Distributed Denial of Service (DDoS) attack on Software Defined
Networks (SDN): A survey
A B M Ahasan Ullah Hussien Dahir
Student ID: 012202043, Student ID: 012203062
Program: MSCSE Program: MSCSE
UIU, Dhaka, Bangladesh UIU, Dhaka, Bangladesh
aullah202043@mscse.uiu.ac.bd habdi203062@mscse.uiu.ac.bd
Abstract— SDN has become a significant networking
concept which already made remarkable changes in network
architectures. As a newly introduced technology, It is offering
exceptional programmability which allows the users to
manage and configure how they want. SDN recommends a
flexible and controlled networking traffic management by its
high programmability of the separated control and data
planes. The main idea of the principal of this method to figure
out the control plane into a central controller guilty of taking
all networking routing decisions. The separation of those
planes gives a centralized point of virtual control in the
system and parrally precise the barriers of main physical
appliances. on the other hand, SDN shows up with new
attacks and difficulties and travels long packet postponement
and huge packet loss ratio when it gets stuck in between
communication of two planes which aimed at DoS/DDoS
attacks with high table miss packets. DoS/DDoS attacks has
always been considered as a big threat for the networks
because of their capabilities to flood switch MAC tbales by
leading to a serious discomfort for the performance of the
network. Here we may study and segregate several research
papers about DoS/DDoS attacks in SDN as well as
technologies refer to it.
Keywords— SDN, DoS, DDoS, Security Architecture
I. INTRODUCTION
Conventional specification of network has endured mostly
unchanged since the past few decades as to be proved
cumbersome. SDN is the appeared architecture idyllic for the
extraordinary bandwidth, vigorous nature of today
application level solutions. It has a dynamic view along with
the quality of easily manageable, adaptability, and cost-
effective. DoS/DDoS is very old attack since the beginning
of the network attacks. We have found that, DoS/DDoS
attack can be also active in case of SDN infrastructure, and it
can attack in different layer of the SDN. In each case, the
whole SDN will be affected. As currently, financial institute,
hospital and others major networks are converting their
traditional network to SDN infrastructure, we find that,
identifying the attack vectors of DoS/DDoS is crucial for the
ultimate utilization of SDN. This is the motivation to choose
this topic.
SDN offers a transparent shift from the normal network
infrastructure by separating the network logic layer, called
the control plane, and also the data layer, called the info
plane, into distinct entities. Such separation delivers some
advantages: it allows the development of network control
systems, which are virtually centralized and directly
programmable; it also reduces network devices; intricacy by
providing management applications an intangible depiction
Md. Faisal Ahmed Shamsher Morshed
Student ID: 012191002, Student ID: 012193030,
Program: MSCSE Program: MSCSE
UIU, Dhaka, Bangladesh UIU, Dhaka, Bangladesh
mahmed191002@mscse.uiu.ac.bd smorshed193030@mscse.uiu.ac.bd
of the network. The control layer correlates with the applying
layer to perform various kinds of network functions that is
routing, load balancing, and intrusion detection, etc. A
network software system installed within the controller maps
the entire network to other services and applications
implemented within the application layer. Network
administrators can achieve high network control automation
and optimization with SDN applications. Among the present
visible representation of the SDN standard, OpenFlow is that
the most generally embraced. More specifically, enterprises
adopt OpenFlow as a communication protocol to build a
secured and efficient communication between switches and
therefore the controller. OpenFlow outlines the precise API
for communication in between the information plane and
control plane; moreover, it initiates the concepts of flows,
identifies network traffic, and also the idea of flow tables.
Each OpenFlow at enabled network device, called OpenFlow
switch, must maintain a flow table organized during a
pipeline. As laid out in the OpenFlow protocol, switches must
forward a packet-in request to the controller after receiving a
replacement packet (an indication of recent flow) that they
are doing not have any corresponding information within the
flow table to forward the packet. Flow tables describe that
OpenFlow switch will perform based on a given network
flow. The control plane has two options to program the flow
tables of the OpenFlow switches, proactively or reactively.
Firstly, the controller will break down the network policies
into few rules for the proactive mode and install them in
switches during the network bootstraps.
On the other hand, For the reactive mode, if the switch
explicitly requests it, then the controller establishes and
compute the rules. It permits switches to acclimate to network
subtleties swiftly and is suitable for environments where
changes occur very frequently in endpoints; location. For this
reason, it’s a significant process in SDN.
