Smart City Gnosys
Smart city article details
| Title | Cfadefense: A Security Solution To Detect And Mitigate Crossfire Attacks In Software-Defined Iot-Edge Infrastructure |
|---|---|
| ID_Doc | 13580 |
| Authors | Rafique W.; He X.; Liu Z.; Sun Y.; Dou W. |
| Year | 2019 |
| Published | Proceedings - 21st IEEE International Conference on High Performance Computing and Communications, 17th IEEE International Conference on Smart City and 5th IEEE International Conference on Data Science and Systems, HPCC/SmartCity/DSS 2019 |
| DOI | http://dx.doi.org/10.1109/HPCC/SmartCity/DSS.2019.00080 |
| Abstract | Managing the Internet of Things (IoT) infrastructure has become a critical challenge due to an enormous increase in the connected devices and the lack of available security solutions. Software-Defined Networking (SDN) has been extensively involved in network infrastructure management. Moreover, numerous recent studies demonstrate the use of SDN for managing IoT networks. In SDN, policy consistency and security of the data plane is maintained through Waypoint Enforcement (WPE) which ensures that the traffic traverses policy nodes/switches to implement high-level network requirements. Previous studies on SDN primarily secure SDN infrastructure against traditional Distributed Denial of Service (DDoS) attacks. However, we investigate Crossfire Attack (CFA), which is a novel DDoS attack capable of interrupting communication of data plane switches using low-rate legitimate traffic. CFA has the potential to isolate policy switch from the rest of the data plane devices which introduces many security anomalies and routing inconsistencies. We first demonstrate how CFA is lethal on policy switch attacks and then present the design and implementation of a novel CFA countermeasure called CFADefense, which employs link selection, attack detection, and malicious flows interception modules. CFADefense has been developed as an application at the application layer of the open-source Floodlight controller. Our evaluation demonstrates that CFADefense accurately detects and efficiently mitigates CFA and poses minimal overhead on the controller in dealing with this attack. © 2019 IEEE. |
| Author Keywords | crossfire attack; edge computing; IoT; policy consistency; SDN; waypoint enforcement |
Similar Articles
| Id | Similarity | Authors | Title | Published |
|---|---|---|---|---|
5530  | 0.868 | Dantas Silva F.S.; Silva E.; Neto E.P.; Lemos M.; Venancio Neto A.J.; Esposito F. | A Taxonomy Of Ddos Attack Mitigation Approaches Featured By Sdn Technologies In Iot Scenarios | Sensors (Switzerland), 20, 11 (2020) |
| 61396 | 0.863 | Snehi M.; Bhandari A. | Vulnerability Retrospection Of Security Solutions For Software-Defined Cyber-Physical System Against Ddos And Iot-Ddos Attacks | Computer Science Review, 40 (2021) |
| 8971 | 0.858 | Binu P.K.; Mohan D.; Sreerag Haridas E.M. | An Sdn-Based Prototype For Dynamic Detection And Mitigation Of Dos Attacks In Iot | Proceedings of the 3rd International Conference on Inventive Research in Computing Applications, ICIRCA 2021 (2021) |
| 4457 | 0.857 | Alshahrani M.M. | A Secure And Intelligent Software-Defined Networking Framework For Future Smart Cities To Prevent Ddos Attack | Applied Sciences (Switzerland), 13, 17 (2023) |
| 3259 | 0.853 | Sri vidhya G.; Nagarajan R. | A Novel Bidirectional Lstm Model For Network Intrusion Detection In Sdn-Iot Network | Computing, 106, 8 (2024) |