Protection of the Control Plane from DDoS Attacks in Software-Defined Networks

Protection of the Control Plane from DDoS Attacks in Software-Defined Networks

연구 분야: Networking

학회: 2022 International Conference on Modern Network Technologies (MoNeTec)

In software-defined networks key network management functions are concentrated in the network operating system (or SDN controller) with a set of network applications, which is running on a dedicated server. Controller supports and monitors an actual global network view that includes the state of network devices. Based on global network view, controller is carrying out the logically centralized management of network devices and data flows in the network. In this paper we are considering the problem of controller instance protection from DDoS attacks in distributed control plane of software-defined networks. We propose a protection method based on monitoring and analyzing host behavior in the network. Method controls the dynamics of the malicious activity of infected hosts and changes in the network topology. The proposed method allows detecting a DDoS attack, suspending the attack and eliminating the consequences of the attack in the network. We have implemented the proposed method as an application for the RUNOS SDN/OpenFlow controller.