Towards DDoS detection mechanisms in Software-Defined Networking

Software-Defined Networking (SDN) is widely considered as one of the next generation network architecture. However, SDN faces with a series of issues which restraint its development and application, where the security is one of the serious issues. The Distributed Denial of Service (DDoS) is such a devastating security problem. In this work, a comprehensive review of the DDoS detection mechanisms utilized in SDN is presented. DDoS attacks in SDN are classified into two types and five subtypes based on the features of DDoS and SDN. For each kind of DDoS, how the attackers can exploit the vulnerabilities of SDN to launch DDoS attacks is discussed. Subsequently, the DDoS detection mechanisms used in SDN are reviewed and categorized into five types and forty-six subtypes. These kinds of DDoS detection mechanisms are compared and analyzed, where we draw a conclusion that the machine learning-based DDoS detection mechanisms and threshold-based DDoS detection mechanisms are the two most popular technologies utilized to detect DDoS attacks in SDN. More importantly, for each kind of DDoS detection mechanism, the generational process, advantages, and disadvantages are discussed. Additionally, the open problems and future directions of DDoS detection in SDN are discussed. By presenting these review, discussion and analysis, we hope it can facilitate the understanding of DDoS detection in SDN.