(CANCELED) Cyber Security Webinar by Dr. Chhagan Lal : Detection and Mitigation of TCP SYN Flood attacks on SDN Controllers

Abstract
Software-Defined Network (SDN) segregates the control plane and the data plane to bring about a programmable network. The controller at the control plane runs network modules and sets rules for forwarding the packets in the switches that reside at the data plane. Though advantageous in several ways, SDN can fail when the controller is saturated by a flood of TCP SYN packets. SYN flood can be created using malicious spoofing of IP or MAC addresses or flash crowd. The existing solutions to mitigate SYN flood against the controller do not adequately handle MAC spoofing based SYN flood, and these are unable to distinguish between the flash crowd and malicious traffic.

In this talk, I will present a novel mechanism (named AEGIS)  that detects and mitigates SYN flood attacks against the SDN controllers. AEGIS runs in the controller, and it regularly checks if there is a performance lag in the controller. If performance degradation is detected, then AEGIS takes it as an indication of SYN flood and identifies whether it is due to spoofed addresses or flash crowd. Once the reason is found, the appropriate mitigation procedure is triggered. AEGIS performance is evaluated on testbed and emulator settings.