{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,2]],"date-time":"2026-04-02T15:59:15Z","timestamp":1775145555175,"version":"3.50.1"},"reference-count":45,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2023,2,23]],"date-time":"2023-02-23T00:00:00Z","timestamp":1677110400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"NSF","award":["CNS-2007153, CNS-2008468"],"award-info":[{"award-number":["CNS-2007153, CNS-2008468"]}]},{"name":"Commonwealth Cyber Initiative"},{"name":"Google Faculty Research Award"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Internet Technol."],"published-print":{"date-parts":[[2023,2,28]]},"abstract":"<jats:p>\n            Distributed denial of service (DDoS) attacks have been prevalent on the Internet for decades. Albeit various defenses, they keep growing in size, frequency, and duration. The new network paradigm, Software-defined networking (SDN), is also vulnerable to DDoS attacks. SDN uses logically centralized control, bringing the advantages in maintaining a global network view and simplifying programmability. When attacks happen, the control path between the switches and their associated controllers may become congested due to their limited capacity. However, the data plane visibility of SDN provides new opportunities to defend against DDoS attacks in the cloud computing environment. To this end, we conduct measurements to evaluate the throughput of the software control agents on some of the hardware switches when they are under attacks. Then, we design a new mechanism, called\n            <jats:italic>Scotch<\/jats:italic>\n            , to enable the network to scale up its capability and handle the DDoS attack traffic. In our design, the congestion works as an indicator to trigger the mitigation mechanism.\n            <jats:italic>Scotch<\/jats:italic>\n            elastically scales up the control plane capacity by using an Open vSwitch-based overlay.\n            <jats:italic>Scotch<\/jats:italic>\n            takes advantage of both the high control plane capacity of a large number of vSwitches and the high data plane capacity of commodity physical switches to increase the SDN network scalability and resiliency under abnormal (e.g., DDoS attacks) traffic surges. We have implemented a prototype and experimentally evaluated\n            <jats:italic>Scotch<\/jats:italic>\n            . Our experiments in the small-scale lab environment and large-scale GENI testbed demonstrate that\n            <jats:italic>Scotch<\/jats:italic>\n            can elastically scale up the control channel bandwidth upon attacks.\n          <\/jats:p>","DOI":"10.1145\/3559759","type":"journal-article","created":{"date-parts":[[2022,9,2]],"date-time":"2022-09-02T11:19:28Z","timestamp":1662117568000},"page":"1-25","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["Elastically Augmenting the Control-path Throughput in SDN to Deal with Internet DDoS Attacks"],"prefix":"10.1145","volume":"23","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9040-9237","authenticated-orcid":false,"given":"Yuanjun","family":"Dai","sequence":"first","affiliation":[{"name":"Case Western Reserve University, Cleveland, OH, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1701-9176","authenticated-orcid":false,"given":"An","family":"Wang","sequence":"additional","affiliation":[{"name":"Case Western Reserve University, Cleveland, OH, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3245-3069","authenticated-orcid":false,"given":"Yang","family":"Guo","sequence":"additional","affiliation":[{"name":"National Institute of Standards and Technology, Gaithersburg, MD, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4650-7125","authenticated-orcid":false,"given":"Songqing","family":"Chen","sequence":"additional","affiliation":[{"name":"George Mason University, Fairfax, VA, USA"}]}],"member":"320","published-online":{"date-parts":[[2023,2,23]]},"reference":[{"key":"e_1_3_2_2_2","unstructured":"Kupreev Oleg. 2021. DDoS Attacks in Q1 2020 | Securelist. Retrieved from https:\/\/securelist.com\/ddos-attacks-in-q1-2020\/96837\/."