Skip to main content
SpringerLink
Log in

Detecting and mitigating DHCP attacks in OpenFlow-based SDN networks: a comprehensive approach

  • Original Paper
  • Published:
Journal of Computer Virology and Hacking Techniques Aims and scope Submit manuscript

Abstract

Software Defined Networking (SDN) is an approach that provides centralized control and management of networks. This centralized view of the network traffic flow can be exploited to enhance the network's overall security. This paper focuses on protecting SDN networks from DHCP attacks, which not only impact the DHCP service but also extend to the SDN controller and the overall network. This paper proposes a real-time and comprehensive approach—DHCPWatcher—to detect and mitigate DHCP attacks in SDN networks. The DHCPWatcher is a multi-stage detection mechanism for detecting DHCP attacks using anomaly, heuristic, and/or behavior analysis. When an attack is detected, a DROP action for malicious DHCP traffic is injected into the forwarding device using the OpenFlow protocol. Then, a multi-step mechanism is activated to heal and restore the affected controller and the DHCP service that includes removing spoofed hosts from the controller, releasing IP addresses that may have been maliciously leased by the attack, and reassigning those IP addresses to their original clients. Mininet emulator is utilized to evaluate DHCPWatcher against well-known DHCP attacks for three different DHCP services. The results show that DHCPWatcher effectively detects attacks from the first attack packet. It also can neutralize the impacts of most malicious attacks—Yersinia—within the first 30 s and takes much less time for the other attacks, such as Hyena and DHCPwn. This fast neutralization of attacks positively reflects on the controller resources, such as CPU utilization, and network performance in terms of latency and packet loss.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16

Similar content being viewed by others

Data availability

Data sharing is not applicable to this article as no new data were created or analyzed in this study.

References

  1. Correa Chica, J.C., et al.: Security in SDN: a comprehensive survey. J. Netw. Comput. Appl. 159, 102595 (2020). https://doi.org/10.1016/j.jnca.2020.102595

    Article  Google Scholar 

  2. Goransson, P., et al.: Software Defined Networks: A Comprehensive Approach, vol. 1, 2nd edn. Elsevier, Amsterdam (2017)

    Google Scholar 

  3. Jarraya, Y., et al.: A survey and a layered taxonomy of software-defined networking. IEEE Commun. Surv. Tutor. 16(4), 1955–1980 (2014). https://doi.org/10.1109/comst.2014.2320094

    Article  Google Scholar 

  4. Azodolmolky, S., Software Defined Networking with OpenFlow. 2013: Packt Publishing Ltd.

  5. Kreutz, D., et al.: Software-Defined Networking: A Comprehensive Survey. Proc. IEEE 103(1), 14–76 (2015). https://doi.org/10.1109/JPROC.2014.2371999

    Article  Google Scholar 

  6. ONF: OpenFlow Switch Specification, O.S. Specification, Editor. Open Networking Foundation (2015)

  7. Vyncke, E., Paggen, C.: LAN switch security: what hackers know about your switches (2007)

  8. Abri, D.A.: Detection of MITM attack in LAN environment using payload matching. In: 2015 IEEE International Conference on Industrial Technology (ICIT) (2015). https://doi.org/10.1109/ICIT.2015.7125367

  9. Cox, J.H., et al.: Leveraging SDN to Improve the Security of DHCP. In: Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization. ACM, New Orleans, Louisiana, USA (2016). https://doi.org/10.1145/2876019.2876028

  10. Wang, J., Chen, Y.: An SDN-based defensive solution against DHCP attacks in the virtualization environment. In: 2017 IEEE Conference on Dependable and Secure Computing (2017). https://doi.org/10.1109/DESEC.2017.8073876

  11. Toprak, C., et al.: Detection of DHCP starvation attacks in software defined networks: a case study. In: 2018 3rd international conference on computer science and engineering (UBMK) (2018). https://doi.org/10.1109/UBMK.2018.8566268

  12. Cabaj, K., et al.: Network threats mitigation using software-defined networking for the 5G internet of radio light system. Secur. Commun. Netw. 2019, 4930908 (2019). https://doi.org/10.1155/2019/4930908

    Article  Google Scholar 

  13. Tok, M.S., Demirci, M.: Security analysis of SDN controller-based DHCP services and attack mitigation with DHCPguard. Comput. Secur. (2021). https://doi.org/10.1016/j.cose.2021.102394

    Article  Google Scholar 

  14. Aldaoud, M., et al.: DHCP attacking tools: an analysis. J. Comput. Virol. Hacking Tech. (2021). https://doi.org/10.1007/s11416-020-00374-8

    Article  Google Scholar 

  15. ONOS Downloads. accessed 16/Sep/2021; Available from: https://wiki.onosproject.org/display/ONOS/Downloads.

  16. Simonmcnair. isc-dhcp-server. https://help.ubuntu.com/community/isc-dhcp-server. Accessed 16 Sept 2021

  17. Microsoft. Dynamic Host Configuration Protocol (DHCP). https://docs.microsoft.com/en-us/windows-server/networking/technologies/dhcp/dhcp-top. Accessed 17 Sept 2021

  18. ONOS Application Tutorial—DHCP Application—Usage Information. http://kspviswa.github.io/Using-DHCP-app-ONOS.html. Accessed 16 Sept 2021

  19. Team, M. Mininet, An Instant Virtual Network on your Laptop (or other PC). http://mininet.org/. Accessed 16 Sept 2021

  20. Team, D.D. DHCPig. https://github.com/kamorin/DHCPig. Accessed 16 Sept 2021

  21. dhcpstarv. http://manpages.ubuntu.com/manpages/cosmic/man1/dhcpstarv.1.html. Accessed 16 Sept 2021

  22. dstar. https://github.com/jacopodl/dstar. Accessed 16 Sept 2021

  23. dhcpwn. https://github.com/mschwager/dhcpwn. Accessed 16 Sept 2021

  24. Yersinia multiattack network tool. https://sourceforge.net/projects/yersinia/.

  25. Hyenae. https://sourceforge.net/projects/hyenae/. Accessed 16 Sept 2021

  26. Ettercap. Ettercap. https://www.ettercap-project.org/. Accessed 20 Sept 2021

  27. ONOS Java API (2.0.0). http://api.onosproject.org/2.0.0/apidocs/. Accessed 16 Sept 2021

Download references

Acknowledgment

We confirm that the research is not funded by any organization.

Author information

Authors and Affiliations

  1. Department of Electrical and Computer Engineering, College of Engineering, Sultan Qaboos University, PO Box 33, 123, Al-Khoudh, Sultanate of Oman

    Manar Aldaoud, Dawood Al-Abri, Ahmed Al Maashri & Firdous Kausar

Authors
  1. Manar Aldaoud
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dawood Al-Abri
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ahmed Al Maashri
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Firdous Kausar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Manar Aldaoud.

Ethics declarations

Conflict of interest

The authors declare that they have no competing interests.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Aldaoud, M., Al-Abri, D., Al Maashri, A. et al. Detecting and mitigating DHCP attacks in OpenFlow-based SDN networks: a comprehensive approach. J Comput Virol Hack Tech 19, 597–614 (2023). https://doi.org/10.1007/s11416-023-00468-z

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11416-023-00468-z

Keywords

Search

Navigation