Towards Crossfire Distributed Denial of Service Attack Protection Using Intent-Based Moving Target Defense Over Software-Defined Networking

Crossfire is an indirect target area link-flooding Distributed Denial of Service (DDoS) attack determined to affect the neighbors of the real target. Currently, Crossfire DDoS attacks are acquiring impetus because of their indistinguishability and undetectability. SDN (Software Defined Networking) is a progressing technique because of its adaptability and programmability. Moving Target Defense (MTD) is an arising security strategy to counter attacks by progressively changing the attacked plane. IBN (Intent-based Networking) is another promising methodology for providing dynamic network management. IBN-based MTD can provide efficient MTD solutions because of the concentrated control and observing capacities of the intents when translated into rules inside the SDN control plane. In this paper, a framework for the security of Crossfire DDoS attacks is proposed by making use of Intent-based Traffic modifications through the Open Networking Operating System (ONOS) Rest API and Domain Name System (DNS) port redirection. In this paper, we exploited Intent-based MTD to divert traffic from the principal host to virtual shadow hosts to counter this attack. Traffic redirection helps in masquerading the attacker headed for shadow host and consequently getting the erroneous path towards the network and, hence, the Crossfire attack couldn't be executed as expected. The proposed technique is simulated using Mininet and ONOS SDN controllers. The outcomes showed traffic is successfully redirected at a low computational expense. Therefore, Crossfire DDoS is efficiently mitigated as promising results are found.