},{"key":"e_1_3_2_3_2","volume-title":"NSDI","author":"Ballani H.","year":"2009","unstructured":"H. Ballani, P. Francis, T. Cao, and J. Wang. 2009. Making routers last longer with ViAggre. In NSDI."},{"key":"e_1_3_2_4_2","volume-title":"IMC","author":"Benson T.","year":"2010","unstructured":"T. Benson, A. Akella, and D. Maltz. 2010. Network traffic characteristics of data centers in the wild. In IMC."},{"key":"e_1_3_2_5_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.bjp.2013.12.037"},{"key":"e_1_3_2_6_2","volume-title":"Technical Report TR11-07","author":"Cai Zheng","year":"2011","unstructured":"Zheng Cai, Alan L. Cox, and T. S. Eugene Ng. 2011. Maestro: Balancing Fairness, Latency and Throughput in the OpenFlow Control Plane. Technical Report TR11-07. Rice University."},{"key":"e_1_3_2_7_2","volume-title":"ACM SIGCOMM","author":"Casado M.","year":"2007","unstructured":"M. Casado, M. J. Freedman, and S. Shenker. 2007. Ethane: Taking control of the enterprise. In ACM SIGCOMM."},{"key":"e_1_3_2_8_2","volume-title":"CHANGE & OFELIA Summer school","author":"Catalli Gaetano","year":"2011","unstructured":"Gaetano Catalli. 2011. Open vSwitch: Performance improvement and porting to FreeBSD. In CHANGE & OFELIA Summer school. https:\/\/tinyurl.com\/mr47dnmw."},{"key":"e_1_3_2_9_2","unstructured":"Ryu. 2020. Ryu: Component-based Software Defined Networking Framework. Retrieved from http:\/\/osrg.github.io\/ryu\/."},{"key":"e_1_3_2_10_2","unstructured":"Proc. of SIGCOMM 2011 DevoFlow: Scaling flow management for high-performance networks"},{"key":"e_1_3_2_11_2","doi-asserted-by":"crossref","unstructured":"Vitalii Demianiuk Sergey Gorinsky Sergey I. Nikolenko and Kirill Kogan. 2020. Robust distributed monitoring of traffic flows. IEEE\/ACM Transactions on Networking 29 1 (2020) 275\u2013288.","DOI":"10.1109\/TNET.2020.3034890"},{"key":"e_1_3_2_12_2","volume-title":"NDSS","author":"Dhawan Mohan","year":"2015","unstructured":"Mohan Dhawan, Rishabh Poddar, Kshiteej Mahajan, and Vijay Mann. 2015. SPHINX: Detecting security attacks in software-defined networks. In NDSS."},{"key":"e_1_3_2_13_2","volume-title":"HotSDN","author":"Dixit A.","year":"2013","unstructured":"A. Dixit, F. Hao, S. Mukherjee, T. V. Lakshman, and R. Kompella. 2013. Towards an elastic distributed SDN controller. In HotSDN."},{"key":"e_1_3_2_14_2","unstructured":"Intel. 2016. Packet Processing - Intel DPDK vSwitch - OVS. Retrieved from https:\/\/01.org\/packet-processing\/intel-ovdk."},{"key":"e_1_3_2_15_2","volume-title":"HotSDN","author":"Erickson David","year":"2013","unstructured":"David Erickson. 2013. The Beacon OpenFlow controller. In HotSDN. ACM."},{"key":"e_1_3_2_16_2","volume-title":"SIGCOMM","author":"Ferguson Andrew D.","year":"2013","unstructured":"Andrew D. Ferguson, Arjun Guha, Chen Liang, Rodrigo Fonseca, and Shriram Krishnamurthi. 2013. Participatory networking: An API for application control of SDNs. In SIGCOMM."},{"key":"e_1_3_2_17_2","unstructured":"Floodlight. 2018. Floodlight. Retrieved from http:\/\/floodlight.openflowhub.org."},{"key":"e_1_3_2_18_2","unstructured":"Open Networking Foundation. 2012. OpenFlow switch specification (version 1.3.0). (June2012). https:\/\/opennetworking.org\/wp-content\/uploads\/2014\/10\/openflow-spec-v1.3.0.pdf."