Early Detection and Diminution of DDoS attack instigated by compromised switches on the controller in Software Defined Networks

Software Defined Networks (SDN) provides separation of data plane and control plane, which can be used for implementing various network solutions like traffic engineering, intrusion detection load balancing, etc. However, there are few issues relating to SDN that needs to be addressed, one of them being Distributed Denial of Service (DDoS) attack on the centralized controller. Many researchers have contributed various solutions for identifying and mitigating such attacks. However, the intruders often find new ways of performing such DDoS attacks and hence the detection of such attacks takes more time and resources. In this paper, the aim is to demonstrate how a DDoS attack can be initiated on an SDN controller by the compromised switches whose idle and hard timeout values are manipulated to send repeated flow table entry requests to the controller. Furthermore, a solution is also proposed to detect such an attack within the second repeated request and mitigate it immediately. This solution is highly efficient as the attack is detected instantly instead of calculating a threshold based on the number of flow entry requests to identify whether the traffic is attack traffic or a genuine one.