Detection and mitigation of DDoS attacks in SDN: A comprehensive review, research challenges and future directions

Abstract

Many security solutions have been proposed in the past to protect Internet architecture from a diversity of malware. However, the security of the Internet and its applications is still an open research challenge. Researchers continuously working on novel network architectures such as HTTP as the narrow waist, Named Data Networking (NDN), programmable networks and Software-Defined Networking (SDN) for designing a more reliable network. Among these, SDN has emerged as a more robust and secure solution to combat against such malicious activities. In SDN, bifurcation of control plane and data plane provides more manageability, control, dynamic updating of rules, analysis, and global view of the network using a centralized controller. Though SDN seems a secured network architecture as compared to the conventional IP-based networks, still, SDN itself is vulnerable to many types of network intrusions and facing severe deployment challenges. This paper systematically reviews around 70 prominent DDoS detection and mitigation mechanisms in SDN networks. These mechanisms are characterized into four categories, viz: Information theory-based methods, Machine learning-based methods, Artificial Neural Networks (ANN) based methods and other miscellaneous methods. The paper also dowries and deliberates on various open research issues, gaps and challenges in the deployment of a secure SDN-based DDoS defence solution. Such an exhaustive review will surely help the researcher community to provide more robust and reliable DDoS solutions in SDN networks.