Conference paper Open Access

SDN-based Dynamic and Adaptive Policy Management System to Mitigate DDoS Attacks

Sahay, Rishikesh; Blanc, Gregory; Zhang, Zonghua; Toumi, Khalifa; Debar, Hervé

This paper presents a dynamic policy enforcement mechanism that allows ISPs to specify security policies to mitigate the impact of network attacks by taking into account the specific requirements of their customers. The proposed policy-based management framework leverages the recent Software-Defined Networking (SDN) technology to provide a centralized platform that allows network administrators to define global network and security policies, which are then enforced directly to the OpenFlow switches. One of the major objectives of such a framework is to achieve fine-grained and automated attack mitigation in the ISP network, ultimately reducing the impact of attack and collateral damage to the customer networks. To evaluate the feasibility and effectiveness of framework, we develop a prototype that serves for one ISP and three customers. The experimental results demonstrate that our framework can successfully reduce the collateral damage on a customer network caused by the attack traffic targeting another customer network. More interestingly, the framework can provide rapid response and mitigate the attack in a very short time.

Files (464.7 kB)
Name Size
IMT_XDOM0-2017_accepted_paper.pdf
md5:0218a8c55e7fb2b4384345269b5a2d38
464.7 kB Download
50
40
views
downloads
All versions This version
Views 5050
Downloads 4040
Data volume 18.6 MB18.6 MB
Unique views 5050
Unique downloads 3838

Share

Cite as