Utilizing OpenFlow and sFlow to Detect and Mitigate SYN Flooding Attack

Penulis Muhammad Nugraha , Isyana Paramita , Ardiansyah Musa , Deokjai Choi , Buseung Cho
Publisher Journal of Korea Multimedia Society
Nomor DOI http://dx.doi.org/10.9717/kmms.2014.17.8.988


Software Defined Network (SDN) is a new technology in computer network area which enables user to centralize control plane. The security issue is important in computer network to protect system from attackers. SYN flooding attack is one of Distributed Denial of Service attack methods which are popular to degrade availability of targeted service on Internet. There are many methods to protect system from attackers, i.e. firewall and IDS. Even though firewall is designed to protect network system, but it cannot mitigate DDoS attack well because it is not designed to do so. To improve performance of DDOS mitigation we utilize another mechanism by using SDN technology such as OpenFlow and sFlow. The methodology of sFlow to detect attacker is by capturing and sum cumulative traffic from each agent to send to sFlow collector to analyze. When sFlow collector detect some traffics as attacker, OpenFlow controller will modify the rule in OpenFlow table to mitigate attacks by blocking attack traffic. Hence, by combining sum cumulative traffic use sFlow and blocking traffic use OpenFlow we can detect and mitigate SYN flooding attack quickly and cheaply.

Teks Lengkap:



C.N. Maregeli, A Study On TCP-SYN Attacks And Their Effects on A Network Infrastructure, Master’s Thesis of Delft University of Technology, 2010.

Transmission Control Protocol, http://www.ietf.org/rfc/rfc793.txt. (Accessed May, 20, 2014)

TCP Three-way Handshake, http://www.georgecoding.com/index.php/tcpdump-and-3-way-handshake/ (Accessed May, 20, 2014).

TCP SYN Flooding Attack Process, http://www.juniper.net/techpubs/en_US/junos12.1/topics/concept /denial-of-service-network-syn-flood-attack-understanding.html (Accessed May, 20, 2014).

SYN Flooding Defense Mechanism in Traditional Network, http://www.tech- mavens.com/synflood.htm (Accessed May, 20, 2014).

R. Braga, M. Edjard, and A. Passito, “Lightweight DDoS Flooding Attack Detection Using NOX/ OpenFlow,” Proceeding of 35th Annual IEEE Conference on Local Computer Networks, pp 408-415, 2010.

sFlow Version 5, http://sflow.org/sflow_version_5.txt (Accessed May, 20, 2014).

Jun-Sang Park, Sung-Yun Kim, Dai-Hee Park, and Myung-Sup Kim, “Design and Implementation of an SNMP-based Traffic Flooding Attack Detection System”, The Korea Information Processing Society Transactions, 1598-2858, prep, pp, 2009. https://doi.org/10.3745/KIPSTC.2009.16-C.1.13

Tu Xu, Da Ke He, and Yu Zheng, “Detectiong DDoS Attack based on One-Way Connection Density,” Proceeding of 10th IEEE Singapore International Conference on Communication Systems, pp. 1-5, 2006.

H. Wang, D. Zhang, and K.G. Shin, “Detecting SYN Flooding Attacks,” Proceeding of Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies, pp. 1530-1539, 2002.

sFlow Sampling Rate, http://blog.sflow.com/2009/06/sampling-rates.html (Accessed May, 20, 2014).

Hot Spares for DoS attacks, http://static.usenix.org/publications/login/2000-7/apropos.html (Accessed May. 20, 2014).