Collaborative Detection and Mitigation of Distributed Denial-of-Service Attacks on Software-Defined Network

This paper presents a collaborative technique to detect and mitigate Distributed Denial-of-Service (DDoS) flooding attacks on Software-Defined Network (SDN). This technique integrates sflow-RT application and Snort rules for the detection of DDoS traffic flows in an SDN controller. Redis Simple Message Queue (RSMQ) acts as a mechanism to share DDoS detection and mitigation rules among multiple Ryus SDN controllers. The rule-sharing allows a reduction of the controller’s overhead for processing DDoS detection and mitigation. The experimental results show that using the RSMQ mechanism can significantly detect and prevent DDoS attacks detection across multi-controller domains. It also provides early detection and mitigation of DDoS at lower controller overhead.