Professional Documents
Culture Documents
fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TII.2019.2917912, IEEE
Transactions on Industrial Informatics
Abstract—Leveraging high-performance software-defined net- On the other hand, SDN enables the network to be automated
works (SDN) to manage industrial Internet of Things (IIoT) devices and centrally managed so that it can quickly configure IIoT de-
has become a promising trend, the SDN is expected to be the vices around the world. The inherent scalability of SDN allows
next generation as a unified and virtualized network platform that
provides unprecedented automation, flexibility, and efficiency. As for the rapid addition of new IIoT devices, and the dynamic
the core of business applications and sensitive data storage, the response system greatly reduces the risk of IIoT. In addition,
SDN is vulnerable to distributed denial-of-service (DDoS) attacks virtualization of SDN components enables dynamic reconfig-
in IIoT environment that numerous requests are sent to the SDN to uration of network devices and traffic, automatic bandwidth
interrupt its services. In the traditional defense systems, honeypots provisioning, and de-provisioning of bandwidth. Therefore, as
have shown great promises in resisting DDoS attacks. In this paper,
we reveal a new attack that can identify honeypots to invalidate IIoT traffic grows, high-traffic instantaneous bandwidth or traffic
their protection. In addition, we analyze the optimal strategies of involving health and security applications will be prioritized.
attackers, so that they can find the best time to carry on attacks. To
However, the centralized control of SDN puts the controller
protect SDN from such a kind of anti-honeypot attacks, we propose
a pseudo-honeypot game strategy with theoretical performance at risk of a single point of failure. First, the centralized control
guarantee. We prove several groups of Bayesian-Nash Equilibrium of the controller makes the controller easy to be the target of
(BNE) in the pseudo-honeypot game strategy. Moreover, we show attack. Once the attacker successfully implements the attack on
that these strategies can achieve the optimal equilibrium between the controller, it will cause a large area of network service and
legitimate users and attackers. The proposed honeypot strategies
affect the entire network coverage covered by the controller.
can provide dynamic protection for SDN. Hence, malicious attacks
under our strategies can be effectively controlled. Finally, we Second, the centralized control makes the controller vulnerable
evaluate our proposals on a testbed, and experimental results show to resource exhaustion attacks such as Distributed denial-of-
that our proposals can effectively resist DDoS attacks with lower service (DDoS). DDoS attacks injects a large number of packets
energy consumption compared with the existing methods. with forged source addresses into the SDN servers [2]. Since no
Index Terms—Industrial Internet of Things, Software-Defined matched rules can be found in local caches, switches forward
Networks, Distributed Denial of Service Attacks, Pseudo-Honeypot, these malicious packets to the network controller, which will
Anti-Honeypot, Game Theory. be congested to interrupt services. More seriously, once the
DDoS attack succeeds, it is likely that the attacked SDN
I. I NTRODUCTION server will be used as a puppet to further attack IIoT devices
OFTWARE-defined network (SDN) is an automatic and managed by SDN, resulting in huge industrial losses. In recent
S virtualized network with high flexibility, efficiency and
reliability. It carries the core business and stores confidential
years, IIoT environments have been targeted by hackers using
different approaches. For instance, Ukrainian power distribution
data of the users, while providing business interaction and system was subjected to cyber attacks, resulting in a continuous
data exchange for internal, external, and other customers [1]. blackout.
