Impact Analysis and Features for DDOS Attacks Detection in SDN

Abstract

The goal of Distributed Denial of Service (DDOS) attacks is to make the network resources of its victim inaccessible and ultimately unusable. DDOS attacks in Software Defined Networks (SDN) are growing in strength and sophistication trying to exploit the programmability and centralized control features in the SDN Architecture among its other advantages. SDN can be viewed as a single point of failure by the attackers to carry out their malicious activities due to the centralized control nature of the SDN which was achieved by separating the Control plane from the Data plane. However, it also facilitates network monitoring, management and also anomalies detection which could be used by data centers, IT Facilities and businesses to deploy a robust, cost-effective and more secure network. Hence, SDN has gained wide attention from researchers, academia and businesses. In this study, behavioral analysis of DDOS attacks in SDN is conducted to show how the various forms of DDOs attacks affect the SDN layers as well as ascertain features that could aid in its detection. This was achieved by launching various forms of traditional DDOS attacks on the SDN environment, monitoring and collecting the network flow and port statistics. The collected statistics were used to analyze trends of the attacks in SDN, and some of the network parameters that were evident during attacks were shown. A similar pattern of behavior was also seen among all the DDOS attacks and hence has similar features that could be used to design various techniques of detection for SDN.