IDEAS home Printed from https://ideas.repec.org/a/gam/jftint/v10y2018i3p23-d133699.html
   My bibliography  Save this article

SDN Based Collaborative Scheme for Mitigation of DDoS Attacks

Author

Listed:
  • Sufian Hameed

    (IT Security Labs, National University of Computer and Emerging Sciences (FAST-NUCES), Karachi 75030, Pakistan)

  • Hassan Ahmed Khan

    (IT Security Labs, National University of Computer and Emerging Sciences (FAST-NUCES), Karachi 75030, Pakistan)

Abstract

Software Defined Networking (SDN) has proved itself to be a backbone in the new network design and is quickly becoming an industry standard. The idea of separation of control plane and data plane is the key concept behind SDN. SDN not only allows us to program and monitor our networks but it also helps in mitigating some key network problems. Distributed denial of service (DDoS) attack is among them. In this paper we propose a collaborative DDoS attack mitigation scheme using SDN. We design a secure controller-to-controller (C-to-C) protocol that allows SDN-controllers lying in different autonomous systems (AS) to securely communicate and transfer attack information with each other. This enables efficient notification along the path of an ongoing attack and effective filtering of traffic near the source of attack, thus saving valuable time and network resources. We also introduced three different deployment approaches i.e., linear, central and mesh in our testbed. Based on the experimental results we demonstrate that our SDN based collaborative scheme is fast and reliable in efficiently mitigating DDoS attacks in real time with very small computational footprints.

Suggested Citation

  • Sufian Hameed & Hassan Ahmed Khan, 2018. "SDN Based Collaborative Scheme for Mitigation of DDoS Attacks," Future Internet, MDPI, vol. 10(3), pages 1-18, February.
    • Handle: RePEc:gam:jftint:v:10:y:2018:i:3:p:23-:d:133699
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/1999-5903/10/3/23/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/1999-5903/10/3/23/
    Download Restriction: no
    ---><---

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Etxezarreta, Xabier & Garitano, IƱaki & Iturbe, Mikel & Zurutuza, Urko, 2023. "Software-Defined Networking approaches for intrusion response in Industrial Control Systems: A survey," International Journal of Critical Infrastructure Protection, Elsevier, vol. 42(C).

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:10:y:2018:i:3:p:23-:d:133699. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.