SlideShare a Scribd company logo
© 2022, IRJET | Impact Factor value: 7.529 | ISO 9001:2008 Certified Journal | Page 3091
Denial of Service Attacks in Software Defined Networking - A Survey
Sreejesh N. G.1, Sabina M. A.2
1P G Scholar, Department of Computer Science and Engineering,
Rajiv Gandhi Institute of Technology, Kottayam, Kerala, India
2Assistant Professor, Department of Computer Science and Engineering,
Rajiv Gandhi Institute of Technology, Kottayam, Kerala, India
---------------------------------------------------------------------***---------------------------------------------------------------------
Abstract - The word Software Defined Networks (SDN)
came into limelight only a few years ago. Butithasbecomethe
backbone for various popular network technologies such as
data centers, cloudstorage, mobilecommunication, Internetof
Things and even in small business environments, thankstothe
flexibility, programmability, scalability and centralized
coordination that brings to the entire network. Even though
the introduction of SDN brought easiness in network
management, it is susceptible to all the attacks that may
happen in the traditional network. One suchcommonattackis
saturation attack, means saturating the network resources
using malformed packets. In happens in two forms; Denial of
Service attacks and Distributed Denial of Service attacks.
Many proposals have been brought since the evolution of SDN
to detect and mitigate these attacks. This survey brings an
overview of some of such proposals, their effectiveness and
possible comparisons.
Key Words: Software Defined Networking, saturation
attacks, DoS, DDoS, IoT, control plane, data plane,OpenFlow,
northbound and southbound interfaces.
1. INTRODUCTION
The evolution of network has gone through different phases
before reaching the fully connected world. The traditional
networking scenario uses routers as the backbone of the
network paradigm. Apart from it, gateways and switches
make their specific roles wisely. Transfer a packet of data
from a source to destination needs proper end to end
connectivity and through this connection,physical orlogical,
packets are travelled. Thistransfer needsproper routing and
forwarding. The traditional network does this task in a
fantastic manner with the help of different protocols and
addressing schemes. The problem arises when some
functionalities of the intermediate network need to be
changed. This brings a tedious thing because; most of the
functionalities are fixed into the network devices. Changing
the functionality require changing the whole or part of the
network devices. This causes headache both practically and
economically. Here comes the role of Software Defined
Networking (SDN).
A network device can have a data plane to forward the
incoming packets, a control plane to manage and control the
internal processing of the device,such ascreatingtherouting
table, executing specific algorithms etc, and an application
plane to access the device either for monitoring the device,
managing the control plane by the administrators or
executing business specific applications. In the traditional
network components such as routers and switches, the
control plane and the data plane are in a combined form. If
the network does not need any change, this form is good
method. But as the network technology advances more
functionality and changes need to be incorporated.Hencethe
control plane must be separated from the data plane, as it is
the control plane which needs reformation every time.
2. BACKGROUND
The SDN technology separates the control plane from the
data plane [1][10][14]. The data plane devices are simply
forwarding devices. The control plane is mostly a powerful
system to whichthedataplanedevicesareconnecteddirectly
or indirectly. This system is called the SDN controller. The
control plane functionalities are programmed into the SDN
controller. This is why the SDN is aid to be a programmable
network. One major duty of the controller is to instruct the
forwarding device what to do with the incoming packets.
Since the most common action is forwardingthepackets,this
device can be considered as a special type of switch. The
application plane (otherwise called management plane)
mostly lies on the controller itself, or it may be in a system
directlyaccessibletothecontroller.Theapplicationsareused
to monitorthe network and its various parameters, business
specific functionalitiesoras administrativeaccesspathtothe
controller. The architecture of SDN is shown in Fig. 1 [14].
The interface between the data plane and the control
plane is called the southbound interface. The forwarding
devices communicate with the controller through this
interface. The packets that flow through this interface are
generally packet-in messages, packet-out messagesandflow
modification messages. The interaction need to follow some
protocols for effective communication. The protocol used in
the southbound interface is the OpenFlow protocol [2][3].
The OpenFlowfollowsaneventbasedwayofcommunication.
The switches that follow the OpenFlow protocol are called
OpenFlow Switches, which forms the data plane of the SDN
architecture.
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056
Volume: 09 Issue: 06 | Jun 2022 www.irjet.net p-ISSN: 2395-0072
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056
Volume: 09 Issue: 06 | Jun 2022 www.irjet.net p-ISSN: 2395-0072
© 2022, IRJET | Impact Factor value: 7.529 | ISO 9001:2008 Certified Journal | Page 3092
The interface between the control plane and the
application plane is called the northbound interface. The
protocol in this interface varies with the APIs used in the
interface, and hence there is no specific protocol in this
interface.
Fig -1: SDN Architecture
The features that highlights the SDN from traditional
network comprises of its ability to program the network
without changing any of the forwarding device. Any policies
or functionalities that need to be added or changed can be
done in the controller through programs, which will take
effect in the whole network. This will save huge effort in
changing the network infrastructure to implement the
change. Another feature is the fine grained access control
bases on the policies assigned by the SDN controller. This is
highly useful in IoT based environments as they do not have
in-built access control mechanisms in their light weight
devices [11][12].
2.1 Working of SDN
The core component in the OpenFlow switch is the flow
table. It is a huge table containing two major fields; match
field and corresponding action field. The match table can
contain parameter that can be checked with the incoming
packets. If any match occurs, the corresponding action is
taken. Some common actions are; forwarding the packet to a
specified port, drop the packet, etc. The flows will have
priorities so that the matches with higher priorities are
checked first. If no match is there, it is called a table-miss.
Then the default action is taken, which is to forward the
packet to the controller, encapsulating it in a message called
packet-in message. On getting he packet-in message, the
controller unwraps it and decides what is to be done with
that packet. The packet is then sentbacktotheswitchputting
it into a packet-out message, along with an action for this
packet. The controller may then send a flow rule to that
switch specifying thematchandactionforthesimilarpackets
that may come in the future so that when the packet comes
later to the switch, it will create a table-hit and the packet
need not be sent to the controller, saving the bandwidth in
between.
The SDN controller runs code for handling the packet-in
messages and other event-messages. Examples of such
controller code/softwares are RYU [4], POX [5], NOX [6],
Floodlight [7] etc. Most of the controller softwares are open
in natureso that developers are free to modify it or addmore
functionalities as desired.
2.2 Attacks in SDN
The major feature and at the same time the most
prominent vulnerability of the SDN is its centralized control.
This weakness is used by the attackers to act upon the
controller to perish the entire network. Most attacks in
traditional network is applicable to SDN too [8][9][10].
Saturation attack is the major SDN aimed attack. Here the
major areas of SDN aimed attacks are the switch, the link
between the controller and the switch, and the controller
itself. Exhausting the resources in all the three will result in
denial of services to the hosts connected to the network.
Hence it is a type of Denial of Service (DoS) attack. It is
possible for attackers to create a botnet by including more
zombie systems into the attack scenario and hence this can
lead to Distributed DoS (DDoS) attack.
In a (D)DoS attack, the attacker creates spoofed packets
and flood them into the switch. These will be queued up at
the switch causing a lot of table miss and thereby lot of
packet-in message to the controller. Hence, the switch
resources will get exhausted and the link between theswitch
and the controller filled withuselesspacket-inmessages.The
controller on the other hand will unwrap each of this, try to
find action for it which will go in vain. It will tell the switch to
