SMDMTS – Scalable Model to Detect and Mitigate Slow/Fast TCP-SYN Flood Attack in Software Defined Network

Abstract

Software Defined Network (SDN) is a new model of networking where data plane and controller plane operate separately. Flow table entries in data plane are pushed by controller plane centrally. Data plane has limited space to maintain number of flow table entries. To manage this limitation, each flow entry is associated with idle and hard timeout, so that unused flow entries may be flushed and create space for new entries. This way of managing flow table entries in environment generates opportunity for the attackers to consume available memory in the data plane and CPU usage of controller plane. TCP-SYN half open flood attack, may flood flow table with large number of flow entries in data plane which eventually affects the overall performance of based network infrastructure. In this paper, we have proposed Scalable Model to Detect and Mitigate slow/fast TCP-SYN flood in SDN (SMDMTS) model to detect and mitigate ongoing TCP-SYN flood attack utilizing the analogous traffic behavior. Proposed model is unique in functionality and does not put additional load on controller and data plane. SMDMTS has been tested under various scenarios and encouraging results have been obtained.