Abstract
In this paper, we propose a secured OpenFlow-based switch architecture. The architecture is a combination of OpenFlow Processing that routes packets according to the OpenFlow protocol and Security Processing that defends against network attacks. Therefore, the proposed switch can work not only as a OpenFlow-based forwarding device but also as a network protection system. We implement our prototype switch on a Xilinx Virtex 5 xc5vtx240t FPGA device. In this prototype version, we integrate two different DDoS countermeasure techniques, the Hop-Count filtering and Port Ingress/Egress filtering. The experimental results show that the switch achieves packet processing throughput by up to 19.7 Gbps while a 100% DDoS detection rate with up to a 2.9% false positive rate and a 0% false negative rate is obtained. Our prototype system uses up to 36% Look-Up Tables, 38% Registers, and 62% Block RAM of the FPGA device.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
