Novel Firewall Application for Mitigating Flooding Attacks on an SDN Network

Abstract

A software-defined network (SDN) is an emerging network technology that can augment the data plane with a control plane using programming techniques. However, there are certain security challenges that must be addressed to achieve secure communication. Flooding attacks have been one of the most common threats on the internet since the last decade. They have become a challenge for SDNs as well. To address this issue, we have proposed a novel firewall application, which has been developed based on multiple stages of the packet filtering technique, and provide layer-based security and a flood attack prevention system. The proposed application mainly comprises two security entities—one provides layer-based security, while the other has been designed specifically for preventing and mitigating flooding attacks. The layer-based packet filtering technique, which has been applied in the proposed system, filters all types of unwanted packets using the layer (layers 2, 3, and 4)-based packet header entity. Meanwhile, the flooding attack prevention system functions by counting the number of packets and their sizes. The proposed solution was tested for different attack scenarios; it was able to prevent 74.12% of flooding attacks, while conducting flooding attacks in SDN.