Therefore, SDN can effectively manage industrial Internet of Although many approaches (e.g., intrusion detection systems
Things (IIoT) devices, protect the data they generate, and (IDS), firewalls, and upstream filtering) have been proposed to
quickly analyze the data to provide the visibility that enterprises deal with DDoS attacks, honeypots show great advantages in
need. SDN provides a viable, cost-effective way to manage IIoT protection capability and resource occupation [3]. For example,
to maximize application and analytics performance. Due to the since an IDS may have to monitor a large number of network
explosive growth of IIoT and the chaotic nature of the public activities with trillions of bytes per second, its cache will
Internet, traffic in this area needs to be migrated to private be quickly depleted. On the contrary, honeypots only capture
dedicated channels, otherwise critical communication services and monitor a small portion of network activities, without the
and applications will experience latency issues. problem of resource depletion. By pretending to be normal
Miao Du is with the Key Lab of Broadband Wireless Communication and servers to attract attackers, honeypots can consume attackers’
Sensor Network Technology, Nanjing University of Posts and Telecommunica- resources and time. They can also influence and interfere with
tions, Nanjing, 210003, China. E-mail: dumiao0118@163.com. the choice of intruders, and further detect the intruders’ attack
Kun Wang is with the Department of Electrical and Computer Engi-
neering, University of California, Los Angeles, 90095, CA, USA. E-mail: intention. However, the traditional single-honeypot strategy is
wangk@ucla.edu. vulnerable to be identified by attackers because of low decoy
1551-3203 (c) 2019 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TII.2019.2917912, IEEE
Transactions on Industrial Informatics
Then, it identifies the type of honeypots, and further finds out the
optimal strategy for attacking. To protect the SDN from the anti-
1551-3203 (c) 2019 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TII.2019.2917912, IEEE
Transactions on Industrial Informatics
TABLE I: List of Symbols in the paper P (0,β) = −Łnκ β − Łnκ (1 − β) = −Łnκ . (5)
1551-3203 (c) 2019 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TII.2019.2917912, IEEE
Transactions on Industrial Informatics
and Łnµ ≥ 0, respectively. Łnm and Khi represent the payoffs for
the targeted system as a low-interaction or a high-interaction
honeypot, respectively, with Khi ≥ Łnm ≥ 0. Finally, let Vt1 Fig. 3: Optimal attack strategy based on anti-honeypot.
and Vt2 (t = 1,...,6) be the expected payoff of attackers and
defenders, respectively. (2) When 0 ≤ α ≤ 1, targeted system may be a honeypot, then,
The payoff for attackers at system layer and network layer is V 0 = α(Khs − Kτs ) + Łlt − Łlr . (10)
Vs = ξα(Kτs − Łlt ) + (1 − ξ)α(Kτs − Łlt ) + (1 − α)(−Łlt ) (a) If attacker has recognized a target, we have V 0 =αC +
= αKτs − Łlt , Łlt − Łlr where C is a constant. Since α(Khs − Kτs ) > 0,
(7) V 0 increases when the cost for recognition decreases. In
this case, the optimal strategy is to attack the recognized
and
target preferentially at a lower recognition cost.
Vn = ξα(Khs − Łlr ) + (1 − ξ)α(Khs − Łlr ) + (1 − α)(−Łlr ) (b) If attacker has not recognized a target, the optimal
= αKhs − Łlr . strategy is the same as (1)(b).
(8) (3) When α = 0, targeted system is not a honeypot. Thus,
Then the difference between these two payoffs can determine V 0 = Łlt − Łlr = −(Łlr − Łlt ). (11)
the optimal strategy as follows:
At this time, no matter whether attacker has recognized a
0
V = Vn − Vs = (αKhs − Łlr ) − (αKτs − Łlt ) target, the optimal strategy is to carry on an attack.
(9)
= α(Khs − Kτs ) + Łlt − Łlr . In order to protect the system from AHA, we present a
solution in the next section.
According to (9), it is obvious that the optimal strategy is
relevant to α. We need further discussion on the layout of the III. P ROTECTION BASED ON P SEUDO -H ONEYPOT G AME
honeypots in the SDN server based on the different range of α,
aiming at finding the best strategy to attack. In this section, we present a solution based on the pseudo
honeypot strategy from the defender’s perspective.
