Syn flooding attack detection and mitigation in SDN

Abstract

Software-defined networking separates network architecture into logical control layer and data forwarding layer with the aim of providing high flexibility, agility, and security. Although it manages the whole network from the controller with the ease of programmability, many security issues still exist in SDN architecture. Attacker's target can be at the various layers of SDN by DDoS attack. Defining threshold in detection and mitigation of the attack is one of the most important issues. Existing researches emphasize the detection of DDoS attack with various mechanisms in SDN infrastructure. This paper provides a simple mechanism for both detection and mitigation of common type of DDoS attack, SYN flooding attack via sFlow analyzer with dynamic threshold calculated by using adaptive threshold algorithm. It uses own generated network traffic consisting both normal and attack traffic and shows that how the calculated dynamic threshold adapts the incoming traffic. It also evaluates the performance of the detection and mitigation mechanism by detection rate, false alarm rate, false negative rate, and accuracy in order to prove our proposed systemcan timely detect and reasonably mitigate DDoS attack.