Professional Documents
Culture Documents
Paper For SDN
Paper For SDN
STUDENT (IT), PCE PANVEL STUDENT (IT), PCE PANVEL FACULTY, PCE PANVEL
threats ifacing ithe iInternet. iIt iis ia ikey iresearch itopic iin
ithe isecurity ifield ito idetect iDDoS iattacks iaccurately iand
Abstract: iquickly. iSDN iis ian iemerging inetwork iinnovation I
architecture ithat iseparates ithe inetwork idata iplane iand ithe
Software Defined Networking (SDN) is a new approach for
icontrol iplane iwhich ihas ithe icharacteristics iof inetwork
the design and management of computer networks. The main
iprogrammable, icentralized imanagement icontrol, iand
concept behind SDN is the separation of the network’s control
iinterface iopening.
and forwarding planes with the control plane moved to the
centralized controller. In SDN networks with the centralized Network iattackers iattack inetwork ibandwidth, isystem
controller structure DDoS attacks can easily exhaust the iresources, iand iapplication iresources, ito iachieve ithe
computing and communication resources, thus, breaks down ieffect iof idenial iof iservice iattacks. iDDoS iattacks ishow
the network within a short time. Since SDN networks are used ithe iincreasing iscale iof iattack; ithe iattack imode iis imore
mainly in large data centres with many switches, it is critical iintelligent. iThe idifficulties iof iDDoS iattack idetection iare
to also find the targeted parts of the network through the ias ifollows: ithe iattack itraffic icharacteristics inot ibeing
detection process. This will reduce the time required to carry ieasy ito iidentify; ithe ilack iof icollaboration ibetween ithe
out a mitigation measure. Controllers are usually designed icoherent inetwork inodes; i ithe ichange iof ithe iattack itool
with backups and also are very powerful devices with huge ibeing istrengthened, iwith ithe ithreshold iof iits iuse
amounts of memory but the resources in the switches are idecreasing; ithe iwidely iused iaddress ifraud imaking iit
much more limited. This makes the switches to be more idifficult ito itrace ithe isource iof ithe iattack; i ithe iduration
susceptible against these types of attacks and hence it is very itime iof iattack ibeing ishort iand iresponse itime ibeing
important to have quick provisional methods in place to ilimited.
prevent the switches from breaking down as soon as the first
signs of an attack are detected. It is also very important to Distributed idenial-of-service i(DDoS) iattacks ihave ibeen ia
design the detection method as lightweight as possible to ireal ithreat ifor inetwork, idigital, iand icyber iinfrastructure
prevent putting any extra load on the controller. i.These iattacks iare icapable ito icause imassive idisruption
iin iany iinformation icommunication itechnology i(ICT)
Keywords: iinfrastructure iThere icould ibe inumerous ireasons ifor
ilaunching iDDoS iattacks. iThese iinclude ifinancial igains i,
Software defined networking - SDN, DDoS attacks,
ipolitical igains i,mand idisruption i.DDoS iattacks ican
OpenFlow, DDoS mitigation
iparalyze inetworks iand iservices iby ioverwhelming iservers,
Introduction: inetwork ilinks, iand inetwork idevices i(routers, iswitches,
ietc.) iwith iillegitimate itraffic. iThey ican ieither icause
With ithe icontinuous idevelopment iof inetwork itechnology, idegradation iof iservice ior ia icomplete idenial iof iservice
ithe iceaseless iexpansion iof inetwork ibusiness ineeds, iand iresulting iin ihuge ilosses. iIncreasing ireliance ion iInternet
irapid igrowth iof ithe iInternet ieconomy iin ithe iInternet iand idata icenters ihas iaggravated ithis iproblem. iThe
iage, ithe iservices iof inetwork iwith iimportant ibusiness igrowing idependence iof icritical iinfrastructure iof ia
iand iindustry iinformation ihave ibeen ispread ito ithe icountry iin iICT ihave igiven irise ito ithe ineed iof iefficient
iproduction iand ilife iof icurrent isociety. iThe iemergence iof isolutions ifor iprotection iagainst iDDoS iattacks iFor
iDDoS iattacks ican ilead ito iabnormalities iin ithe irelated iinstance, idata icenters irunning icritical iservices, isuch ias
inetwork iservices, icausing ihuge ieconomic ilosses iand ismart igrid, ineed ito ibe iprotected iin iorder ito icontinue ito
ieven icausing iother icatastrophic iconsequences. iDDoS iprovide ihighly ireliable iservices.
iattacks iare ione iof ithe iserious inetwork isecurity
With irecent iadvancements iin isoftware-defined inetworking
i(SDN) iand iits irapid iand iwide-scale iacceptance iin ithe
inetwork icommunity, imany iresearchers ihave ibeen
I iactively iinvolved iin ideveloping iSDN-based inetwork
1
isecurity isolutions. iSDN-based isolutions ihave iattracted
imore iattention isince itheir iadoption iin ilarge-scale iwide
iarea inetworks i.The itechnology ienables idevelopers ito
idirectly iprogram, icontrol, iand imanage inetwork iresources
icentrally ithrough ithe iSDN icontroller. i
Method: data to the tools and export flow data while running.
Conclusion: