Applying NFV/SDN in mitigating DDoS attacks

Abstract

Distributed Denial of Service (DDoS) is a widely employed attacking scheme over network that interrupts services by creating network congestion, draining server resources, or disabling normal functions of network components. An attacker launches the DDoS attack from a large number of compromised while geographically distributed devices by sending low rate seemly legitimate traffic that disturbs server's service, or high rate large volume traffic that overwhelms victim's processing capacity. DDoS attack mitigating approaches that apply pre-established defending strategy, functionality or capacity, and guard at fixed locations are costly and not effective either. Network Function Virtualization (NFV) supports the flexibility in on-demand function instantiation and allocation, and recently finds its applications in handling DDoS attacks. This paper proposes a NFV and Software-Defined Networking (SDN) enabled DDoS mitigation framework. In the framework, network traffic is monitored and analyzed utilizing the SDN features of central control and global network view, and the detection of anomaly traffic will trigger the actions of corresponding countermeasure computation, defending resources virtualization, instantiation, deployment and interconnection. The paper presents an application example of the proposed framework in protecting an industrial control system, and shows its effectiveness in mitigating DDoS attacks in the control system.