1551-3203 (c) 2019 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TII.2019.2917912, IEEE
Transactions on Industrial Informatics
present a multi-stage game in this model. We first reveal a two- Similarly, we can obtain the average payoff SU3 (Ω1 ) and
step anti-honeypot based attack in SDN, and then we propose a SU3 (Ω2 ) by pseudo-honeypot services’ strategies Ω1 and Ω2 ,
pseudo-honeypot game strategy to protect the SDN from anti- respectively, as follows:
honeypot based attacks.
SU3 (Ω1 ) = P (K1 | Λ1 ) ∗ (−µκ) + P (K2 | Λ1 ) ∗ (κ)
The payoffs are discussed for three different cases as follows.
• CASE 1. Real soft-defined network communication is = (1 − τ )µκ + τ κ (14)
provided by the SP. = (µ + τ − τ µ)κ,
If legitimate users receive normal service, the payoff is
and
κ (κ > 0) for both sides; otherwise it is −κ. If providing
services to attackers, which will deteriorate service quality, SU3 (Ω2 ) = P (K1 | Λ1 ) ∗ 0 + P (K2 | Λ1 ) ∗ (−κ)
(15)
the service provider’s payoff is −µκ and attackers’ payoff = −τ κ.
is µκ (µ ≥ 1). Otherwise, both services’ payoff and
attackers’ payoff are 0. We first assume that SU1 (Ω1 ) = SU1 (Ω2 ), and SU3 (Ω1 ) =
• CASE 2. Honeypot service is provided by the SP. SU3 (Ω2 ). Then, we have
For legitimate users, no matter whether the service-side µ
τ= . (16)
provides honeypot service, they are unable to obtain normal 2+µ
service, and consequently the payoff is −κ. If the ser-
According to (16), the optimal strategy for both the real
vices provide effective honeypot service to decoy attackers
communications and the pseudo-honeypots is Ω1 when τ <
successfully, the service-side’s payoff is δ1 ς (ς > 0 and
µ/(2 + µ). Otherwise the optimal strategy is Ω2 . Therefore, we
δ1 ≥ 1), and the attackers’ payoff is −δ1 ς.
conclude that the dominant strategy for the visitors’ strategy
• CASE 3. Pseudo-honeypot service is provided by SP.
(Λ1 ,Λ1 ) is (Ω1 ,Ω1 ,Ω1 ) when τ < µ/(2 + µ), and (Ω2 ,Ω1 ,Ω2 )
For legitimate users, pseudo-honeypot service is similar
otherwise.
to normal service, so that they are able to obtain normal
Thus, for pseudo-honeypot services, strategy Ω1 is the strictly
service, and consequently the payoff is κ. If providing
dominant strategy. Consequently, the pseudo-honeypot services
service for attackers, the service performance will dete-
invariably select strategy Ω1 for any visitor. However, for real
riorate, and the payoffs of service-side and attackers are
communications, they can make a choice between strategy Ω1
−δκ and µκ − δ2 ς, respectively, in which δ2 represents
and Ω2 . The payoff obtained with strategy Λ1 of legitimate users
pseudo-honeypot decoy factor and δ2 ≥ 1. If the services
is given by
provide effective pseudo-honeypot service to decoy attack-
ers successfully, the service-side’s payoff is δ2 ς. SK1 (Λ1 ) =P (U1 | Ω1 ) ∗ (−κ) + P (U2 | Ω2 ) ∗ κ+
In our model, the SP does not know the type of the visitors in P (U3 | Ω2 ) ∗ κ
advance, but it has a priori information about certain statistical (17)
= − (1 − α − σ)κ + ακ + σκ
metrics regarding the visitors, for instance, the distribution of
the type of visitors. We assume {P (K1 ) = 1 − τ,P (K2 ) = τ }. =[2(α + σ) − 1]κ.
