research problem is “how to mitigate SDN
aimed DDOS attacks in Open flow network.”
There exists some
solutions to detect and mitigate the DDOS attacks under SDN but they have limitation.
Currently there is no solution exists which
can effectively detect and mitigate the DDOS attacks under SDN. The solution
that exist are mainly for the legacy networks. (There
exists solutions but have limitations, reframe the sentence accordingly)
In open flow
networks, the controller in the control plan commands the actions of the whole
network by installing flow rules on the data plane. In SDN, switches do not
process incoming packets. After
receiving incoming packets, an Open Flow switch processes them based on the
flow rules in its flow table. The switches looks for
a match of the incoming packet in their flow tables and if there is none, packet_in corresponding it will be sent to the
controller for processing. The controller is the manager (use some other word or reframe the sentence)
of the SDN. The controller decides how to process the new packets and decides
whether the packet will be forwarded by the switch or it will be dropped. SDN
using this procedure separates the control plane and the data plane. SDN builds
up the network by creating it programmable. It delivers global controlling that
decreases the cost of implementation.
the security perspective, SDN provides the central vision of total network that
helps to implement rules easily. The strength of SDN, its central management
may become its weakness in worst case. If the connection between the switches
and the controller is broken, the network will not be able to process the
packet. By losing the controller, the SDN architecture is lost.
are various attacks that can be carried out by hackers to disturb(check the word may be it is disturb)
the SDN architectures. The DDOS attack is one of the attacks. It can cause the the controller to be unreachable. In DDoS attacks, a
large number of packets are sent to a host or a group of hosts in a network by
forging some or all fields of each packet, by this approach, it is hard to
match any existing flow rules in a switch.
the victim switch will not find a match
, It has to forward the packet to the
controller. The controller gets overwhelmed with these bogus packets, and it gets slow down or jammed the services of
the legitimate users.
DDOS attack also jam the bandwidth between the controller and a switch by
generating large number of switch flow table miss packets.
also overloads a switch’s flow tables
by installing unusable rules and consumes computational resources by processing
packet in messages.
whole system degrades when the memory of the switch is exhausted due to
processing of bogus packets
various attack point in SDN are as mentioned by dayal et al.
interface (open flow protocol)
bound –east bound interface.
focus of work would be on the control plane under open flow specifications.
main techniques for
attack detection are bawany.
and Open flow Integrated
A suitable approach from the above techniques would
be used for the attack detection purpose.
SDN based framework would be implemented with open flow specifications.
of Some traffic Generations tools to generate legitimate and illegimate
Conclusion and Scope for further future
In present work, a number of objectives
that have been set to accomplish the principal aim are as follows:
To propose a
technique to detect the legitimate and illegitimate packets related to the DDOS attack in SDN.
The technique will be
effective to understand the false positive and false negative cases.
To develop a technique to mitigate the attacks.
4. The technique will be able to prevent DDOS attacks from within
the network as well as from outside the
The technique will be
implemented within the SDN Architecture with less deployment cost.