Detection and Mitigation of Malicious DDoS Floods in Software Defined Networks
preprint
OA: closed
CC-BY-4.0
Abstract
Abstract Software-defined networking (SDN) has revolutionized network management by providing modular control and data plane attributes for flexible network management. It implies the concept of separating the control and data plane attributes for flexible network management. However, centralized management due to control plane separation in SDN also exposes it to cyber threats such as Distributed Denial-of-service (DDoS) attacks that can compromise the SDN controllers. In recent research, entropy-based attack detection approaches showed much significance among other detection methods but relying on entropy itself can neglect detection in several variables such as variations in flow specification. Based on these limitations, in this work, we have designed a DDoS attack detection framework inside the SDN control plane by integrating the packet flow initiation and its specifications properties with entropy-based algorithm to ensure correct measures of attack detection. The simulation is performed on Mininet network simulator, for implementing SDN architecture and the testbed is created on UDP flood attacks on commonly used data-centric tree topologies. Based on experimentation, this lightweight framework is designed to mitigate DDoS attacks by detecting its effects in the early stages to prevent SDN controller being hijacked due to immense packet flooding Based on the results, the proposed solution assures the SDN-based DDoS attack detection and mitigation under 150 packets maintaining significantly low detection time and high accuracy.accuracy.
My notes (saved in your browser only)
Citation neighborhood (no data yet)
We don't have any in-corpus citations linked to this paper yet. The paper's references may be in our DB but unresolved to ``paper_id`` (resolution happens at ingest when the cited DOI matches a row we already have). Run the cross-source citation reconcile pass to retry.
References (20)
- doi:10.1109/comst.2021.3060582 via crossref
- doi:10.3390/app11156999 via crossref
- doi:10.1002/sec.1737 via crossref
- doi:10.1007/s10586-020-03134-x via crossref
- doi:10.1109/access.2019.2932422 via crossref
- doi:10.4018/ijbdcn.2020010103 via crossref
- doi:10.1145/3190617 via crossref
- doi:10.1007/s12243-018-0629-4 via crossref
- doi:10.1109/tnsm.2017.2741258 via crossref
- doi:10.1109/tnsm.2020.2973621 via crossref
- doi:10.1016/j.future.2021.03.011 via crossref
- doi:10.1109/access.2019.2922196 via crossref
- doi:10.1109/mc.2017.201 via crossref
- doi:10.1109/elconrus51938.2021.9396272 via crossref
- doi:10.1007/s10922-017-9432-1 via crossref
- doi:10.1109/services.2019.00051 via crossref
- doi:10.1109/tnet.2020.2983976 via crossref
- doi:10.1155/2022/2593672 via crossref
- doi:10.1007/s10922-017-9432-1 via crossref
- doi:10.1007/s11235-020-00747-w via crossref
Source provenance
- crossref
- last seen: 2026-06-05T01:00:38.745440+00:00
- europepmc
- last seen: 2026-05-19T01:45:01.086888+00:00
- unpaywall
- last seen: 2026-05-22T02:00:06.705733+00:00
License: CC-BY-4.0