DeMi: A Solution to Detect and Mitigate DoS Attacks in SDN

Software-defined networking (SDN) is becoming more and more popular due to its key features of scalability and flexibility, simplifying network management and enabling innovations in the network architecture and protocols. In SDNs, the most crucial part is the controller, tasked with managing the entire network and configuring routes. Given its critical role, a failure or problem occurring at the controller may degrade and even collapse the entire SDN. A typical threat controllers are subject to is a Denial of Service (DoS) attack. To cope with the above-introduced threat, in this paper we propose a lightweight DoS attack detection and mitigation method (DeMi) as well as a heavy-load management module. The proposed solution for detection leverages a sample entropy approach coupled with an adaptive dynamic threshold considering an exponentially weighted moving average (EWMA); the mitigation approach is based on proof of work (PoW) combined with flow rule installations; and, the heavy-load management method implements a scheduling approach at the SDN controller. Results are staggering: for instance, when DeMi is deployed, in an attack scenario the number of exchanged control packets is roughly similar to the attack-free scenario-without DeMi, the number of control packets in the network is 2,7 times more than what experienced in an attack-free setting. As per the number of re-transmitted packets, again, DeMi is able to achieve a re-transmission rate similar to an attack-free scenario-without DeMi the of packets that need to be re-transmitted is roughly 3,7 times the number of packets re-transmission occurring in an attack-free scenario. Moreover, DeMi does not block legitimate traffic, contrary to other solutions in the literature. The novelty of the approach, the demonstrated complete end-to-end solution, and the quality of the achieved experimental results, other than being interesting on their own, do pave the way for further research in this field.