flood these packets and create useless entries in the flow
table. Thus the controller CPU time and memory also get
wasted. The packets who suffer are the benignpacketswhich
cannot reach the switch or the controller and the service for
its user is denied.
3. ATTACK DETECTION AND MITIGATION
As DoS attacks can happen in any networks, so is in SDN.
Here the difference is that the attacks can be host-aimed or
SDN-aimed. The host-aimed attacks are possible in all
networks in dependent of whether it is legacy [14] or SDN
based [8][9][10].
TCP connections are heavier than other connection less
protocols as there are different handshakes and table
managements as faras a normal hostisconsidered.MostTCP
attacks use SYN flags to exhaust the TCP connection tables of
the target. To solve this type of attack, the controller can act
as a proxy by managing a table of active TCP states as seen in
Avant-Guard [16]. Thus the flows can be classified into those
which complete the handshake and those which do not.
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056
Volume: 09 Issue: 06 | Jun 2022 www.irjet.net p-ISSN: 2395-0072
© 2022, IRJET | Impact Factor value: 7.529 | ISO 9001:2008 Certified Journal | Page 3093
Based on this, it can create flow rules to manage the flows
which do not complete the TCP handshakes.
Apart from TCP, other protocols can also create attacks
especially UDP and ICMP. All the attacks will cause a disaster
to the networks and need to be detected with the combined
action of the switch and the controller. NEOD describes this
scenario and a remedy [17]. But this must not increase the
CPU load of the controller and the switch.
Sometimes the networkoperatingsystem(NOS)itselfcan
be created with primary focus to prevent attacks that may
happen to the controller by compartmentalizingthenetwork
applications so that the services would work in side
sandboxes and does not cause much problems to the
network. Rosemary [18] is designed with such a view. Hence
it is possible to say that the OS is application-centric rather
than flow-centric.
One of the common methodsistofirstdetectthepresence
of any attack and mitigate it by meansofdifferentalgorithms.
This detection and mitigation strategy is used by many
researchers in their own methods such as FloodGuard [19],
SGuard [20], Flokeeper [22], SDNGuard [24] and
FloodDefender [25] . Whenever an attack starts,theswitches
will be getting overwhelmed.Toovercomesuchsituation,the
general ideas are either to divert the packets to somewhere
else, say neighbor switches [25] without losing the inport
information, or to store thepacketstemporarilyinacachefor
later processing [19][20][24]. But using the additional cache
for packet storage is practically very difficult. Also it needs
extra cost to add the additional hardware cache. Classifying
the packets into benign and illegal is another tedious thing.
Different classifiers are used for this such as SVM [25], Self
Organizing Maps [20], etc. In small networks, this will not
take much time, but when the network grow bigger in size,
the real timeclassification must not take much timeasitmay
cause severe packet transfer delay. Another method of
finding the attack is the anomaly detection in the network
[23]. Maddu et. al. uses a probabilistic model for such
classification [24].
When the number of spoofed packets increases atswitch,
this will increase the number of packet-in messages to the
controller. Thus the switch-controller link willgetbusierand
this this maylead tolink saturation. Hence by monitoringthe
link bandwidth, it is possible to detect the presence of
flooding at the switch and there by predict the attack [21].
The prediction will not be crisp asthenetworkbehaviourcan
be changed atany time. Thus onlya fuzzy model is feasible in
predicting the future bandwidth utilization and thereby the
chance of attack.
Most of the alleviation methods are focused on the
controller. Recently experiments are being happened to
provide some sort of intelligence to the openflow switches
too, so that theycan do more than just forwarding the packet
based on the flow table. Such an initiation is the Data Plane
Development Kit (DPDK) that consistsoflibrariesinstalledin
the switch to accelerate packet processing and for efficient
computing. Based on the DPDK the attack detection can be
made faster by processing each packet in a very speedy way.
Newer methods such as DPDK based DDoS Detection
frameworks [26] are based on such packet processing. With
this the attack detection happens at the data plane itself and
mitigation at the control plane.
One of the difficult attacks to mitigate is the Low Rate
attack, which occurs as spikes at random interval of time. To
identify such attacks different methods need to be combined
and collaborated. Tang et. al. has introduced a model for
classification basedonperformanceandfeaturesofthetraffic
[27]. It combines both machine learning and flow frequency
analysis.
A comparison of some of the previous proposals are
shown in table 1.
Table -1: Comparison of Different Methods
Proposal Protocols
Additional
Hardware
Controller
AvantGuard [16] TCP No POX
FloodGuard [19] All Yes POX
SGuard [20] All Yes NOX
BWManager [21] All No Floodlight
DAISY [23] All No RYU
SDNGuard [24] All Yes POX
FloodDefender
[25]
All No RYU
3.1 Security Issues in SDN IoT
The SDN can be introduced as the backbone of the IoT
network, so that the controller will get an entire view on the
whole IoT topology [28][29]. The sensor data packets can be
inspected by the controller and knowthecompleteattributes
of the packets. This enables the controller to manage the IoT
network in a finer level.
IoT architecture also is not escaped from DoS attacks.
With spoofed flood and junk value packets, the sink devices
may get overwhelmed and the valuable sensor packets
cannot reach the sink, causing DoS situation. As SDN can
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056
Volume: 09 Issue: 06 | Jun 2022 www.irjet.net p-ISSN: 2395-0072
© 2022, IRJET | Impact Factor value: 7.529 | ISO 9001:2008 Certified Journal | Page 3094
handle the devices and packet flow in a granular way,
different proposals have been introduced by implementing
SDN into IoT environment. Some are just to finetunethedata
flow and some lightly approaches the security aspects also.
Common attacks that may happen to an IoT network include
malwareinjection,DDoSattacks,spoofing/masqueradingand
man-in-the-middle attack [12]. As in data centersandclouds,
DoS and DDoS attacks in the IoT environment may lead to
failure of collecting sensor data and there by hindering the
intended services to be run at the proper time. The attacks
may happen from insideor outside the IoT network.Thiscan
be controlled by limiting the access to authenticated devices
only and controlling the access of network services in a pre-
defined manner. This is possible using SDN.
Z. Qin et. al. [31] proposed MINA which uses the
programmability and flow control feature of the SDN. It
focuses on Network Services and scheduling flows. The
networkservicesareprovidedasprogrammablefeaturesand
SDN's inherent flow table mechanism is used for scheduling
flows. This resists the illegal flows in the network and
thereby reducing the chance of DoS attacks. But, there is no
mentioning about which devices has to access the network
and which services are allowed for them. IoTPot and IoTBox
[30] are some sort of honey pot and sand boxing methods to
trap the attacker and there by stopping it from generating a
DoS attack. An entropybasedmethodin[32]findsanomalyin
the packet flow by constantly monitoring the data flow and
thereby detects and mitigates the illegal packets. On larger
IoT networks of heterogeneous devices, clusters of devices
can be formed, which are managed by one SDN controller for
each cluster and all the clustercontrollerscanbecoordinated
by a master controller [33]. Here the cluster controllers will
classify theabnormal flows using anomalydetectionthrough
Support Vector Machine (SVM) and will report to the master
controller. The master will decide the actions/flow rules to
manage and control the flows in the network. Krishnan P et.
al. [34] proposed a loosely coupled integration scheme and
tightly coupled integration scheme. In the former, the
controller apps take care of the attacks whereas the latter
does the detection through the switch and its security
controller.
3.2 Implementation of Proposals
To implement and test the proposals, setting up a hardware
environment is very costly. Hence the researchers use an
emulator tool called “Mininet” [35][36][37] for creating the
wired and wireless setup. It is highly scalable and powerful
so that it can create virtual hosts and Open Virtual Switches.
The hosts are provided with terminals to access its
functionality and the switches are as powerful as the real
ones. With specific tools such as Scapy [38][39][40] and
hping [41], benign and spoofed traffic can be created inside
the network. Performance of the systems suchasbandwidth
and throughput can be measured using iperf [42] like
utilities. The controller can be from a list of choices such as
RYU, POX, NOX, Floodlight etc.
4. CONCLUSIONS
