FMD: A DoS mitigation scheme based on flow migration in software-defined networking

Software-defined networking (SDN) emerges as the next generation of networking architecture, aiming to improve the network manageability and adaptability. However, because of the centralized control policy, SDN is liable to suffering from the denial of service attack in both the data plane and the control plane. To resist the attack and prevent the network from being paralyzed, we propose a novel mitigation scheme named flow migration defense, which uses a slave controller as a substitution to endure flooding requests mitigated from the master controller. Considering the special case that the normal requests may be regarded as the malicious ones, these requests are reforwarded back to the master controller on the basis of the round-robin scheduling. To prevent the master controller from being flooded by the reforwarded requests, we design the adaptive rate adjustment method to adjust the reforwarding rate. Compared with multilevel feedback queue and FloodDefender, simulations demonstrate that flow migration defense can mitigate the SDN-aimed denial of service attack efficiently with a better performance in terms of request response time, packet loss rate, and mitigation time.