Similarly, we consider that the visitors also know the probability The payoff obtained with legitimate users’ strategy Λ2 can
distributions of the type of services provided, {P (U1 ) = 1 − be computed as SK1 (Λ2 ) = P (U1 | Ω1 ) ∗ 0 + P (U2 |
α − σ,P (U2 ) = α,P (U3 ) = σ}. Since the players are conscious Ω1 ) ∗ 0 + P (U3 | Ω1 ) ∗ 0 = 0.
of the strategies of the adversaries, we utilize Bayesian rules to Similarly, we can obtain the average payoff SK2 (Λ1 ) and
obtain the posterior probability of the players in the game and SK2 (Λ2 ) for the attackers as follows:
calculate the expected maximum payoffs for all the players.
Theorem 1. A Bayesian-Nash Equilibrium (BNE) strategy SK2 (Λ1 ) =P (U1 | Ω1 ) ∗ (−δς) + P (U2 | Ω1 ) ∗ µκ
{(Ω1 ,Ω1 ,Ω1 ),(Λ1 ,Λ1 )} exists in the pseudo-honeypot game P (U3 | Ω2 ) ∗ µκ
provided (18)
=(1 − α − σ)(−δς) + αµκ + σµκ
µ 1 δς =(α + σ)(µκ + δς) − δς,
τ< , α+σ < , α+σ < .
2+µ 2 µκ + δς
and similarly the payoff of attackers with strategy (Λ2 )
Proof : The payoff of the real services for the strategy Ω1 is can be computed as SK2 (Λ2 ) = P (U1 | Ω1 ) ∗ 0 + P (U2 |
denoted as SU1 (Ω1 ): Ω1 ) ∗ 0 + P (U3 | Ω1 ) ∗ 0 = 0.
SU1 (Ω1 ) = P (K1 | Λ1 ) ∗ (−µκ) + P (K2 | Λ1 ) ∗ (κ)
By assuming SK1 (Λ1 ) = SK1 (Λ2 ), and SK2 (Λ1 ) =
= −µκτ + (1 − τ )κ (12)
SK2 (Λ2 ), we have
= (1 − τ − τ µ)κ.
1
Since the average payoff SU1 (Ω2 ) is obtained by real services’ α+σ = , (19)
strategy Ω2 , we have 2
and
SU1 (Ω2 ) = P (K1 | Λ1 ) ∗ 0 + P (K2 | Λ1 ) ∗ (−κ) δς
(13) α+σ = . (20)
= −τ κ. µκ + δς
1551-3203 (c) 2019 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TII.2019.2917912, IEEE
Transactions on Industrial Informatics
According to (19) and (20), if the visitors are legitimate users, Algorithm 1: Optimal strategies for pseudo-honeypot
Λ1 is the dominant strategy for portfolio strategy {(Ω1 ,Ω1 ,Ω1 )} game
under the condition α+σ < 1/2. On the contrary, if the visitors Input: τ , α, σ, κ, χ, µ, δ1 , δ2 and ς
are attackers, Λ1 is the SP’s dominant strategy for portfolio Output: Optimal strategies {(Ωii ,Ωjj ,Ωkk ),(Λii ,Λjj )}
strategy {(Ω1 ,Ω1 ,Ω1 )} under the condition α + σ < δς/(µκ + /* Initialize the strategies, {Ωi ,Ωj ,Ωk } */
δς). Consequently, we have /* Find the stable state */
µ 1 δς if τ < µ/2 + µ then
τ< , α+σ < , α+σ < . (21) if α + σ < δς/(µκ + δς) ∧ α + σ < 1/2 then
2+µ 2 µκ + δς
choose optimal portfolio strategy
Therefore, we can obtain a BNE strategy {(Ω1 ,Ω1 ,Ω1 ),(Λ1 ,Λ1 )}.
{(Ω1 ,Ω1 ,Ω1 ),(Λ1 ,Λ1 ))} in the game when (21) is true. end
else
Analogously, we can obtain other two BNE strategies cannot achieve a BNE.
