Toward secure software-defined networks against distributed denial of service attack

The newly emerged software-defined networking (SDN) paradigm provides a flexible network management by decoupling the network control logic from the data plane, which could effectively resolve many security issues of legacy networks. One of such security issues is distributed denial of service (DDoS) attack, which is a rapidly growing network threat. This is usually performed on a target system to make an online service unavailable to the users. SDN can easily detect the DDoS attack due to the centralized control provisioning and network visibility. At the same time, the changes of fundamental architecture and the developments of various design entities pose a severe DDoS threat to the SDN platform. This paper presents a concise up-to-date review of security concerns of SDN, possible DDoS attack in individual layers of SDN and ongoing research efforts on SDN-enabled DDoS detection solutions. Based on the findings, an information distance-based flow discriminator framework has been discussed, which can discriminate the DDoS traffic during flash events, a similar looking legitimate traffic, in SDN environment. The information distance metric is used to describe the variations of traffic behavior of such events. The simulation results show that the information distance metric can effectively identify the DDoS traffic in comparison with other metrics with a higher detection rate. The proposed solution can detect the traffic at the edge switch so that the attack alert can be raised at the earliest.