This paper provides a brief overview of DoS attacks in SDN
and some mitigation measures proposed for various
contexts such as data warehouses and IoT environments. As
the controller is the key element in SDN, any attempt which
causes hindrance to the controller or the link to the
controller will decrease the functionality of the network,
sometimes destroying the entire communication. It can be
seen that the measures against DoS attacks are well suited
for DDoS attacks too. The measures reveal that the attack
mitigation is possible through speculative and efficient
management of resources and prompt and accurate
classification of illegal packets from benign ones.
Furthermore, this paper brings the methodology used inthe
preventive measures, the features they used and the
limitations they bear. Each new method tries to overcome
the gap found in the previous ones. Overall, a researcher can
use this summary to well prepare for finding new methods
to detect and mitigate DoS and DDoS attacks in more
effective ways.
REFERENCES
[1] Kirkpatrick, Keith. “Software-defined networking.”
Communications of the ACM 56.9 (2013): 16-19. M.
Young, The Technical Writer’s Handbook. Mill Valley,
CA: University Science, 1989.
[2] N. McKeown et al., “OpenFlow: Enabling innovation in
campus net-works,” ACM SIG-COMM Comput. Commun.
Rev., vol. 38, no. 2,pp.69–74, Mar. 2008.
[3] OpenFlow Switch Specification [online]
https://opennetworking.org/wpcontent/uploads/2014
/10/openflow-switch-v1.3.5.pdf
[4] RYU SDN Framework [online] https://ryu-sdn.org/
[5] Kaur, Sukhveer, Japinder Singh, and Navtej Singh
Ghumman. “Network programmability using POX
controller.” ICCCS International conference on
communication, computing & systems, IEEE. Vol. 138.
sn, 2014.
[6] Gude, Natasha, et al. “NOX: towards an operatingsystem
for networks.”ACMSIGCOMMcomputercommunication
review 38.3 (2008): 105-110.
[7] Floodlight Controller [online]
https://floodlight.atlassian.net/wiki/spaces/floodlightc
ontroller/overview
[8] Chica, Juan Camilo Correa, Jenny Cuatindioy Imbachi,
and Juan Felipe Botero Vega. “Security in SDN: A
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056
Volume: 09 Issue: 06 | Jun 2022 www.irjet.net p-ISSN: 2395-0072
© 2022, IRJET | Impact Factor value: 7.529 | ISO 9001:2008 Certified Journal | Page 3095
comprehensive survey.” Journal of Network and
Computer Applications 159 (2020): 102595.
[9] Ahmad, Ijaz, et al. “Security in software defined
networks: A survey.” IEEE Communications Surveys &
Tutorials 17.4 (2015): 2317-2346.
[10] Benzekki, Kamal, Abdeslam El Fergougui,andAbdelbaki
ElbelrhitiElalaoui.“Software-defined networking(SDN):
a survey.” Security and communication networks 9.18
(2016): 5803-5833.
[11] Flauzac, Olivier, et al. “SDN based architecture for IoT
and improvement of the security.” 2015 IEEE 29th
international conference on advanced information
networking and applications workshops. IEEE, 2015.
[12] Karmakar, Kallol Krishna, et al.“SDN-enabledsecureIoT
architecture.” IEEE Internet of Things Journal 8.8
(2020): 6549-6564.
[13] Das¸, Resul, Abubakar Karabade, and Gurkan Tuna.
“Common network attack types and defense
mechanisms.” 2015 23nd signal processing and
communications applications conference (siu). IEEE,
2015.
[14] Kreutz, Diego, et al. “Software-defined networking: A
comprehensive survey.” Proceedings of the IEEE 103.1
(2014): 14-76.
[15] Abdullaziz, Osamah Ibrahiem, Li-Chun Wang,and Yu-Jia
Chen. “HiAuth: Hidden authentication for protecting
software defined networks.” IEEE Transactions on
Network and Service Management 16.2 (2019): 618-
631.
[16] S. Shin, V. Yegneswaran, P. Porras, and G. Gu, “AVANT-
GUARD: Scalable and vigilant switch flow management
in software-defined networks,” in Proc. ACM SIGSAC
Conf. Comput. Commun. Secur. (CCS), 2013, pp. 413–
424.
[17] S. Song, S. Hong, X. Guan, B.-Y. Choi, and C. Choi, “NEOD:
Network embedded on-line disaster management
framework for software defined networking,” in Proc.
IFIP/IEEE Int. Symp. Integr. Netw. Manage. (IM), May
2013, pp. 492–498.
[18] Shin, Seungwon, Yongjoo Song, Taekyung Lee, Sangho
Lee, Jaewoong Chung, Phillip Porras, Vinod
Yegneswaran, Jiseong Noh, and Brent Byunghoon Kang.
“Rosemary: A robust, secure, and high-performance
network operating system.” In Proceedings of the 2014
ACM SIGSAC conference on computer and
communications security, pp. 78-89. 2014.
[19] H. Wang, L. Xu, and G. Gu, “FloodGuard: A DoS attack
prevention extension in software-defined networks,” in
Proc. 45th Annu. IEEE/IFIP Int. Conf. Dependable Syst.
Netw., Jun. 2015, pp. 239–250.
[20] Wang, Tao, and HongchangChen.“SGuard:Alightweight
SDN safeguard architecture for DoS attacks.” China
Communications 14, no. 6 (2017): 113-125.
[21] Wang, Tao, Zehua Guo, Hongchang Chen, and Wei Liu.
“BWManager: Mitigating denial of service attacks in
software-defined networks through bandwidth
prediction.” IEEE Transactions on Network and Service
Management 15, no. 4 (2018): 1235-1248.
[22] S. Gao, Z. Li, B. Xiao, and G. Wei, “Security threats in the
data plane of software-defined networks,” IEEE Netw.,
vol. 32, no. 4, pp. 108–113, Jul. 2018.
[23] Imran, Muhammad, Muhammad Hanif Durad, Farrukh
Aslam Khan, and Haider Abbas. “DAISY: A detection and
mitigation system against denial-of-service attacks in
software-defined networks.” IEEE Systems Journal 14,
no. 2 (2019): 1933-1944.
[24] Maddu, Jeevan Surya, Somanath Tripathy, and Sanjeet
Kumar Nayak. “SDNGuard: An Extension in Software
Defined Network to Defend DoS Attack.” In 2019 IEEE
Region 10 Symposium (TENSYMP), pp. 44-49. IEEE,
2019.
[25] Gao, Shang, Zhe Peng, Bin Xiao, Aiqun Hu, Yubo Song,
and Kui Ren. “Detection and Mitigation of DoSAttacksin
Software Defined Networks.” IEEE/ACM Transactions
on Networking 28, no. 3 (2020): 1419-1433.
[26] Varghese, Josy Elsa, and Balachandra Muniyal. “An
Efficient IDS Framework for DDoS Attacks in SDN
Environment.” IEEE Access 9 (2021): 69680-69699.
[27] Tang, Dan, et al. “Performance and Features: Mitigating
the Low-Rate TCP-Targeted DoS Attack via SDN.” IEEE
Journal on Selected Areas in Communications 40.1
(2021): 428-444.
[28] Tayyaba, Sahrish Khan, et al. “Software definednetwork
(sdn) based internet of things (iot) a road ahead.”
Proceedings of the international conference on future
networks and distributed systems. 2017.
[29] Flauzac, Olivier, et al. “SDN based architecture for IoT
and improvement of the security.” 2015 IEEE 29th
international conference on advanced information
networking and applications workshops. IEEE, 2015.
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056
Volume: 09 Issue: 06 | Jun 2022 www.irjet.net p-ISSN: 2395-0072
© 2022, IRJET | Impact Factor value: 7.529 | ISO 9001:2008 Certified Journal | Page 3096
[30] Pa, Yin Minn Pa, et al. “IoTPOT: Analysing the Rise of IoT
Compromises.” 9th USENIX Workshop on Offensive
Technologies (WOOT 15). 2015.
[31] Qin, Zhijing, et al. “A software defined networking
architecture for the internet-of-things.” 2014 IEEE
network operations and management symposium
(NOMS). IEEE, 2014.
[32] Galeano-Brajones, Jesus, et al. “Detection andmitigation
of dos and ddos attacks in iot-based stateful sdn: An
experimental approach.” Sensors 20.3 (2020): 816.
[33] Bhunia, Suman Sankar, andMohanGurusamy.“Dynamic
attack detection and mitigation in IoT using SDN.” 2017
27th International telecommunication networks and
applications conference (ITNAC). IEEE, 2017.
[34] Krishnan, Prabhakar, Jisha S. Najeem, and Krishnashree
Achuthan. “SDN framework for securing IoT networks.”
International Conference on Ubiquitous
Communications and Network Computing. Springer,
Cham, 2017.
[35] Mininet Walkthrough [online]
http://mininet.org/walkthrough/
[36] De Oliveira, Rogerio Leao Santos, et al. “Using mininet
for emulation and prototyping software-defined
networks.” 2014 IEEE Colombian conference on
communications and computing (COLCOM). Ieee, 2014.
[37] Fontes, Ramon R., et al. “Mininet-WiFi: Emulating
software-defined wireless networks.” 2015 11th
International Conference on Network and Service
Management (CNSM). IEEE, 2015.
[38] Rohith, R., Minal Moharir, and G. Shobha. “SCAPY-A
powerful interactive packet manipulation program.”
2018 international conference on networking,
embedded and wireless systems (ICNEWS). IEEE, 2018.
[39] Biondi, Philippe. “Scapy: explore the net withnew eyes.”
Technical report, Technical report, EADS Corporate
Research Center (2005).
[40] Scapy [online] https://scapy.net/
[41] hping3 [online] https://linux.die.net/man/8/hping3
[42] iperf [online] https://iperf.fr/iperf-doc.php
BIOGRAPHIES
Sreejesh N. G. is a P. G. Scholar of
Computer ScienceandEngineering
at Rajiv Gandhi Institute of
Technology, Kottayam, Kerala,
India. He has completed his B.Tech
in Computer Science and
Engineering. His areas of interest
include Computer Networks, SDN
and Network Security.
Sabina M. A. is an Assistant
Professor in the Department of
Computer ScienceandEngineering
at Rajiv Gandhi Institute of
Technology, Kottayam, Kerala,
India. She has completed her
M.Tech in Computer Science and
Engineering. She has more than 5
years of experience as Lecturer
and her areas of interest include
Computer Networks and Machine
Learning.

