TY - GEN
T1 - SDN-based network security functions for effective DDoS attack mitigation
AU - Hyun, Daeyoung
AU - Kim, Jinyoug
AU - Hong, Dongjin
AU - Jeong, Jaehoon
N1 - Publisher Copyright:
© 2017 IEEE.
PY - 2017/12/12
Y1 - 2017/12/12
N2 - Distributed Denial of Service (DDoS) attack has been bringing serious security concerns on banks, finance incorporation, public institutions, and data centers. Also, the emerging wave of Internet of Things (IoT) raises new concerns on the smart devices. Software Defined Networking (SDN) and Network Functions Virtualization (NFV) have provided a new paradigm for network security. In this paper, we propose a new method to efficiently prevent DDoS attacks, based on a SDN/NFV framework. To resolve the problem that normal packets are blocked due to the inspection on suspicious packets, we developed a threshold-based method that provides a client with an efficient, fast DDoS attack mitigation. In addition, we use open source code to develop the security functions in order to implement our solution for SDN-based network security functions. The source code is based on NETCONF protocol [1] and YANG Data Model [2].
AB - Distributed Denial of Service (DDoS) attack has been bringing serious security concerns on banks, finance incorporation, public institutions, and data centers. Also, the emerging wave of Internet of Things (IoT) raises new concerns on the smart devices. Software Defined Networking (SDN) and Network Functions Virtualization (NFV) have provided a new paradigm for network security. In this paper, we propose a new method to efficiently prevent DDoS attacks, based on a SDN/NFV framework. To resolve the problem that normal packets are blocked due to the inspection on suspicious packets, we developed a threshold-based method that provides a client with an efficient, fast DDoS attack mitigation. In addition, we use open source code to develop the security functions in order to implement our solution for SDN-based network security functions. The source code is based on NETCONF protocol [1] and YANG Data Model [2].
KW - Distributed Denial of Service
KW - Netconf & YANG
KW - Network Function Virtual
KW - Software Defined Network
KW - Suricata
UR - https://www.scopus.com/pages/publications/85046894625
U2 - 10.1109/ICTC.2017.8190794
DO - 10.1109/ICTC.2017.8190794
M3 - Conference contribution
AN - SCOPUS:85046894625
T3 - International Conference on Information and Communication Technology Convergence: ICT Convergence Technologies Leading the Fourth Industrial Revolution, ICTC 2017
SP - 834
EP - 839
BT - International Conference on Information and Communication Technology Convergence
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 8th International Conference on Information and Communication Technology Convergence, ICTC 2017
Y2 - 18 October 2017 through 20 October 2017
ER -