Abstract
Optical burst switching (OBS) network is a promising switching technology for building the next-generation of Internet backbone infrastructure. It works by assembling UDP packets and sending a burst header packet (BHP) in order to reserve the required network resources along the path before sending the corresponding data burst. If a source node (ingress) gets compromised by an attacker and floods the network with only BHPs to reserve resources without sending actual data, a denial of service attack can occur. In this paper, we propose and develop a new security model that can be embedded into an OBS core switch architecture to prevent BHP flooding attacks. The countermeasure security model allows the OBS core switch to classify the ingress nodes based on their behavior and the amount of reserved resources that are not being utilized. A malicious node that causes BHP flooding attack will be blocked by the developed model until the risk disappears. The security model is implemented, tested and verified using a modified NCTUns network simulator. The analysis conducted reveals that our proposed model is effective in countering BHP flooding attacks as well as in providing the network resources to the legitimate nodes.