Mitigating Distributed-Denial of Service(DDoS) attacks in Software-Defined Networking (SDN)

Abstract

The programmable network has recently considerable under momentum for its emergence idea of the Software-Defined Networking paradigm. SDN capable to support of dynamic
nature for future networks intelligent and function applications with reducing operating cost through simplified software, hardware and management. In the SDN environment the network administrator of organization can built their own policy to manage the network. In starting while developing the SDN, security was not major concern. But due to increasing of DDoS attack year by year, the security requirements are increasing in order to secure SDN. The SDN challenges are performance, security, scalability and interoperability also several vulnerabilities exist. But researchers says DDoS attack itself has major impact over the network. A contradictory relationship exists between SDN and DDoS attacks, on one side it is easy to detect DDoS attacks in SDN but, on other side SDN itself becomes a victim of DDoS attacks and potential DDoS vulnerabilities. But according to researchers the good thing with SDN exists, it is a good tool to detect and react against DDoS attack. In this research work we are showing the DDoS attack growth rate, which is increasing year by year. The world largest DDoS attack happened on 5th march 2018 till now, which was around 1.7 Tbps DDoS attack. Then we are showing SDN architecture, DDoS attack in SDN environment, some available solutions etc. The main aim of our thesis is to mitigate DDoS attack in SDN environment. We used some techniques to detecting and mitigation of DDoS attack in SDN. For simulation of our work we used mininet tool, with created network scenario. We did the simulation of entropy method of DDoS attack detection, controller scheduling to mitigate DDoS attack with different-different scenario and observed the result. We also shown to make a security policy over the controller, so that we traffic will reach to the controller it will detect and react against the traffic. Further for the future directions we discussed on defeating DDoS attacks at application level or on building a tolerant system for DDoS attacks.