{(Ω1 ,Ω1 ,Ω1 ),(Λ1 ,Λ2 )} and {(Ω2 ,Ω1 ,Ω2 ),(Λ2 ,Λ2 )} in the game end
under the conditions (22) and (23), respectively, as follows: if δς/(µκ + δς) < α + σ < 1/2 then
choose optimal portfolio strategy
µ δς 1
τ< , <α+σ < , (22) {(Ω1 ,Ω1 ,Ω1 ),(Λ1 ,Λ2 )}.
2 + µ µκ + δς 2 end
and else
µ 1 δς cannot achieve a BNE.
τ< , α+σ > , α+σ > . (23)
2+µ 2 µκ + δς end
if α + σ > δς/(µκ + δς) ∧ α + σ > 1/2 then
choose optimal portfolio strategy
{(Ω2 ,Ω1 ,Ω2 ),(Λ2 ,Λ2 )}.
end
else
cannot achieve a BNE.
end
end
*% *% *%
else
*%
&' &' &' &' cannot achieve a BNE.
) ( )( ) ( ) )(
( )( ) ( )(
&' #$%
" &' #$%
" &' #$%
" &' #$%
" end
#$%
#$%
#$%
#$%
!!
!!
the pseudo-honeypot when they launch the attack, which makes
attackers cautious. The figures clearly indicate that the PHG
Fig. 4: The game tree from legitimate user’ perspective. strategy is the most favorable for defenders. The PHG strategy
In this section, Nash Equilibriums (NEs) will be analyzed in provides a variety of strategies so that the defenders can adjust
the HHG model. We first analyse the NEs in the PHG and AHA α and σ, or δ1 and δ2 to improve the defense mechanism and
model compared to the traditional game in terms of equilibrium achieve different BNEs according to different portfolios.
strategies. Then, we analyse the payoffs of legitimate users and
attackers via game trees. Importantly, we further discuss the τ in
the AHA model to find out the optimal strategies for attackers.
It is clear that the game equilibrium conditions relate to the
probabilities of the honeypot and the pseudo-honeypot, α and
σ, as well as decoy factors δ1 and δ2 . Therefore, the result of the Fig. 5: The game tree from attackers’ perspective.
game is completely controlled by the services. Furthermore, the We conclude that the AHA can effectively improve the attack
pseudo-honeypot is more deceptive compared to the honeypot, performance compared with single honeypot game (SHG) model
because the attackers cannot be certain about the existence of [8], and the PHG strategy can effectively solve the attacks based
1551-3203 (c) 2019 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TII.2019.2917912, IEEE
Transactions on Industrial Informatics
1551-3203 (c) 2019 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TII.2019.2917912, IEEE
Transactions on Industrial Informatics
!
service flow shows a downward trend. Specifically, for example, A. DDoS Detection in SDN
when µ=4 and the attack probability is 0.2, the number of attack The detection of DDoS attacks has been extensively studied.
flows rises to over 40,000, and the service flow drops sharply to Nevertheless, little research is about the security issues with
only about 50,000. In contrast, the proposed model for rational respect to SDN environments. We describe several intrusion
deployment of honeypots (S=12, H=2, P=6) has an attack flow detection techniques related to the SDN environments. Sun et al.
