Implementation of an SDN-based Security Defense Mechanism Against DDoS Attacks

Hsiao-Chung LIN, Ping WANG

Abstract


Although mobile devices and IoT devices with an SDN (Software Defined Networking) architecture for cloud appliances have improved the convenience of our daily lives, they also pose a threat to network attacks, including DDoS (distributed denial-of-service) attacks. Consequently, these attacks make their service unavailable to its intended users and cause the improper disclosure or sharing of information. Accordingly, this paper implements an SDN-based information security defense mechanism (ISDM) incorporating three OpenFlow management tools with sFlow standard for network intrusion detection system (NIDS), to perform anomaly detection, mitigation and reduce the loss caused by the DDoS attack. The experimental results proved that the SDN controller enables a defender to response to discover the security threats and develop mitigation strategies for DDoS attacks by using behavioural analysis with logs collecting from Openflow switches.

Keywords


Software-defined Networking, DDoS attack, NIDS, OpenFlow

Publication Date


2016-12-02 00:00:00


DOI
10.12783/dtem/iceme-ebm2016/4183

Refbacks

  • There are currently no refbacks.