DoS attack mitigation using rule based and anomaly based techniques in software defined networking

Abstract

Software Defined Networking (SDN) is new technology over the traditional networks. With the new framework design of SDN, security is a big challenge. Number of attacks can be possible in data plane and control plane in SDN. One of the preliminary attacks in SDN is Denial-of-Service (DoS) attack. Providing security to control plane using traditional intrusion detection system (IDS) to mitigate DoS attack is a challenge. DoS attack in SDN affects performance and behavior of network. Legitimate hosts are not able to communicate with server after creation of DoS attack. This paper aims to detect and mitigates DoS attack in SDN. For detection and mitigation of DoS attack we used two techniques-1) Rule based approach using Snort tool 2) Anomaly based approach using BRO tool. For DoS attack creation we employ Hping3 and Low Orbit Ion Cannon (LOIC) tools. We evaluate the performance of technique using parameters like packet loss, average time and round-trip time. Further work can be extended by reducing false positives and false negatives in IDS. False positives are false alarms generated on normal traffic. Which may help to improve the performance IDS.