Impact Analysis and Features for DDOS Attacks Detection in SDN

Abstract

The goal of Distributed Denial of Service
(DDOS) attacks is to make the network
resources of its victim inaccessible and
ultimately unusable. DDOS attacks in
Software Defined Networks (SDN) are
growing in strength and sophistication trying
to exploit the programmability and
centralized control features in the SDN
Architecture among its other advantages.
SDN can be viewed as a single point of failure
by the attackers to carry out their malicious
activities due to the centralized control nature
of the SDN which was achieved by separating
the Control plane from the Data plane.
However, it also facilitates network
monitoring, management and also anomalies
detection which could be used by data
centers, IT Facilities and businesses to deploy
a robust, cost-effective and more secure
network. Hence, SDN has gained wide
attention from researchers, academia and
businesses.
In this study, behavioral analysis of DDOS
attacks in SDN is conducted to show how the
various forms of DDOs attacks affect the SDN
layers as well as ascertain features that could
aid in its detection. This was achieved by
launching various forms of traditional DDOS
attacks on the SDN environment, monitoring
and collecting the network flow and port
statistics. The collected statistics were used to
analyze trends of the attacks in SDN, and
some of the network parameters that were
evident during attacks were shown. A similar
pattern of behavior was also seen among all
the DDOS attacks and hence has similar
features that could be used to design various
techniques of detection for SDN.