Detection and Mitigation of ICMP-based DDoS in Software Defined Networks

ICMP-based distributed denial of service (DDoS) attacks significantly impact the reliability and security of software-defined networks (SDN). Our research focuses on efficiently distinguishing between regular and malicious ICMP network traffic in SDN through a two-level detection system. The first layer employs a dynamic threshold-based model, while the second layer utilizes Hoeffding trees. Furthermore, we propose a mitigation paradigm that integrates dynamic blacklisting with blackhole routing, effectively addressing current risks and enhancing network resilience against future attacks. Extensive simulations demonstrate performance improvements, with accuracy increasing from 89% to 96%-an 7% rise over the simulation period. Additionally, false negatives and false positives were reduced by 49% and 36%, respectively. Our approach improves the detection and response to ICMP-based DDoS attacks and outperforms traditional methods, marking a significant advancement in SDN security and the management of complex cyber threats.