More Related Content

Similar to Denial of Service Attacks in Software Defined Networking - A Survey (20)

Controller Placement Problem Resiliency Evaluation in SDN-based Architectures
Controller Placement Problem Resiliency Evaluation in SDN-based ArchitecturesController Placement Problem Resiliency Evaluation in SDN-based Architectures
Controller Placement Problem Resiliency Evaluation in SDN-based Architectures
IJCNCJournal
 
Controller Placement Problem Resiliency Evaluation in SDN-based Architectures
Controller Placement Problem Resiliency Evaluation in SDN-based ArchitecturesController Placement Problem Resiliency Evaluation in SDN-based Architectures
Controller Placement Problem Resiliency Evaluation in SDN-based Architectures
IJCNCJournal
 
TERM PAPER
TERM PAPERTERM PAPER
TERM PAPER
Madhav Sharma
 
IRJET- Build SDN with Openflow Controller
IRJET-  	  Build SDN with Openflow ControllerIRJET-  	  Build SDN with Openflow Controller
IRJET- Build SDN with Openflow Controller
IRJET Journal
 
A review on software defined network security risks and challenges
A review on software defined network security risks and challengesA review on software defined network security risks and challenges
A review on software defined network security risks and challenges
TELKOMNIKA JOURNAL
 
Telco Cloud 03 - Introduction to SDN
Telco Cloud 03 - Introduction to SDNTelco Cloud 03 - Introduction to SDN
Telco Cloud 03 - Introduction to SDN
Vikas Shokeen
 
SDN and Mininet: Some Basic Concepts
SDN and Mininet: Some Basic ConceptsSDN and Mininet: Some Basic Concepts
SDN and Mininet: Some Basic Concepts
Eswar Publications
 
Performance Analysis of Wireless Trusted Software Defined Networks
Performance Analysis of Wireless Trusted Software Defined NetworksPerformance Analysis of Wireless Trusted Software Defined Networks
Performance Analysis of Wireless Trusted Software Defined Networks
IRJET Journal
 
Crypto Mark Scheme for Fast Pollution Detection and Resistance over Networking
Crypto Mark Scheme for Fast Pollution Detection and Resistance over NetworkingCrypto Mark Scheme for Fast Pollution Detection and Resistance over Networking
Crypto Mark Scheme for Fast Pollution Detection and Resistance over Networking
IRJET Journal
 
Provide a diagram and description of the flow table entries that can.pdf
Provide a diagram and description of the flow table entries that can.pdfProvide a diagram and description of the flow table entries that can.pdf
Provide a diagram and description of the flow table entries that can.pdf
arihantelehyb
 
TheimplementationofSoftwareDefinedNetworkinginenterprisenetworks.pdf
TheimplementationofSoftwareDefinedNetworkinginenterprisenetworks.pdfTheimplementationofSoftwareDefinedNetworkinginenterprisenetworks.pdf
TheimplementationofSoftwareDefinedNetworkinginenterprisenetworks.pdf
Fernando Velez Varela
 
Software Defined Networking: A Concept and Related Issues
Software Defined Networking: A Concept and Related IssuesSoftware Defined Networking: A Concept and Related Issues
Software Defined Networking: A Concept and Related Issues
Eswar Publications
 
Software Defined Networking Attacks and Countermeasures .docx
Software Defined Networking Attacks and Countermeasures .docxSoftware Defined Networking Attacks and Countermeasures .docx
Software Defined Networking Attacks and Countermeasures .docx
rosemariebrayshaw
 
IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...
IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...
IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...
IRJET Journal
 
veryOLONADE MAHMpppUD PRESENTATIONrrr.pptx
veryOLONADE MAHMpppUD PRESENTATIONrrr.pptxveryOLONADE MAHMpppUD PRESENTATIONrrr.pptx
veryOLONADE MAHMpppUD PRESENTATIONrrr.pptx
awelewa1
 
