A Fault Tolerant Multi-Controller Framework for SDN DDoS Attacks Detection

Document Type : Original Article


1 Ph.D. Candidate, Computer Engineering, Faculty Engineering, Ferdowsi University of Mashhad, Iran

2 Faculty of Electrical and Computer Engineering, University of Tabriz, Tabriz, Iran


Network communication shows a variety of issues with the fast expansion of computer devices, ranging from network administration to traffic engineering. A well-known method for improving these connections is Software-Defined Networking (SDN). The SDN is a networking architecture that separates the control plane from the data plane to ease network administration. The main advantage of the SDN is the central controller. However, it has security flaws like unreachability in Distributed Denial-of-Service attacks (DDoS). Hence, defending SDN against DDoS attacks is critical. We proposed a framework for detecting DDoS attacks and a fault-tolerant method to replace faulty leader controller in distributed multi-controller SDN. We used multi-controllers architecture and leader election algorithm to present a fault-tolerant framework to select a new leader controller, in the case of a leader controller failure. In addition, an early DDoS attack detection algorithm using the entropy of destination IP addresses and the packet window initiation rate is presented. To evaluate our proposed method in various configurations, we simulated exhaustive experiments in Mininet and Floodlight. The results show that our approach outperforms similar algorithms in various network configurations and multi-victim attacks.


Main Subjects

  • Kreutz, F. M. V. Ramos, P. E. Verissimo, C. E. Rothenberg, S. Azodolmolky, and S. Uhlig, “Software Defined networking: A comprehensive survey,” Proc. IEEE, vol. 103, no. 1, pp. 14–76, 2015.
  • Tariq, M. Hong, and K. Lhee, “A comprehensive categorization of DDoS attack and DDoS defense techniques,” Int. Conf. Adv. Data Min. Appl., no. Mic, pp. 1025–1036, 2006.
  • Heller, “OpenFlow Switch Specification 1.3.0,” Open Netw. Found., vol. 3, pp. 1–36, 2012.
  • Suresh and R. Anitha, “Evaluating Machine Learning Algorithms for Detecting DDoS Attacks BT," Advances in Network Security and Applications”, pp. 441–452, 2011.
  • Meti, D. G. Narayan, and V. P. Baligar, “Detection of distributed denial of service attacks using machine learning algorithms in software defined networks,” 2017 Int. Conf. Adv. Comput. Commun. Informatics, ICACCI 2017, vol. 2017-January, pp. 1366–1371, 2017.
  • Braga, E. Mota, and A. Passito, “Lightweight DDoS Flooding Attack Detection Using NOX / OpenFlow Network-Based Mechanisms Using SDN Network-Based Mechanisms Using SDN,” pp. 408–415, 2018.
  • Wang, Y. Lu, and J. Qin, “A dynamic MLP-based DDoS attack detection method using feature selection and feedback,” Comput. Secur., vol. 88, p. 101645, 2020.
  • U. Rasool, U. Ashraf, K. Ahmed, H. Wang, W. Rafique, and Z. Anwar, “Cyberpulse: A Machine Learning Based Link Flooding Attack Mitigation System for Software Defined Networks,” IEEE Access, vol. 7, pp. 34885–34899, 2019.
  • Haider, A. Akhunzada, I. Mustafa, TB. Patel, A. Fernandez, K-KR . Choo, J. Iqbal, “A Deep CNN Ensemble Framework for Efficient DDoS Attack Detection in Software Defined Networks,” IEEE Access, vol. 8, pp. 53972–53983, 2020.
  • Polat, O. Polat, and A. Cetin, “Detecting DDoS Attacks in Software-Defined Networks Through Feature Selection Methods and Machine Learning Models,” Sustainability, vol. 12, no. 3, 2020.
  • X. Liu, “l An Advanced Entropy-Based DDOS Detection Scheme Jie Zhang, Zheng Qin, Lu Ou, Pei Jiang , JianRong Liu,” Analysis, pp. 67–71, 2010.
  • Oshima, T. Nakashima, and T. Sueyoshi, “Early DoS/DDoS detection method using short-term statistics,” CISIS 2010 - 4th Int. Conf. Complex, Intell. Softw. Intensive Syst., pp. 168–173, 2010M.
  • No and I. Ra, “An Efficient and Reliable DDoS Attack Detection Using a Fast Entropy Computation Method,” pp. 1223–1228, 2009.
  • Kia, "Early detection and mitigation of DDoS attacks in software defined networks." M. Sc. Thesis, 2015.‏
  • M. Mousavi and M. St-hilaire, “Early Detection of DDoS Attacks Against Software,” J. Netw. Syst. Manag., vol. 26, no. 3, pp. 573–591, 2018.
  • Kaur, K. Kumar, N. Aggarwal , and G. Singh, “A comprehensive survey of DDoS defense solutions in SDN: Taxonomy, research challenges, and future directions”. Computers & Security, 110, 102423, 2021‏.
  • Bhayo, R. Jafaq, A. Ahmed, S. Hameed, and S. A. Shah, “A time-efficient approach toward DDoS attack detection in IoT network using SDN”. IEEE Internet of Things Journal, 9(5), 3612-3630, 2021.‏
  • Shakil, , A. Fuad Yousif Mohammed, , R. Arul, A. K. Bashir, and J. K. Choi, “A novel dynamic framework to detect DDoS in SDN using metaheuristic clustering”, Transactions on Emerging Telecommunications Technologies, 33(3), e3622., 2022‏.
  • Taghinezhad-Niar , S. Pashazadeh, and J. Taheri, “QoS-aware online scheduling of multiple workflows under task execution time uncertainty in clouds”. Cluster Computing, 8. 2022
  • Taghinezhad-Niar , S. Pashazadeh, and J. Taheri, “Energy-efficient workflow scheduling with budget-deadline constraints for cloud”. Computing, 2022.
  • Rao, S. Auti, A. Koul, and G. Sabnis, “High Availability and Load Balancing in SDN Controllers,” Int. J. Trend Res. Dev., vol. 3, no. 2, pp. 2394–9333, 2016.
  • “Mininet Walkthrough - Mininet.” [Online]. Available: http://mininet.org/walkthrough/. [Accessed: 24-Jan-2019].
  • “Available Tutorials for Floodlight,” [Online]. Available: https://floodlight.atlassian.net/wiki/spaces/floodlightcontroller/pages/1343514/Tutorials. [Accessed: 24-Jan-2019].
  • “Welcome to Scapy’s documentation! — Scapy 2.4.0-dev documentation.” [Online]. Available: https://scapy.readthedocs.io/en/latest/. [Accessed: 24-Jan-2019].
  •  Parisa Valizadeh received her B.Sc. and M.Sc. degrees in Computer Engineering from the University of Tabriz, Tabriz, Iran in 2016 and 2019, respectively. Her research interests include Software Defined Networks, Smart Grid, and the Internet of Things. She is now a Ph.D. candidate at the Ferdowsi University of Mashhad, Mashhad, Iran.
  • Ahmad Taghinezhad-Niar received his M.Sc. and Ph.D. degrees in Computer Engineering from the University of Tabriz, Tabriz, Iran in 2017 and 2021, respectively. He won awards in different programming competitions in Iran. He has served as a reviewer for several journals and his research interests include Distributed Systems, Cloud Computing, Scheduling algorithms, and Formal methods. He is currently a lecturer at the University of Mohaghegh Ardabili (Iran).