IQR-based approach for DDoS detection and mitigation in SDN

作     者：Rochak Swami Mayank Dave Virender Ranga Rochak Swami;Mayank Dave;Virender Ranga

作者机构：Department of Computer EngineeringNational Institute of TechnologyKurukshetraIndia Department of Information TechnologyDelhi Technological UniversityDelhiIndia 

出 版 物：《Defence Technology（防务技术）》 (Defence Technology)

年 卷 期：2023年第25卷第7期

页      面：76-87页

核心收录：

学科分类：0301[法学-法学] 08[工学] 0839[工学-网络空间安全] 0811[工学-控制科学与工程] 0701[理学-数学] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

主　　题：SDN DdoS IQR Controller CPU utilization Packet_in 

摘      要：Software-defined networking(SDN) is a trending networking paradigm that focuses on decoupling of the control logic from the data plane. This decoupling brings programmability and flexibility for the network management by introducing centralized infrastructure. The complete control logic resides in the controller, and thus it becomes the intellectual and most important entity of the SDN infrastructure. With these advantages, SDN faces several security issues in various SDN layers that may prevent the growth and global adoption of this groundbreaking technology. Control plane exhaustion and switch buffer overflow are examples of such security issues. Distributed denial-of-service(DDoS) attacks are one of the most severe attacks that aim to exhaust the controller’s CPU to discontinue the whole functioning of the SDN network. Hence, it is necessary to design a quick as well as accurate detection scheme to detect the attack traffic at an early stage. In this paper, we present a defense solution to detect and mitigate spoofed flooding DDoS attacks. The proposed defense solution is implemented in the SDN controller. The detection method is based on the idea of an statistical measure — Interquartile Range(IQR). For the mitigation purpose, the existing SDN-in-built capabilities are utilized. In this work, the experiments are performed considering the spoofed SYN flooding attack. The proposed solution is evaluated using different performance parameters, i.e., detection time, detection accuracy, packet_in messages, and CPU utilization. The experimental results reveal that the proposed defense solution detects and mitigates the attack effectively in different attack scenarios.