Detection and Mitigation of Stealth DHCP Attack in SDN network

Document Type : Original Article

Authors

Electrical Engineering Dep., Faculty of Engineering, Minia University, Minia, Egypt

Abstract

Software-defined networking (SDN) significantly enhances network management through its centralized controller, which operates independently of forwarding devices. However, SDN security remains a major challenge. It inherits vulnerabilities from traditional networks due to shared protocols and introduces new risks from its reliance on software-based systems. Dynamic Host Configuration Protocol (DHCP), a critical protocol in SDNs, also presents security threats.
This study analyzes the impact of the stealth DHCP starvation attack in an SDN environment where the Open Network Operating System (ONOS) controller acts as a DHCP relay agent. The analysis reveals that this configuration is susceptible to stealth DHCP starvation attacks, which can disrupt network functionality. A Python script is developed and deployed on the DHCP server Virtual Machine (VM) to address this vulnerability. The script effectively prevents harmful DHCP messages, restores the IP address pool, and mitigates DHCP-related attacks without imposing significant system overhead.
Results demonstrate that the proposed solution not only enhances network resilience against attacks, but also improves overall performance. Specifically, it increases the throughput from 66.0 Mbits/sec to 101.5 Mbits/sec, while the average Round Trip Time (RTT) is reduced from 455.0 ms to 0.45 ms. Additionally, the transmission rate improves from 46,800 Packet Per Second (pps) to 72,000 pps, ensuring better resource utilization. The proposed approach provides a practical and efficient method for safeguarding SDN environments against advanced DHCP-related threats, contributing to the secure and efficient operation of modern networks.

Keywords

Main Subjects

Files

Share

How to cite

Statistics