of about 30,000, and the number of service flows exceeds 70,000 [9] utilized OpenFlow and sFlow to deal with anomaly detection
under the same conditions. Consequently, we can conclude problems on SDN. The performance of traffic collection of
that reasonable deploying of honeypots and pseudo-honeypots this method was compared with sFlow. Sinclair et al. [10]
(α + σ < 1/2) is of paramount importance. Therefore, the PHG presented a novel method to address the DDoS detection by
model can be an effective defense mechanism against DDoS Self-Organizing Maps (SOM) machine learning technique. Lara
attacks. et al. [11] discussed the alarm flow specification language,
aiming at controlling a large amount of traffic sent to the
controller. Wang et al. [12] investigated a survey on the solutions
V. R ELATED W ORK for DDoS attacks in SDNs, and further analyzed the advantages
and disadvantages of several mechanisms in defending against
In this section, we present the existing literatures on DDoS DDOS attacks. Zhu et al. [13] proposed Predis to address SDN
detection in SDN, honeypot for DDoS, and game theory in privacy protection and cross-domain attacks. In addition, the
DDoS. authors utilized the kNN algorithm to detect attacks efficiently
1551-3203 (c) 2019 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TII.2019.2917912, IEEE
Transactions on Industrial Informatics
and accurately. game approach to analyze and prove the effectiveness of honey-
pots, which can help us deploy the honeypots more effectively
B. Honeypot for DDoS in the real SDN scenario. Moreover, we employ a two-step
Zhan et al. [14] proposed an IHoneycol approach to address anti-honeypot attack to analyze defense systems deployed with
the DDoS problem efficiently. Jiang et al. [15] presented an honeypots from the perspective of attackers. Therefore, we can
architecture using virtual machine to capture attacks called comprehensively resist against DDoS attacks in SDN.
Collapsar, which played a significant role in supervising high-
interaction virtual honeypots in the heart of a black hole. Walfish VI. CONCLUSION
et al. [16] presented an effective hop tracking mechanism called In this paper, we have introduced the honeypot strategies
honeypot back-propagation, which is a new roaming honeypot into SDN to solve DDoS attacks in IIoT environment. In our
scheme leverages to achieve accurate attack signatures. honeypot strategies, they can provide dynamic protection for
Wang et al. [17] proposed a honeypot detection to address SDN. In addition, the honeypot strategies can offer optimal
Botnet attacks. The attacker can be detected in their honeypot defensive strategies when facing DDoS attacks. Specifically, we
botnet. Hayatle et al. [18] presented how a technique can have presented an anti-honeypot based attack to help attackers
allow botmasters to determine the performance of compromised find out their optimal strategies. Moreover, we have proposed a
machines with a relatively high certainty. pseudo-honeypot game strategy to analyze the strategic interac-
tion between attackers and defenders. The experiment results
C. Game Theory in DDoS have showed that the energy consumption and the defense
B. Rashidi et al. [19] proposed a DDoS defense mecha- efficiency can be improved with the proposed strategies. Fur-
nism called CoFence that promotes a ”domain-help-domain” thermore, the anti-honeypot based attack strategy can effectively
collaborative network between NFV-based domain networks. In help the attackers identify the honeypot traps in the target SDN
addition, the authors designed a dynamic resource allocation servers, and the pseudo-honeypot game strategy can be a good
mechanism for the domain and establishes a game model solution to this attack strategy, thereby further protecting the
to find an effective, incentive-compatible, fair and reciprocal security of the IIoT devices.
resource allocation method by analyzing Nash equilibrium. Luo
et al. [20] presented a taxonomy of DDoS attack and defense R EFERENCES
system, and Wang et al. [21] considered the confrontation [1] C. Tian, A. Munir, A. X. Liu, J. Yang, and Y. Zhao, “OpenFunction:
between defenders and attackers and developed a game theory An Extensible Data Plane Abstraction Protocol for Platform-Independent
analysis framework for collaborative security detection. Anwar Software-Defined Middleboxes,” IEEE/ACM Transactions on Networking,
vol. 26, no. 3, pp. 1488-1501, 2018.
and Malik [22] proposed a simulation to study the feasibility of [2] M. Du, K. Wang, Y. Chen, X. Wang, and Y. Sun, “Big data privacy
DDoS attack, the experience of such a security event in a real preserving in multiaccess edge computing for heterogeneous internet of
SDN server. things,” IEEE Communications Magazine, vol. 56, no. 8, pp. 62-67, 2018.
