Self-Organized SDN Controller Cluster Conformations against DDoS Attacks Effects

Abstract

Software Defined Networks (SDN) provide a high simplification of the network management by decoupling the control plane from the data plane through the use of controllers. Distributed-Denial-of-Service (DDoS) attacks can make SDN controllers unavailable to process legitimate flow requests from switches. The main approaches to protect controllers against DDoS attacks are essentially based on the attack detection, that still yield high rates of false negatives and/or false positives, highlighting the importance of mitigating DDoS attacks. Existing mitigation techniques are fundamentally based on external and additional resources or on the network traffic analysis, increasing computational cost or being prone to high rates of false negatives and/or false positives. This work presents PATMOS, a novel Protocol for DDoS Attack miTigation in Multi-contrOller SDN networkS through controller's clustering. PATMOS procedures are organized in three phases. The first one exchanges control messages to identify overloaded controllers, eliminating the dependence on the network traffic analysis. The second phase elects the best performance level controller to coordinate the mitigation process. The third phase minimizes the DDoS attacks effects using operational controllers in the network, differently from the works that employ external resources. Simulations results show PATMOS reducing 52.39% of CPU usage rate, increasing 192.74 fold more the throughput and decreasing 2.5 fold less the latency of flow requests to a target controller.