Abstract

This study aims to develop solutions for detecting and mitigating DDoS attacks in a software defined network environment. It deals with topics such as the basic principles and vulnerabilities of SDN through a background study. It also discusses which DDoS type of attack is most vulnerable to and which SDN architecture is most vulnerable to. Based on this, this study reviews the literature on SDN DDoS solution techniques to identify and discuss their limitations. These include machine learning and statistical- and rule-based mitigation techniques. The methodology describes a rule-based mitigation approach using a static threshold value in the SDN system configuration and discusses the legal and ethical issues associated with it. Testing was also conducted to ensure that mitigation techniques were well implemented in the SDN environments. The study also discusses the limitations of the proposed techniques, as well as their future scope. Overall, this study contributes to the understanding of the SDN concept and the effectiveness of the proposed rule-based DDoS mitigation approaches against attacks based on their vulnerabilities.

Keywords: Software defined network, SYN flag DDoS, rule-based approach, static threshold, POX controller

6.1 Introduction

In the past, ...