[3] Q. D. La, T. Q. S. Quek, J. Lee, S. Jin, and H. Zhu, “Deceptive Attack and
Yan and Yu [23] discussed the new trends and characteristics Defense Game in Honeypot-Enabled Networks for the Internet of Things,”
of DDoS attacks in cloud computing, and conducted a compre- IEEE Internet of Things Journal, vol. 3, no. 6, pp. 1025-1035, 2016.
hensive investigation of the DDoS attack defense mechanism [4] J. Zheng, Q. Li, G. Gu, J. Cao, D. K. Y. Yau, and J. Wu, “Realtime DDoS
using SDN. By reviewing existing researches on launching Defense Using COTS SDN Switches via Adaptive Correlation Analysis,”
IEEE Transactions on Information Forensics and Security, vol. 13, no. 7,
DDoS attacks on SDN, and methods for DDoS attacks in SDN. pp. 1838-1853, 2018.
The authors found that the contradictory relationship between [5] F. Hu, Q. Hao, and K. Bao, “A survey on software-defined network (SDN)
SDN and DDoS attacks had not been well resolved in previous and openflow: From concept to implementation,” IEEE Communications
Surveys & Tutorials, vol. 16, no. 4, pp. 2181-2206, 2014.
work. This work helped to understand how to take advantage [6] K. Wang, M. Du, Y. Sun, A. Vinel, and Y. Zhang, “Attack detection and
of SDN to protect against DDoS attacks in cloud computing distributed forensics in machine-to-machine networks,” IEEE Network, vol.
environments.Yan et al. [24] further investigated DDoS attacks 30, no. 6, pp. 49-55, 2016.
[7] M. F. Thompson, “Effects of a Honeypot on the Cyber Grand Challenge
in SDN-based cloud computing environments. SDN was easy Final Event,” IEEE Security & Privacy, vol. 16, no. 2, pp. 37-41, 2018.
to detect and respond to DDoS attacks due to its software- [8] K. Wang, M. Du, S. Maharjan and Y. Sun, “Strategic Honeypot Game
based traffic analysis, centralized control, and dynamic update of Model for Distributed Denial of Service Attacks in the Smart Grid,” IEEE
Transactions on Smart Grid, vol. 8, no. 5, pp. 2474-2482, 2017.
forwarding rules. In detail, The author analyzed and explored the [9] X. S. Sun, A. Agarwal, and T. S. Eugene, “Controlling Race Conditions in
following issues: how to use SDN to defend against application- OpenFlow to Accelerate Application Verification and Packet Forwarding,”
level DDoS attacks, how to use SDN to defend against mobile IEEE Transactions on Network Service Managazine, vol. 12, no. 2, pp.
263-277, 2015.
DDoS attacks, how to achieve multiple location defenses, how to [10] N. Sinclair, D. Harle, I. A. Glover, J. Irvine, C. Robert, and Atkinson, “An
use cross-layer traffic analysis, and how to collaborate between Advanced SOM Algorithm Applied to Handover Management within LTE,”
key defensive points, and how to conduct a DDoS attack tolerant IEEE Transactions on Vehicle Technology, vol. 62, no. 5, pp. 1883-1894,
2013.
system using SDN. [11] A. Lara, A. Kolasani, and B. Ramamurthy, “Network Innovation Using
Nevertheless, none of these state-of-the-art researches intro- OpenFlow: A Survey,” IEEE Communications Surveys & Tutorials, vol.
duces the twofold honeypot strategy into SDN for resisting 16, no. 1, pp. 493-512, 2014.
[12] K. Wang, Y. Wang, D. Zeng, and S. Guo, “An SDN-based architecture
DDoS attacks. Our proposal can prevent the DDoS attacks by for next-generation wireless networks,” IEEE Wireless Communications,
the decoy performance of the pseudo-honeypots, and utilize a vol. 24, no. 1, pp. 25-31, 2017.
1551-3203 (c) 2019 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TII.2019.2917912, IEEE
Transactions on Industrial Informatics
10
1551-3203 (c) 2019 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.