Scopus İndeksli Yayınlar Koleksiyonu

Permanent URI for this collectionhttps://gcris.khas.edu.tr/handle/20.500.12469/1248

Browse

Browsing Scopus İndeksli Yayınlar Koleksiyonu by Department "Enstitüler, Lisansüstü Eğitim Enstitüsü, Yönetim Bilişim Sistemleri Ana Bilim Dalı"

Filter results by typing the first few letters
Now showing 1 - 1 of 1
  • Thumbnail Image
    Article
    Citation Count: 5
    Protecting openflow switches against denial of service attacks
    (Institute of Electrical and Electronics Engineers Inc., 2018) Dağ, Hasan; ElDessouky, Ebada Mohamed Essam Eldin Ibrahim; Dağ, Hasan
    This paper presents a novel approach to protect Openflow switches against a type of Denial of Service (DoS) attacks. Openflow switches are the core of Software Defined Networks (SDN) and they are very flexible programmable and can be used for several functionalities within a network. As the control algorithm of the switch is implemented on a separate computer (Controller) this software can be implemented on any part of the network packet including Layers 2 3 and 4 headers. Therefore an Openflow switch can work as a conventional switch a router or a firewall. The open design of Openflow makes it vulnerable to several types of DoS attacks. One of those attacks is to overwhelm the switch flow table with entities larger than its buffer making legitimate packets unable to traverse the switch. The proposed approach depends on a Sandbox like model where a second switch and controller is implemented and all new packets with no matching rules are forwarded to the Sandbox. The Sandbox clone is monitored and controlled so a forwarding rule is always created on the Sandbox switch and transferred only to the working switch when it is classified as a normal rule. Otherwise a cleanup operation is executed periodically on the sandbox switch to remove malicious rules. Rules are classified based on the statistics entries already existing in Openflow switches flow table. The proposed approach is simple and does not need any extra memory or modifications in the switches. It is proven to mitigate this type of DoS attacks. © 2017 IEEE.