VFence: A Defense against Distributed Denial of Service Attacks Using Network Function Virtualization

With the exponential growth of the Internet use, cyber-threats are emerging rapidly. Distributed Denial of Service (DDoS) attack is one of the most common but damaging kinds of cyberattacks. A DDoS attack to a server typically prevents clients from receiving service by making the server overwhelmed...

Full description

Saved in:
Bibliographic Details
Main Authors: Jakaria, A. H. M., Wei Yang, Rashidi, Bahman, Fung, Carol, Rahman, M. Ashiqur
Format: Conference Proceeding
Language:English
Subjects:
Applications programs
Computer crime
Computer programs
Computer simulation
Denial of service attacks
Distributed Denial of Service
Dynamic Defense Mechanism
Hardware
Internet
IP networks
Mathematical analysis
Mathematical models
Network Function Virtualization
Networks
Servers
Virtual machining
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:With the exponential growth of the Internet use, cyber-threats are emerging rapidly. Distributed Denial of Service (DDoS) attack is one of the most common but damaging kinds of cyberattacks. A DDoS attack to a server typically prevents clients from receiving service by making the server overwhelmed with many invalid service requests. It is always a challenging problem to protect a system from DDoS attacks as it is not trivial to distinguish between an attack packet and a legitimate one. In this work, we have proposed VFence -- a defense mechanism against DDoS attack that leverages the capability of the Network Function Virtualization (NFV) architecture. NFV is the technology of virtualizing network functions in virtual machines on commodity servers and it allows a flexible and dynamic implementation of the network functions. Our proposed mechanism uses network agents to intercept packets when the system is potentially under attack, to verify their authenticity, and to keep the server safe by dropping illegitimate packets. Since the attack intensity often varies, our NFV-based defense framework deploys agents dynamically to balance the attack load. Our simulation results demonstrate that the mechanism can successfully defeat the DDoS attacks by having all legitimate requests served, and the increase in the server's response time is insignificant compared to that of a successful DDoS attack.
ISSN:0730-3157
DOI:10.1109/COMPSAC.2016.219