},{"key":"e_1_3_2_19_2","volume-title":"SIGCOMM CCR","author":"Gude N.","year":"2008","unstructured":"N. Gude, T. Koponen, J. Pettit, B. Pfaff, M. Casado, N. McKeown, and S. Shenker. 2008. NOX: Towards an operating system for networks. In SIGCOMM CCR."},{"key":"e_1_3_2_20_2","volume-title":"NDSS","author":"Hong Sungmin","year":"2015","unstructured":"Sungmin Hong, Lei Xu, Haopei Wang, and Guofei Gu. 2015. Poisoning network visibility in software-defined networks: New attacks and countermeasures. In NDSS."},{"key":"e_1_3_2_21_2","unstructured":"Kali Linux. 2005. hping3. Retrieved from http:\/\/linux.die.net\/man\/8\/hping3."},{"key":"e_1_3_2_22_2","volume-title":"HotSDN","author":"Huang Danny Yuxing","year":"2013","unstructured":"Danny Yuxing Huang, Kenneth Yocum, and Alex C. Snoeren. 2013. High-fidelity switch models for software-defined network emulation. In HotSDN."},{"key":"e_1_3_2_23_2","volume-title":"ACM CoNEXT","author":"Jin Xin","year":"2013","unstructured":"Xin Jin, Li Erran Li, Laurent Vanbever, and Jennifer Rexford. 2013. SoftCell: Scalable and flexible cellular core network architecture. In ACM CoNEXT."},{"key":"e_1_3_2_24_2","volume-title":"SIGCOMM","author":"Kim Changhoon","year":"2008","unstructured":"Changhoon Kim, Matthew Caesar, and Jennifer Rexford. 2008. Floodless in SEATTLE: A scalable Ethernet architecture for large enterprises. In SIGCOMM."},{"key":"e_1_3_2_25_2","volume-title":"OSDI","author":"Koponen T.","year":"2010","unstructured":"T. Koponen et\u00a0al. 2010. Onix: A distributed control platform for large-scale production networks. In OSDI."},{"key":"e_1_3_2_26_2","unstructured":"Krishna Krishna Puttaswamy Naga Fang Hao and T. V. Lakshman. 812383-US-NP. Securing Software Defined Networks VIA Flow Deflection."},{"key":"e_1_3_2_27_2","doi-asserted-by":"crossref","unstructured":"Guanyu Li Menghao Zhang Shicheng Wang Chang Liu Mingwei Xu Ang Chen Hongxin Hu Guofei Gu Qi Li and Jianping Wu. 2021. Enabling performant flexible and cost-efficient DDoS defense with programmable switches. IEEE\/ACM Transactions on Networking 29 4 (2021) 1509\u20131526.","DOI":"10.1109\/TNET.2021.3062621"},{"key":"e_1_3_2_28_2","volume-title":"Proceedings of the 1st ACM Workshop on Research on Enterprise Networking","author":"Nayak Ankur Kumar","year":"2009","unstructured":"Ankur Kumar Nayak, Alex Reimers, Nick Feamster, and Russ Clark. 2009. Resonance: Dynamic access control for enterprise networks. In Proceedings of the 1st ACM Workshop on Research on Enterprise Networking."},{"key":"e_1_3_2_29_2","first-page":"117","volume-title":"NSDI","author":"Pfaff Ben","year":"2015","unstructured":"Ben Pfaff, Justin Pettit, Teemu Koponen, Ethan Jackson, Andy Zhou, Jarno Rajahalme, Jesse Gross, Alex Wang, Joe Stringer, Pravin Shelar, et\u00a0al. 2015. The design and implementation of open vSwitch. In NSDI. 117\u2013130."},{"key":"e_1_3_2_30_2","unstructured":"pica8. [n. d.]. Personal Communication with Pica8. http:\/\/www.pica8.com\/."},{"key":"e_1_3_2_31_2","unstructured":"Pica8: Open Networks for Software-Defined Networking. 2012. Pica8: Open Networks for Software-Defined Networking. Retrieved from http:\/\/www.pica8.com\/."},{"key":"e_1_3_2_32_2","unstructured":"pkttrace. [n. d.]. Packet Trace at a Switch in a Data-center. Retrieved from http:\/\/pages.cs.wisc.edu\/tbenson\/IMC10_Data.html."},{"key":"e_1_3_2_33_2","volume-title":"ICC","author":"Ray Saikat","year":"2007","unstructured":"Saikat Ray, Roch Guerin, and Rute Sofia. 2007. A distributed hash table based address resolution scheme for large-scale Ethernet networks. In ICC."},{"key":"e_1_3_2_34_2","unstructured":"Ori Rottenstreich Ariel Kulik Ananya Joshi Jennifer Rexford G\u00e1bor R\u00e9tv\u00e1ri and Daniel S. Menasch\u00e9. 2021. Data plane cooperative caching with dependencies. IEEE Transactions on Network and Service Management (2021)."