Software Defined Networking – Virtualization of Traffic Engineering
Software Defined Networking – Virtualization of Traffic EngineeringSoftware Defined Networking – Virtualization of Traffic Engineering
Software Defined Networking – Virtualization of Traffic Engineering
QuEST Global (erstwhile NeST Software)
 
OPTIMIZING CONGESTION CONTROL BY USING DEVICES AUTHENTICATION IN SOFTWARE-DEF...
OPTIMIZING CONGESTION CONTROL BY USING DEVICES AUTHENTICATION IN SOFTWARE-DEF...OPTIMIZING CONGESTION CONTROL BY USING DEVICES AUTHENTICATION IN SOFTWARE-DEF...
OPTIMIZING CONGESTION CONTROL BY USING DEVICES AUTHENTICATION IN SOFTWARE-DEF...
IJNSA Journal
 
Final_Report
Final_ReportFinal_Report
Final_Report
Tlhologelo Mphahlele
 
NovelFrameworkforResourceDiscoveryandSelf-ConfigurationinSoftwareDefinedWirel...
NovelFrameworkforResourceDiscoveryandSelf-ConfigurationinSoftwareDefinedWirel...NovelFrameworkforResourceDiscoveryandSelf-ConfigurationinSoftwareDefinedWirel...
NovelFrameworkforResourceDiscoveryandSelf-ConfigurationinSoftwareDefinedWirel...
Fernando Velez Varela
 
Software Defined Network Based Internet on thing Eco System for Shopfloor
Software Defined Network Based Internet on thing Eco System for ShopfloorSoftware Defined Network Based Internet on thing Eco System for Shopfloor
Software Defined Network Based Internet on thing Eco System for Shopfloor
IRJET Journal
 
Controller Placement Problem Resiliency Evaluation in SDN-based Architectures
Controller Placement Problem Resiliency Evaluation in SDN-based ArchitecturesController Placement Problem Resiliency Evaluation in SDN-based Architectures
Controller Placement Problem Resiliency Evaluation in SDN-based Architectures
IJCNCJournal
 
Controller Placement Problem Resiliency Evaluation in SDN-based Architectures
Controller Placement Problem Resiliency Evaluation in SDN-based ArchitecturesController Placement Problem Resiliency Evaluation in SDN-based Architectures
Controller Placement Problem Resiliency Evaluation in SDN-based Architectures
IJCNCJournal
 
IRJET- Build SDN with Openflow Controller
IRJET-  	  Build SDN with Openflow ControllerIRJET-  	  Build SDN with Openflow Controller
IRJET- Build SDN with Openflow Controller
IRJET Journal
 
A review on software defined network security risks and challenges
A review on software defined network security risks and challengesA review on software defined network security risks and challenges
A review on software defined network security risks and challenges
TELKOMNIKA JOURNAL
 
Telco Cloud 03 - Introduction to SDN
Telco Cloud 03 - Introduction to SDNTelco Cloud 03 - Introduction to SDN
Telco Cloud 03 - Introduction to SDN
Vikas Shokeen
 
SDN and Mininet: Some Basic Concepts
SDN and Mininet: Some Basic ConceptsSDN and Mininet: Some Basic Concepts
SDN and Mininet: Some Basic Concepts
Eswar Publications
 
Performance Analysis of Wireless Trusted Software Defined Networks
Performance Analysis of Wireless Trusted Software Defined NetworksPerformance Analysis of Wireless Trusted Software Defined Networks
Performance Analysis of Wireless Trusted Software Defined Networks
IRJET Journal
 
Crypto Mark Scheme for Fast Pollution Detection and Resistance over Networking
Crypto Mark Scheme for Fast Pollution Detection and Resistance over NetworkingCrypto Mark Scheme for Fast Pollution Detection and Resistance over Networking
Crypto Mark Scheme for Fast Pollution Detection and Resistance over Networking
IRJET Journal
 
Provide a diagram and description of the flow table entries that can.pdf
Provide a diagram and description of the flow table entries that can.pdfProvide a diagram and description of the flow table entries that can.pdf
Provide a diagram and description of the flow table entries that can.pdf
arihantelehyb
 
TheimplementationofSoftwareDefinedNetworkinginenterprisenetworks.pdf
TheimplementationofSoftwareDefinedNetworkinginenterprisenetworks.pdfTheimplementationofSoftwareDefinedNetworkinginenterprisenetworks.pdf
TheimplementationofSoftwareDefinedNetworkinginenterprisenetworks.pdf
Fernando Velez Varela
 
Software Defined Networking: A Concept and Related Issues
Software Defined Networking: A Concept and Related IssuesSoftware Defined Networking: A Concept and Related Issues
Software Defined Networking: A Concept and Related Issues
Eswar Publications
 
Software Defined Networking Attacks and Countermeasures .docx
Software Defined Networking Attacks and Countermeasures .docxSoftware Defined Networking Attacks and Countermeasures .docx
Software Defined Networking Attacks and Countermeasures .docx
rosemariebrayshaw
 
IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...
IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...
IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...
IRJET Journal
 
veryOLONADE MAHMpppUD PRESENTATIONrrr.pptx
veryOLONADE MAHMpppUD PRESENTATIONrrr.pptxveryOLONADE MAHMpppUD PRESENTATIONrrr.pptx
veryOLONADE MAHMpppUD PRESENTATIONrrr.pptx
awelewa1
 
OPTIMIZING CONGESTION CONTROL BY USING DEVICES AUTHENTICATION IN SOFTWARE-DEF...
OPTIMIZING CONGESTION CONTROL BY USING DEVICES AUTHENTICATION IN SOFTWARE-DEF...OPTIMIZING CONGESTION CONTROL BY USING DEVICES AUTHENTICATION IN SOFTWARE-DEF...
OPTIMIZING CONGESTION CONTROL BY USING DEVICES AUTHENTICATION IN SOFTWARE-DEF...
IJNSA Journal
 
NovelFrameworkforResourceDiscoveryandSelf-ConfigurationinSoftwareDefinedWirel...
NovelFrameworkforResourceDiscoveryandSelf-ConfigurationinSoftwareDefinedWirel...NovelFrameworkforResourceDiscoveryandSelf-ConfigurationinSoftwareDefinedWirel...
NovelFrameworkforResourceDiscoveryandSelf-ConfigurationinSoftwareDefinedWirel...
Fernando Velez Varela
 
Software Defined Network Based Internet on thing Eco System for Shopfloor
Software Defined Network Based Internet on thing Eco System for ShopfloorSoftware Defined Network Based Internet on thing Eco System for Shopfloor
Software Defined Network Based Internet on thing Eco System for Shopfloor
IRJET Journal
 

More from IRJET Journal (20)

Enhanced heart disease prediction using SKNDGR ensemble Machine Learning Model
Enhanced heart disease prediction using SKNDGR ensemble Machine Learning ModelEnhanced heart disease prediction using SKNDGR ensemble Machine Learning Model
Enhanced heart disease prediction using SKNDGR ensemble Machine Learning Model
IRJET Journal
 
Utilizing Biomedical Waste for Sustainable Brick Manufacturing: A Novel Appro...
Utilizing Biomedical Waste for Sustainable Brick Manufacturing: A Novel Appro...Utilizing Biomedical Waste for Sustainable Brick Manufacturing: A Novel Appro...
Utilizing Biomedical Waste for Sustainable Brick Manufacturing: A Novel Appro...
IRJET Journal
 
