论文信息 - Time-based DDoS detection and mitigation for SDN controller

Time-based DDoS detection and mitigation for SDN controller

A Software Defined Network (SDN) is a new paradigm in network management that separates control plane and data plane. A control plane has an important role in managing the whole networks. Since SDN introduces control plane as the manager of the network, it also introduces the single point of failure. When SDN controller is unreachable by the network devices, the whole networks will collapse. One of the attack methods that can make SDN controller unreachable is DDoS attack. This paper reports our initial step of our research to develop the method for DDoS attack detection and mitigation for SDN controller. The method considers the time duration of DDoS attack detection and attacks time pattern of DDoS attack to prevent the future attack. In this paper, we present the potential vulnerabilities in SDN controller that can be exploited for DDoS attack and discuss the methods to detect and mitigate DDoS attack.

[1] Marc St-Hilaire,et al. Early detection of DDoS attacks against SDN controllers , 2015, 2015 International Conference on Computing, Networking and Communications (ICNC).

[2] Rodrigo Braga,et al. Lightweight DDoS flooding attack detection using NOX/OpenFlow , 2010, IEEE Local Computer Network Conference.

[3] Deokjai Choi,et al. Utilizing OpenFlow and sFlow to Detect and Mitigate SYN Flooding Attack , 2014 .

[4] A. Neeraja,et al. Licensed under Creative Commons Attribution Cc by Improving Network Management with Software Defined Networking , 2022 .