Software Defined Networking Detection Data shift Solution: three kinds of updates are introduced: basic, local, and global Accuracy: Table 2 for basic, local, and global 24 March 2016 Detection Accuracy 17

Using Software Defined Networking Introduction Model Design Evaluation Conclusion 24 March 2016 Outline 18

Using Software Defined Networking DaMask is a defense mechanism that utilizes SDN to protect a hybrid cloud from DDoS attacks It updates automatically to adapt to new attacks It introduces three kinds of updates depending on need Adapts to topology change Relatively low overhead High detection rate 24 March 2016 Conclusion 19

Using Software Defined Networking Good paper overall They did not explain some of the features clearly (such as basic, local, and global updates) In general, the scheme seems promising 24 March 2016 Thoughts 20

References and Further Reading [WZL+2015] Bing Wang, Yao Zheng, Wenjing Lou, and Y. Thomas Hou, DDoS attack protection in the era of cloud computing and Software-Defined Networking, Computer Networks, Volume 81, pp. 308 319, April 2015 24 March 2016 References 21

End of Foils 24 March 2016 End 22