Mitigation of DDoS attack instigated by compromised switches on SDN controller by analyzing the flow rule request traffic

Software Defined Network (SDN) is a new network architecture which separates the data plane from the control plane. The SDN controller implements the control plane and switches implement the data plane. Many papers discuss about DDoS attacks on primary servers present in SDN and how they can be mitigated with the help of controller. In our paper we show how DDoS attack can be instigated on the SDN controller by manipulating the flow table entries of switches, such that they send continuous requests to the controller and exhaust its resources. This is a new, but one of the possible way in which a DDoS attack can be performed on controller. We show the vulnerability of SDN for this kind of attack. We further propose a solution for mitigating it, by running a DDoS Detection module which uses variation of flow entry request traffic from all switches in the network to identify compromised switches and blocks them completely.

[1]  G. Safko Defending against Denial of Service Attacks using a Modified Priority Queue: Bouncer , 2006, Proceedings of the IEEE SoutheastCon 2006.

[2]  Hossam S. Hassanein,et al.  Proactively defeating distributed denial of service attacks , 2003, CCECE 2003 - Canadian Conference on Electrical and Computer Engineering. Toward a Caring and Humane Technology (Cat. No.03CH37436).

[3]  Marc St-Hilaire,et al.  Early detection of DDoS attacks against SDN controllers , 2015, 2015 International Conference on Computing, Networking and Communications (ICNC).

[4]  Paul Goransson,et al.  Software Defined Networks: A Comprehensive Approach , 2014 .

[5]  Kornchawal Chaipah,et al.  A Security Analysis of a Hybrid Mechanism to Defend DDoS Attacks in SDN , 2016 .

[6]  MyungKeun Yoon Using whitelisting to mitigate DDoS attacks on critical Internet sites , 2010, IEEE Communications Magazine.