Kiona – A Smart Society Automation Project
Kiona – A Smart Society Automation ProjectKiona – A Smart Society Automation Project
Kiona – A Smart Society Automation Project
IRJET Journal
 
DESIGN AND DEVELOPMENT OF BATTERY THERMAL MANAGEMENT SYSTEM USING PHASE CHANG...
DESIGN AND DEVELOPMENT OF BATTERY THERMAL MANAGEMENT SYSTEM USING PHASE CHANG...DESIGN AND DEVELOPMENT OF BATTERY THERMAL MANAGEMENT SYSTEM USING PHASE CHANG...
DESIGN AND DEVELOPMENT OF BATTERY THERMAL MANAGEMENT SYSTEM USING PHASE CHANG...
IRJET Journal
 
Invest in Innovation: Empowering Ideas through Blockchain Based Crowdfunding
Invest in Innovation: Empowering Ideas through Blockchain Based CrowdfundingInvest in Innovation: Empowering Ideas through Blockchain Based Crowdfunding
Invest in Innovation: Empowering Ideas through Blockchain Based Crowdfunding
IRJET Journal
 
SPACE WATCH YOUR REAL-TIME SPACE INFORMATION HUB
SPACE WATCH YOUR REAL-TIME SPACE INFORMATION HUBSPACE WATCH YOUR REAL-TIME SPACE INFORMATION HUB
SPACE WATCH YOUR REAL-TIME SPACE INFORMATION HUB
IRJET Journal
 
A Review on Influence of Fluid Viscous Damper on The Behaviour of Multi-store...
A Review on Influence of Fluid Viscous Damper on The Behaviour of Multi-store...A Review on Influence of Fluid Viscous Damper on The Behaviour of Multi-store...
A Review on Influence of Fluid Viscous Damper on The Behaviour of Multi-store...
IRJET Journal
 
Wireless Arduino Control via Mobile: Eliminating the Need for a Dedicated Wir...
Wireless Arduino Control via Mobile: Eliminating the Need for a Dedicated Wir...Wireless Arduino Control via Mobile: Eliminating the Need for a Dedicated Wir...
Wireless Arduino Control via Mobile: Eliminating the Need for a Dedicated Wir...
IRJET Journal
 
Explainable AI(XAI) using LIME and Disease Detection in Mango Leaf by Transfe...
Explainable AI(XAI) using LIME and Disease Detection in Mango Leaf by Transfe...Explainable AI(XAI) using LIME and Disease Detection in Mango Leaf by Transfe...
Explainable AI(XAI) using LIME and Disease Detection in Mango Leaf by Transfe...
IRJET Journal
 
BRAIN TUMOUR DETECTION AND CLASSIFICATION
BRAIN TUMOUR DETECTION AND CLASSIFICATIONBRAIN TUMOUR DETECTION AND CLASSIFICATION
BRAIN TUMOUR DETECTION AND CLASSIFICATION
IRJET Journal
 
The Project Manager as an ambassador of the contract. The case of NEC4 ECC co...
The Project Manager as an ambassador of the contract. The case of NEC4 ECC co...The Project Manager as an ambassador of the contract. The case of NEC4 ECC co...
The Project Manager as an ambassador of the contract. The case of NEC4 ECC co...
IRJET Journal
 
"Enhanced Heat Transfer Performance in Shell and Tube Heat Exchangers: A CFD ...
"Enhanced Heat Transfer Performance in Shell and Tube Heat Exchangers: A CFD ..."Enhanced Heat Transfer Performance in Shell and Tube Heat Exchangers: A CFD ...
"Enhanced Heat Transfer Performance in Shell and Tube Heat Exchangers: A CFD ...
IRJET Journal
 
Advancements in CFD Analysis of Shell and Tube Heat Exchangers with Nanofluid...
Advancements in CFD Analysis of Shell and Tube Heat Exchangers with Nanofluid...Advancements in CFD Analysis of Shell and Tube Heat Exchangers with Nanofluid...
Advancements in CFD Analysis of Shell and Tube Heat Exchangers with Nanofluid...
IRJET Journal
 
Breast Cancer Detection using Computer Vision
Breast Cancer Detection using Computer VisionBreast Cancer Detection using Computer Vision
Breast Cancer Detection using Computer Vision
IRJET Journal
 
Auto-Charging E-Vehicle with its battery Management.
Auto-Charging E-Vehicle with its battery Management.Auto-Charging E-Vehicle with its battery Management.
Auto-Charging E-Vehicle with its battery Management.
IRJET Journal
 
Analysis of high energy charge particle in the Heliosphere
Analysis of high energy charge particle in the HeliosphereAnalysis of high energy charge particle in the Heliosphere
Analysis of high energy charge particle in the Heliosphere
IRJET Journal
 
A Novel System for Recommending Agricultural Crops Using Machine Learning App...
A Novel System for Recommending Agricultural Crops Using Machine Learning App...A Novel System for Recommending Agricultural Crops Using Machine Learning App...
A Novel System for Recommending Agricultural Crops Using Machine Learning App...
IRJET Journal
 
Auto-Charging E-Vehicle with its battery Management.
Auto-Charging E-Vehicle with its battery Management.Auto-Charging E-Vehicle with its battery Management.
Auto-Charging E-Vehicle with its battery Management.
IRJET Journal
 
Analysis of high energy charge particle in the Heliosphere
Analysis of high energy charge particle in the HeliosphereAnalysis of high energy charge particle in the Heliosphere
Analysis of high energy charge particle in the Heliosphere
IRJET Journal
 
Wireless Arduino Control via Mobile: Eliminating the Need for a Dedicated Wir...
Wireless Arduino Control via Mobile: Eliminating the Need for a Dedicated Wir...Wireless Arduino Control via Mobile: Eliminating the Need for a Dedicated Wir...
Wireless Arduino Control via Mobile: Eliminating the Need for a Dedicated Wir...
IRJET Journal
 
Enhanced heart disease prediction using SKNDGR ensemble Machine Learning Model
Enhanced heart disease prediction using SKNDGR ensemble Machine Learning ModelEnhanced heart disease prediction using SKNDGR ensemble Machine Learning Model
Enhanced heart disease prediction using SKNDGR ensemble Machine Learning Model
IRJET Journal
 
Utilizing Biomedical Waste for Sustainable Brick Manufacturing: A Novel Appro...
Utilizing Biomedical Waste for Sustainable Brick Manufacturing: A Novel Appro...Utilizing Biomedical Waste for Sustainable Brick Manufacturing: A Novel Appro...
Utilizing Biomedical Waste for Sustainable Brick Manufacturing: A Novel Appro...
IRJET Journal
 
Kiona – A Smart Society Automation Project
Kiona – A Smart Society Automation ProjectKiona – A Smart Society Automation Project
Kiona – A Smart Society Automation Project
IRJET Journal
 
DESIGN AND DEVELOPMENT OF BATTERY THERMAL MANAGEMENT SYSTEM USING PHASE CHANG...
DESIGN AND DEVELOPMENT OF BATTERY THERMAL MANAGEMENT SYSTEM USING PHASE CHANG...DESIGN AND DEVELOPMENT OF BATTERY THERMAL MANAGEMENT SYSTEM USING PHASE CHANG...
DESIGN AND DEVELOPMENT OF BATTERY THERMAL MANAGEMENT SYSTEM USING PHASE CHANG...
IRJET Journal
 