DDoS attacks have a lot of variations. Particularly, flooding
based DoS attacks, like ICMP, UDP, and TCP SYN sends the
vast amount of faux packets to the victim, which successively
deletes computing resources like CPU, memory, and network
bandwidth of the target network. for instance, ICMP and
UDP flooding attacks consume the victim bandwidth, while
within the case of TCP SYN flooding, the attacker exhausts
the victim connection table by sending SYN packets. Instead,
the detection of layer 7 or application layer attack is
incredibly much complicated. These application level DoS
flooding attacks some specified application characteristics
like DNS, HTTP, etc.. An example can be like that, a slow
HTTP GET flood are often combined with a UDP flood,
1
which misleads the victim to a UDP attack, while the HTTP
flood slowly depletes the HTTP server resources. DDoS
attacks’ detection in Software Defined Network introduces
three significant challenges; first, an OpenFlow security
application generally implements far more complex logic
rather than simplifying halting or forwarding a flow. Such
applications can integrate stateful flow rule production logic
to apply complex quarantine procedures or malicious
connection migration purposes that may redirect adversarial
network flows in ways which is found hard in perceiving by
the flow participant. Second, OpenFlow security applications
must be adopted supported the controller type. Thus creating
a security application is platform dependent. Third, to date,
it’s quite challenging to spot all possible attack scenarios
which create a focal point on a dynamic environment like
SDN using easy classification techniques.
We have organized the paper in following frameworks,
Section I, Introduction, contains the motivation for the works,
general discussion which contains scope and problem
statement, Section II describes the background of SDN, DoS,
DDoS; SDN working architecture, DDoS attack in SDN
environment, Section III describes the comparative study of
the papers which we have reviewed, as well as a comparison
table, Section IV describes the taxonomy and analysis of the
paper, Section V describes the challenges of the work,
Section VI describes the conclusion and followed by
references at Section VII.
II. BACKGROUND
SDN has security issues, and among them, the most impactful
one is the Denial of Service (DoS) attack. When launched
successfully, the Denial of Service (DoS) attack or the more
deadly ones, the Distributed Denial of Service (DDoS) attack
can halt the complete network by incapacitating the
controller, or can significantly downgrade the network
performance by restricting network components such as a
switch. A typical DoS attack on any network including SDNs
engulfs computing resources and/or network resources
making network devices like routers and switches unable to
perform their usual designated task. An effective DoS attack
can be achieved by overflowing the target infrastructure with
a huge number of requests to execute.
A. SDN Architecture
Some key features of SDN include the capability of
configuring virtual networks, dynamic policy enforcement
for networks, and a wider control for managing networks
through a well laid out centralized console. The overall
operational cost is also significantly lower than in
conventional ways. It isolates the control logic from the
network devices (switches and routers) aiming at substituting
the conventional networks. Centralized control plane puts an
extra burden on administrators ensuring overall network
security and usual functionality. Compromised network
objects can be a source to repossess delicate information
regarding network structure and users. That information can
later be used for unauthorized activities such as bringing the
network down.
The architecture of SDN is a layered approach, as shown in
figure 1. [1] A detailed diagram is also displayed in figure 2.
[2], SDN has three layers – i) (Network) Application layer,
ii) Control layer and iii) Infrastructure or data forwarding
layer. The application layer and the control layer
communicate between them using the Northbound API. The
control layer and the data forwarding layer communicates
using the Southbound API. OpenFlow protocol is the most
common form of Southbound API in use. Different layers of
SDN along with their various components and functions are
briefly
stated below –
Network Application(s)
Open northbound API
Controller Platform
Open southbound API
Network Infrastructure/Data Forwarding
Figure 1: SDN Architecture
• (Network) Application Layer – This layer facilitates
user application interacting with the network. It also
provides standard services, for example, creating,
discharging and terminating communication with
each other, and any specific services that
applications use.
• Control Layer – This layer hosts the main core of the
network, the controller. This layer forwards the
information to the application layer as needed.
Applications of SDN are built-in within the
application layer as per the information provided by
the controller. The controller interprets the
requirements of applications, regulate different
elements of the network and deliver necessary
information to SDN applications. Additionally, the
controller may shape the needs of competing
2
 Only two pages were converted.
Please Sign Up to convert the full document.

www.freepdfconvert.com/membership