Evaluation of insider denial-of-service attacks in software-defined networks
DOI:
https://doi.org/10.55204/trc.v5i1.e486Keywords:
Software Defined Networks, Openflow, Opendaylight, DDoS attacks, Insider attacks, Vulnerability analysisAbstract
Technology has moved towards virtualization and SDN networks are widely recognized for the management advantages they offer over traditional legacy networks. When analyzing a DoS attack vulnerability in a SDN network, a simulated network was implemented in the GNS3 using several devices: Opendaylight controller, open vswitch, DHCP client and server, DNS, HTTP, VoIP and FTP. For the vulnerability analysis, it was decided to use the OCTAVE method, identification of the organization's assets and threats, vulnerability scanning. The second phase of development used the Openvas tool, which helps detect network failures, their characteristics and affected devices, and then categorize them to identify devices that affect availability, such as server versions and types. Once this step is completed, denial of service attacks: HTTP, DHCP and DNS are performed to exhaust the resources used by the system and demonstrate the behavior of the network in terms of metrics such as bandwidth and latency. The conclusion is that, in the case of bandwidth, the efficiency of the pre-attack effect did not exceed 34%, but later showed values as high as 71% and 84%, while the pre-attack delay was lower at 15 ms. and then increased to 4779 ms.
Downloads
References
Aguilar, D. P. E. (s. f.). Estudio para el desarrollo de un modelo de gestión de riesgos y seguridad de la información para instituciones militares.
Amarilla Cardoso, L. (2016). Despliegue de un testbed de redes definidas por software para la gestión de recursos de red en un CPD [masterThesis]. https://dehesa.unex.es:8443/handle/10662/4417
Benefits and the Security Risk of Software-defined Networking. (s. f.). ISACA. Recuperado 11 de agosto de 2024, de https://www.isaca.org/resources/isaca-journal/issues/2016/volume-4/benefits-and-the-security-risk-of-software-defined-networking
Braun, W., & Menth, M. (2014). Software-Defined Networking Using OpenFlow: Protocols, Applications and Architectural Design Choices. Future Internet, 6(2), Article 2. https://doi.org/10.3390/fi6020302
Coker, O., & Azodolmolky, S. (2017). Software-Defined Networking with OpenFlow: Deliver innovative business solutions. Packt Publishing Ltd.
DDoS Attack Types & Mitigation Methods | Imperva. (s. f.). Learning Center. Recuperado 10 de agosto de 2024, de https://www.imperva.com/learn/ddos/ddos-attacks/
Espinoza, E. G. P., & Quito, D. T. (s. f.). Tesis de grado previa obtención del título de ingeniero en sistemas informáticos.
EstiNet 11. (s. f.). AIGOAL. Recuperado 10 de agosto de 2024, de http://www.gordonsmart.com/ns/?page_id=21140
Fernádez, P. Y., & Sanahuja, J. M. M. (s. f.). Programación de redes SDN mediante el controlador POX.
Garcia, B. R. (s. f.). OpenDaylight SDN controller platform.
Getting Started with GNS3 | GNS3 Documentation. (s. f.). Recuperado 10 de agosto de 2024, de https://mother.github.io/docs/
Introducción al conjunto de protocolos TCP/IP - Guía de administración del sistema: Servicios IP. (s. f.). Recuperado 11 de agosto de 2024, de https://docs.oracle.com/cd/E24842_01/html/820-2981/ipov-6.html
Introduction To Software Defined Networking | PDF | Citrix Systems | Virtualization. (s. f.). Scribd. Recuperado 10 de agosto de 2024, de https://www.scribd.com/doc/257324121/Sdn-101-an-Introduction-to-Software-Defined-Networking
Jardón, G. A. S. (2017). Estudio de Redes Definidas por Software e Implementación de escenarios virtuales de prueba. 2017.
Kottler, S. (2018, marzo 1). February 28th DDoS Incident Report. The GitHub Blog. https://github.blog/news-insights/company-news/ddos-incident-report/
Legeren-Alvarez, E. (2012). Diseño de un sistema de información mediante una intranet corporativa: Propuesta de implementación en una empresa constructora de la provincia de Granada (p. 120). GRIN Verlag. http://books.google.es/books?id=2HlUbcwAkLoC
Martinez, G. R. S., Ocampo, C. A., & Bermúdez, Y. V. C. (2017). Sistema de detección de intrusos en redes corporativas. Scientia et Technica, 22(1), Article 1. https://doi.org/10.22517/23447214.9105
Moscoso Clerque, E. M. (2016). Desarrollo de una aplicación para la implementación de calidad de servicio por priorización de tráfico sobre una Red Definida por Software (SDN) [bachelorThesis, Quito, 2016.]. http://bibdigital.epn.edu.ec/handle/15000/15202
Oladunjoye, O. (s. f.). Software Defined Networking.
