Separating Monitoring from Control in SDN to Mitigate DDoS Attacks in Hybrid Clouds

Abstract

Background & Objective: Detecting and mitigating Distributed Denial of Service (DDoS) attacks is a serious problem. In addition, new features and network deployments such as Software- Defined Networking (SDN) may open the door for new threats that did not previously exist. : Recent publications and patent are reviewed to find new techniques developed for integrating different mechanisms to secure networks against DDoS. Methods: This work presents a simple model for integrating different mechanisms to secure both SDN and legacy network in a hybrid cloud environment, it is called FocusON. It aims at mitigating DDoS attacks of a victim network. In addition, separating network monitoring from its control aims at mitigating DDoS attacks of a victim network. Traffic pattern analysis is apart from attack detection mechanism that gives a conceptual representation of a specific kind of DDoS attacks. DDoS detection is a completely automated process. Once called, for the reaction, the active response will be taken against the real IP source of the attacker. : The communication time overhead was tested in order to evaluate the remote server response time in case of deploying our proposed model mechanisms and without our proposed model. : Here we introduce a response mechanism that consists of an analysis of event logs, traffic patterns, and IP traceback. The proposed model categorizes the underlying network according to the location into a victim network and the source of attack (public cloud). Results & Conclusion:: The proposed model implemented in a hybrid cloud environment using the network of SDN and legacy network. The experimental setup was built using our network lab connected to the Amazon public cloud.