Invest in Innovation: Empowering Ideas through Blockchain Based Crowdfunding
Invest in Innovation: Empowering Ideas through Blockchain Based CrowdfundingInvest in Innovation: Empowering Ideas through Blockchain Based Crowdfunding
Invest in Innovation: Empowering Ideas through Blockchain Based Crowdfunding
IRJET Journal
 
SPACE WATCH YOUR REAL-TIME SPACE INFORMATION HUB
SPACE WATCH YOUR REAL-TIME SPACE INFORMATION HUBSPACE WATCH YOUR REAL-TIME SPACE INFORMATION HUB
SPACE WATCH YOUR REAL-TIME SPACE INFORMATION HUB
IRJET Journal
 
A Review on Influence of Fluid Viscous Damper on The Behaviour of Multi-store...
A Review on Influence of Fluid Viscous Damper on The Behaviour of Multi-store...A Review on Influence of Fluid Viscous Damper on The Behaviour of Multi-store...
A Review on Influence of Fluid Viscous Damper on The Behaviour of Multi-store...
IRJET Journal
 
Wireless Arduino Control via Mobile: Eliminating the Need for a Dedicated Wir...
Wireless Arduino Control via Mobile: Eliminating the Need for a Dedicated Wir...Wireless Arduino Control via Mobile: Eliminating the Need for a Dedicated Wir...
Wireless Arduino Control via Mobile: Eliminating the Need for a Dedicated Wir...
IRJET Journal
 
Explainable AI(XAI) using LIME and Disease Detection in Mango Leaf by Transfe...
Explainable AI(XAI) using LIME and Disease Detection in Mango Leaf by Transfe...Explainable AI(XAI) using LIME and Disease Detection in Mango Leaf by Transfe...
Explainable AI(XAI) using LIME and Disease Detection in Mango Leaf by Transfe...
IRJET Journal
 
BRAIN TUMOUR DETECTION AND CLASSIFICATION
BRAIN TUMOUR DETECTION AND CLASSIFICATIONBRAIN TUMOUR DETECTION AND CLASSIFICATION
BRAIN TUMOUR DETECTION AND CLASSIFICATION
IRJET Journal
 
The Project Manager as an ambassador of the contract. The case of NEC4 ECC co...
The Project Manager as an ambassador of the contract. The case of NEC4 ECC co...The Project Manager as an ambassador of the contract. The case of NEC4 ECC co...
The Project Manager as an ambassador of the contract. The case of NEC4 ECC co...
IRJET Journal
 
"Enhanced Heat Transfer Performance in Shell and Tube Heat Exchangers: A CFD ...
"Enhanced Heat Transfer Performance in Shell and Tube Heat Exchangers: A CFD ..."Enhanced Heat Transfer Performance in Shell and Tube Heat Exchangers: A CFD ...
"Enhanced Heat Transfer Performance in Shell and Tube Heat Exchangers: A CFD ...
IRJET Journal
 
Advancements in CFD Analysis of Shell and Tube Heat Exchangers with Nanofluid...
Advancements in CFD Analysis of Shell and Tube Heat Exchangers with Nanofluid...Advancements in CFD Analysis of Shell and Tube Heat Exchangers with Nanofluid...
Advancements in CFD Analysis of Shell and Tube Heat Exchangers with Nanofluid...
IRJET Journal
 
Breast Cancer Detection using Computer Vision
Breast Cancer Detection using Computer VisionBreast Cancer Detection using Computer Vision
Breast Cancer Detection using Computer Vision
IRJET Journal
 
Auto-Charging E-Vehicle with its battery Management.
Auto-Charging E-Vehicle with its battery Management.Auto-Charging E-Vehicle with its battery Management.
Auto-Charging E-Vehicle with its battery Management.
IRJET Journal
 
Analysis of high energy charge particle in the Heliosphere
Analysis of high energy charge particle in the HeliosphereAnalysis of high energy charge particle in the Heliosphere
Analysis of high energy charge particle in the Heliosphere
IRJET Journal
 
A Novel System for Recommending Agricultural Crops Using Machine Learning App...
A Novel System for Recommending Agricultural Crops Using Machine Learning App...A Novel System for Recommending Agricultural Crops Using Machine Learning App...
A Novel System for Recommending Agricultural Crops Using Machine Learning App...
IRJET Journal
 
Auto-Charging E-Vehicle with its battery Management.
Auto-Charging E-Vehicle with its battery Management.Auto-Charging E-Vehicle with its battery Management.
Auto-Charging E-Vehicle with its battery Management.
IRJET Journal
 
Analysis of high energy charge particle in the Heliosphere
Analysis of high energy charge particle in the HeliosphereAnalysis of high energy charge particle in the Heliosphere
Analysis of high energy charge particle in the Heliosphere
IRJET Journal
 
Wireless Arduino Control via Mobile: Eliminating the Need for a Dedicated Wir...
Wireless Arduino Control via Mobile: Eliminating the Need for a Dedicated Wir...Wireless Arduino Control via Mobile: Eliminating the Need for a Dedicated Wir...
Wireless Arduino Control via Mobile: Eliminating the Need for a Dedicated Wir...
IRJET Journal
 
Ad

Recently uploaded (20)

Pruebas y Solucion de problemas empresariales en redes de Fibra Optica
Pruebas y Solucion de problemas empresariales en redes de Fibra OpticaPruebas y Solucion de problemas empresariales en redes de Fibra Optica
Pruebas y Solucion de problemas empresariales en redes de Fibra Optica
OmarAlfredoDelCastil
 
Strength of materials (Thermal stress and strain relationships)
Strength of materials (Thermal stress and strain relationships)Strength of materials (Thermal stress and strain relationships)
Strength of materials (Thermal stress and strain relationships)
pelumiadigun2006
 
Introduction of Structural Audit and Health Montoring.pptx
Introduction of Structural Audit and Health Montoring.pptxIntroduction of Structural Audit and Health Montoring.pptx
Introduction of Structural Audit and Health Montoring.pptx
gunjalsachin
 
Advanced Automation and Technology in Coal Handling Plants
Advanced Automation and Technology in Coal Handling PlantsAdvanced Automation and Technology in Coal Handling Plants
Advanced Automation and Technology in Coal Handling Plants
Infopitaara
 
Webinar On Steel Melting IIF of steel for rdso
Webinar  On Steel  Melting IIF of steel for rdsoWebinar  On Steel  Melting IIF of steel for rdso
Webinar On Steel Melting IIF of steel for rdso
KapilParyani3
 
Call For Papers - International Journal on Natural Language Computing (IJNLC)
Call For Papers - International Journal on Natural Language Computing (IJNLC)Call For Papers - International Journal on Natural Language Computing (IJNLC)
Call For Papers - International Journal on Natural Language Computing (IJNLC)
kevig
 
Artificial Power 2025 raport krajobrazowy
Artificial Power 2025 raport krajobrazowyArtificial Power 2025 raport krajobrazowy
Artificial Power 2025 raport krajobrazowy
dominikamizerska1
 
Rearchitecturing a 9-year-old legacy Laravel application.pdf
Rearchitecturing a 9-year-old legacy Laravel application.pdfRearchitecturing a 9-year-old legacy Laravel application.pdf
Rearchitecturing a 9-year-old legacy Laravel application.pdf
Takumi Amitani
 
Axial Capacity Estimation of FRP-strengthened Corroded Concrete Columns
Axial Capacity Estimation of FRP-strengthened Corroded Concrete ColumnsAxial Capacity Estimation of FRP-strengthened Corroded Concrete Columns
Axial Capacity Estimation of FRP-strengthened Corroded Concrete Columns
Journal of Soft Computing in Civil Engineering
 