},{"key":"e_1_3_2_35_2","volume-title":"IEEE INFOCOM","author":"Shang Gao","year":"2017","unstructured":"Gao Shang, Peng Zhe, Xiao Bin, Hu Aiqun, and Ren Kui. 2017. FloodDefender: Protecting data and control plane resources under SDN-aimed DoS attacks. In IEEE INFOCOM. IEEE."},{"key":"e_1_3_2_36_2","volume-title":"NDSS","author":"Shin Seugwon","year":"2013","unstructured":"Seugwon Shin, Phillip Porras, Vinod Yegneswaran, Martin Fong, Guofei Gu, and Mabry Tyson. 2013. FRESCO: Modular composable security services for software-defined networks. In NDSS."},{"key":"e_1_3_2_37_2","volume-title":"CCS","author":"Shin Seungwon","year":"2013","unstructured":"Seungwon Shin, Vinod Yegneswaran, Phil Porras, and Guofei Gu. 2013. AVANT-GUARD: Scalable and vigilant switch flow management in software-defined networks. In CCS."},{"key":"e_1_3_2_38_2","unstructured":"Tcpreplay. 2022. Tcpreplay. Retrieved from http:\/\/tcpreplay.synfin.net\/."},{"key":"e_1_3_2_39_2","volume-title":"HotICE","author":"Tootoonchian A.","year":"2012","unstructured":"A. Tootoonchian, S. Gorbunov, Y. Ganjali, M. Casado, and R. Sherwood. 2012. On controller performance in software-defined networks. In HotICE. 1\u20131."},{"key":"e_1_3_2_40_2","volume-title":"ACM SIGCOMM","author":"Tu William","year":"2021","unstructured":"William Tu, Yi-Hung Wei, Gianni Antichi, and Ben Pfaff. 2021. revisiting the open vSwitch dataplane ten years later. In ACM SIGCOMM."},{"key":"e_1_3_2_41_2","unstructured":"networkheresy. 2012. The Overhead of Software Tunneling. Retrieved from http:\/\/networkheresy.com\/2012\/06\/08\/the-overhead-of-software-tunneling\/."},{"key":"e_1_3_2_42_2","volume-title":"Hot Topics","author":"Xing Jiarong","year":"2019","unstructured":"Jiarong Xing, Wenqing Wu, and Ang Chen. 2019. Architecting programmable data plane defenses into the network with fastflex. In Hot Topics."},{"key":"e_1_3_2_43_2","volume-title":"IEEE INFOCOM","author":"Xu Yang","year":"2016","unstructured":"Yang Xu and Yong Liu. 2016. DDoS attack detection under SDN context. In IEEE INFOCOM. IEEE."},{"key":"e_1_3_2_44_2","volume-title":"IEEE J. Select. Areas Commun","author":"Chu Yang-hua","year":"2002","unstructured":"Yang-hua Chu, Sanjay Rao, Srinivasan Seshan, and Hui Zhang. 2002. A case for end system multicast. In IEEE J. Select. Areas Commun, Vol. 20, 1456\u20131471."},{"key":"e_1_3_2_45_2","unstructured":"Liangcheng Yu John Sonchack and Vincent Liu. 2020. Mantis: Reactive programmable switches. In SIGCOMM."},{"key":"e_1_3_2_46_2","volume-title":"SIGCOMM","author":"Yu Minlan","year":"2010","unstructured":"Minlan Yu, Jennifer Rexford, Michael J. Freedman, and Jia Wang. 2010. Scalable flow-based networking with DIFANE. In SIGCOMM."}],"container-title":["ACM Transactions on Internet Technology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3559759","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3559759","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T18:07:57Z","timestamp":1750183677000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3559759"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,2,23]]},"references-count":45,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2023,2,28]]}},"alternative-id":["10.1145\/3559759"],"URL":"https:\/\/doi.org\/10.1145\/3559759","relation":{},"ISSN":["1533-5399","1557-6051"],"issn-type":[{"value":"1533-5399","type":"print"},{"value":"1557-6051","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,2,23]]},"assertion":[{"value":"2021-02-17","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2022-08-08","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2023-02-23","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}