Analysis and Mitigation of DDoS Flooding Attacks in Software Defined Networks

Abstract

To analyze and evaluate the security of the latest network architectures like Software Defined Network (SDN) architectures is a significant step in protecting these against various security threats. The security of SDN assumes greater significance as this dynamic network paradigm, in addition to its great future potential, experiences various design complexities and common Open-flow shortcomings, such as the issues related to a centralized controller. There is no doubt that SDN has been perceived as a standout among the most common ideal models for the networks because of its property of isolation of control and information planes. However, various malicious activities have managed to affect the network performance. Distributed Denial of Service (DDoS) attack has been one of the most crucial issues as far as the dependability on the Internet is concerned. This attack makes the service of any host or hub connected to the network difficult due to a wide variety of its approaches by hampering the normal functioning of the network. The inherent simplicity of SDN makes it easily vulnerable to DDoS attacks. This paper presents the techniques to detect the presence of flooding DDoS attacks in SDN. Three types of techniques have been shown to be implemented for mitigation of these attacks in SDN. Besides, a comparison of the performance of traditional networks and SDN under this type of DDoS attack has been illustrated in terms of throughput and Round-Trip-Time. It has been shown through experimentation that performance of SDN’s degrades drastically as compared to that of traditional networks under DDoS attacks.