Open Networking Foundation. (s. f.). Open Networking Foundation. Recuperado 11 de agosto de 2024, de https://opennetworking.org/
OpenDaylight. (s. f.). Recuperado 11 de agosto de 2024, de https://www.opendaylight.org/technical-community/getting-started-fordevelopers/roadmap
OpenVAS - Open Vulnerability Assessment Scanner. (s. f.). Recuperado 11 de agosto de 2024, de https://www.openvas.org/index-de.html
Paracuellos Cortés, J., & Rodríguez Fernández, R. J. (with Universidad de Zaragoza). (2016). Defensa proactiva y reactiva ante ataques DDoS en un entorno simulado de redes definidas por software. Universidad de Zaragoza.
Pardo, C. A. C. (2014). Implementación de un Openflow Controller para el manejo de Openflow Switches.
Pinilla, R. Á. (2015a). Trabajo fin de Máster.
Pinilla, R. Á. (2015b). Trabajo fin de Máster.
Redondo, M., Bravo, C., Bravo, J., & Ortega, M. (s. f.). Intranet: Soporte para entorno de aprendizaje. http://www.redined.mec.es/oai/indexg.php?registro=012200230406.
Reference Designs. (s. f.). Open Networking Foundation. Recuperado 11 de agosto de 2024, de https://opennetworking.org/reference-designs/
Rodrigues, C. P., Costa, L. C., Vieira, M. A. M., Vieira, L. F. M., Macedo, D. F., & Vieira, A. B. (s. f.). Avaliação de Balanceamento de Carga Web em Redes Definidas por Software.
Rodríguez, D. R. R. (s. f.). Y aprobada por el siguiente Comité.
Sandoval Chicaiza, C. E. (2018). Implementación de un clúster-controlador de SDN basado en un framework de software libre para la infraestructura Cloud de la facultad de ingeniería en Ciencias Aplicadas [bachelorThesis]. https://repositorio.utn.edu.ec/handle/123456789/7986
Sdnhub.org. (s. f.). Recuperado 11 de agosto de 2024, de http://ww7.sdnhub.org/tutorials/openflow-1-3/?usid=26&utid=7573656510
Seis, G., & Alexander, J. (s. f.). Diseño de un sistema de gestión de seguridad de la información para instituciones militares.
Software Defined Networks. (2016). https://shop.elsevier.com/books/software-defined-networks/goransson/978-0-12-804555-8
T, C. H. T. (1969). Amenazas informáticas y seguridad de la información. Derecho Penal y Criminología, 28(84), Article 84.
Tarqui Tipo, S. R., & Cuadros Morales, C. A. I. (2017). Implementación de una extranet para la gestión académica en el Instituto de Emprendedores de la Universidad San Ignacio de Loyola. Universidad de San Martín de Porres - USMP. https://repositorio.usmp.edu.pe/handle/20.500.12727/3980
Tutoriales WireShark | PDF. (s. f.). Scribd. Recuperado 10 de agosto de 2024, de https://es.scribd.com/doc/128906887/Tutorial-Wire-Shark
Vargas, W. V. (s. f.). Emulación de una red definida por software utilizando MiniNet. Recuperado 11 de agosto de 2024, de https://www.academia.edu/5730624/Emulaci%C3%B3n_de_una_red_definida_por_software_utilizando_MiniNet
What is a DDoS botnet? (s. f.). Recuperado 10 de agosto de 2024, de https://www.cloudflare.com/learning/ddos/what-is-a-ddos-botnet/
Yandun, M. E. O. (s. f.). Diseño e Implementación de una Aplicación para balanceo de carga para una Red Definida por Software (SDN).
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Marco Vinicio Ramos Valencia, María Belén Paredes Regalado, Natalia Patricia Layedra Larrea, Steven Alejandro Salazar Cazco

This work is licensed under a Creative Commons Attribution 4.0 International License.
The authors retain the moral and patrimonial rights of their works. They only give to the magazine Tesla Revista Científica the right to the first publication of this. Since Tesla Revista Científica is an open access publication, readers can fully or partially reproduce its content as long as they properly credit the corresponding authors and the journal itself. Tesla Revista Científica undertakes not to make commercial use of the texts it receives and/or publishes.
Our journal is governed by the international policies SHERPA/RoMEO: Green journal: They allow the self-archiving of both the pre-print (draft of a paper) and the post-print (the version corrected and reviewed by peers) and even the final version ( layout as it will be published in the journal).
See also "Copyright and licences".











