SRL: An TCP SYNFLOOD DDoS Mitigation Approach in Software-Defined Networks

Abstract

Software Defined Networking (SDN) introduces a new idea of “Programmable Network” which in turn provides flexibility, simplicity, and speeds up the implementation. The core idea behind SDN architecture is the separation of the control plane from the data plane. By separating these planes, the controller gets a total view of the network while the packet forwarding decisions are pushed down to switches. Thus the controller abstracts the complexity of the network. Unfortunately, this functionality of SDN also makes it as a target of one of the most popular type of DDoS attack known as TCP SYN Flood Attack. TCP SYN Flood attack is generally carried out to degrade the server resources. Considering this attack in SDN it makes the controller as a single point of failure by making the switch to forward the packet towards the controller and depleting the controller resources. In Addition, it also causes data plane saturation attack. To address this challenge, in this paper we propose SRL a competent and streamlined framework for mitigating TCP SYN Flood attack. SRL is implemented in the controller. It uses two modules Hashing module and flow aggregator module to overcome this attack. We implemented SRL in Floodlight controller under various attacking and normal traffic scenario. Results show that SRL acquaints only minor impact in SDN controller operations.