WCSE

SYN Flooding Attack Detection and Mitigation in SDN

Abstract— Software-defined networking separates network architecture into logical control layer and data forwarding layer with the aim of providing high flexibility, agility, and security. Although it manages the whole network from the controller with the ease of programmability, many security issues still exist in SDN architecture. Attacker's target can be at the various layers of SDN by DDoS attack. Defining threshold in detection and mitigation of the attack is one of the most important issues. Existing researches emphasize the detection of DDoS attack with various mechanisms in SDN infrastructure. This paper provides a simple mechanism for both detection and mitigation of common type of DDoS attack, SYN flooding attack via sFlow analyzer with dynamic threshold calculated by using adaptive threshold algorithm. It uses own generated network traffic consisting both normal and attack traffic and shows that how the calculated dynamic threshold adapts the incoming t raffic. It also evaluates the performance of the detection and mitigation mechanism by detection rate, false alarm rate, false negative rate, and accuracy in order to prove our proposed system can timely detect and reasonably mitigate DDoS attack.

Index Terms— adaptive threshold, DDoS, detection and mitigation, SDN, sFlow.

Nan Haymarn Oo
University of Computer Studies, MYANMAR
Aung Htein Maw
University of Information Technology, MYANMAR

[Download]

Cite: Nan Haymarn Oo, Aung Htein Maw, "SYN Flooding Attack Detection and Mitigation in SDN," Proceedings of 2019 the 9th International Workshop on Computer Science and Engineering WCSE_2019_SPRING, pp. 126-131, Yangon, Myanmar, February 27-March 1, 2019.