Structural Health and Factors affecting.pptx
Structural Health and Factors affecting.pptxStructural Health and Factors affecting.pptx
Structural Health and Factors affecting.pptx
gunjalsachin
 
introduction to Digital Signature basics
introduction to Digital Signature basicsintroduction to Digital Signature basics
introduction to Digital Signature basics
DhavalPatel171802
 
Forecasting Road Accidents Using Deep Learning Approach: Policies to Improve ...
Forecasting Road Accidents Using Deep Learning Approach: Policies to Improve ...Forecasting Road Accidents Using Deep Learning Approach: Policies to Improve ...
Forecasting Road Accidents Using Deep Learning Approach: Policies to Improve ...
Journal of Soft Computing in Civil Engineering
 
cloud Lecture_2025 cloud architecture.ppt
cloud Lecture_2025 cloud architecture.pptcloud Lecture_2025 cloud architecture.ppt
cloud Lecture_2025 cloud architecture.ppt
viratkohli82222
 
Software Developer Portfolio: Backend Architecture & Performance Optimization
Software Developer Portfolio: Backend Architecture & Performance OptimizationSoftware Developer Portfolio: Backend Architecture & Performance Optimization
Software Developer Portfolio: Backend Architecture & Performance Optimization
kiwoong (daniel) kim
 
A Comprehensive Investigation into the Accuracy of Soft Computing Tools for D...
A Comprehensive Investigation into the Accuracy of Soft Computing Tools for D...A Comprehensive Investigation into the Accuracy of Soft Computing Tools for D...
A Comprehensive Investigation into the Accuracy of Soft Computing Tools for D...
Journal of Soft Computing in Civil Engineering
 
Third Review PPT that consists of the project d etails like abstract.
Third Review PPT that consists of the project d etails like abstract.Third Review PPT that consists of the project d etails like abstract.
Third Review PPT that consists of the project d etails like abstract.
Sowndarya6
 
Irja Straus - Beyond Pass and Fail - DevTalks.pdf
Irja Straus - Beyond Pass and Fail - DevTalks.pdfIrja Straus - Beyond Pass and Fail - DevTalks.pdf
Irja Straus - Beyond Pass and Fail - DevTalks.pdf
Irja Straus
 
Cloud Computing storage saas iaas paas.pptx
Cloud Computing storage saas iaas paas.pptxCloud Computing storage saas iaas paas.pptx
Cloud Computing storage saas iaas paas.pptx
viratkohli82222
 
May 2025: Top 10 Cited Articles in Software Engineering & Applications Intern...
May 2025: Top 10 Cited Articles in Software Engineering & Applications Intern...May 2025: Top 10 Cited Articles in Software Engineering & Applications Intern...
May 2025: Top 10 Cited Articles in Software Engineering & Applications Intern...
sebastianku31
 
Electrical and Electronics Engineering: An International Journal (ELELIJ)
Electrical and Electronics Engineering: An International Journal (ELELIJ)Electrical and Electronics Engineering: An International Journal (ELELIJ)
Electrical and Electronics Engineering: An International Journal (ELELIJ)
elelijjournal653
 
Pruebas y Solucion de problemas empresariales en redes de Fibra Optica
Pruebas y Solucion de problemas empresariales en redes de Fibra OpticaPruebas y Solucion de problemas empresariales en redes de Fibra Optica
Pruebas y Solucion de problemas empresariales en redes de Fibra Optica
OmarAlfredoDelCastil
 
Strength of materials (Thermal stress and strain relationships)
Strength of materials (Thermal stress and strain relationships)Strength of materials (Thermal stress and strain relationships)
Strength of materials (Thermal stress and strain relationships)
pelumiadigun2006
 
Introduction of Structural Audit and Health Montoring.pptx
Introduction of Structural Audit and Health Montoring.pptxIntroduction of Structural Audit and Health Montoring.pptx
Introduction of Structural Audit and Health Montoring.pptx
gunjalsachin
 
Advanced Automation and Technology in Coal Handling Plants
Advanced Automation and Technology in Coal Handling PlantsAdvanced Automation and Technology in Coal Handling Plants
Advanced Automation and Technology in Coal Handling Plants
Infopitaara
 
Webinar On Steel Melting IIF of steel for rdso
Webinar  On Steel  Melting IIF of steel for rdsoWebinar  On Steel  Melting IIF of steel for rdso
Webinar On Steel Melting IIF of steel for rdso
KapilParyani3
 
Call For Papers - International Journal on Natural Language Computing (IJNLC)
Call For Papers - International Journal on Natural Language Computing (IJNLC)Call For Papers - International Journal on Natural Language Computing (IJNLC)
Call For Papers - International Journal on Natural Language Computing (IJNLC)
kevig
 
Artificial Power 2025 raport krajobrazowy
Artificial Power 2025 raport krajobrazowyArtificial Power 2025 raport krajobrazowy
Artificial Power 2025 raport krajobrazowy
dominikamizerska1
 
Rearchitecturing a 9-year-old legacy Laravel application.pdf
Rearchitecturing a 9-year-old legacy Laravel application.pdfRearchitecturing a 9-year-old legacy Laravel application.pdf
Rearchitecturing a 9-year-old legacy Laravel application.pdf
Takumi Amitani
 
Structural Health and Factors affecting.pptx
Structural Health and Factors affecting.pptxStructural Health and Factors affecting.pptx
Structural Health and Factors affecting.pptx
gunjalsachin
 
introduction to Digital Signature basics
introduction to Digital Signature basicsintroduction to Digital Signature basics
introduction to Digital Signature basics
DhavalPatel171802
 
cloud Lecture_2025 cloud architecture.ppt
cloud Lecture_2025 cloud architecture.pptcloud Lecture_2025 cloud architecture.ppt
cloud Lecture_2025 cloud architecture.ppt
viratkohli82222
 
Software Developer Portfolio: Backend Architecture & Performance Optimization
Software Developer Portfolio: Backend Architecture & Performance OptimizationSoftware Developer Portfolio: Backend Architecture & Performance Optimization
Software Developer Portfolio: Backend Architecture & Performance Optimization
kiwoong (daniel) kim
 
Third Review PPT that consists of the project d etails like abstract.
Third Review PPT that consists of the project d etails like abstract.Third Review PPT that consists of the project d etails like abstract.
Third Review PPT that consists of the project d etails like abstract.
Sowndarya6
 
Irja Straus - Beyond Pass and Fail - DevTalks.pdf
Irja Straus - Beyond Pass and Fail - DevTalks.pdfIrja Straus - Beyond Pass and Fail - DevTalks.pdf
Irja Straus - Beyond Pass and Fail - DevTalks.pdf
Irja Straus
 
Cloud Computing storage saas iaas paas.pptx
Cloud Computing storage saas iaas paas.pptxCloud Computing storage saas iaas paas.pptx
Cloud Computing storage saas iaas paas.pptx
viratkohli82222
 
May 2025: Top 10 Cited Articles in Software Engineering & Applications Intern...
May 2025: Top 10 Cited Articles in Software Engineering & Applications Intern...May 2025: Top 10 Cited Articles in Software Engineering & Applications Intern...
May 2025: Top 10 Cited Articles in Software Engineering & Applications Intern...
sebastianku31
 
Electrical and Electronics Engineering: An International Journal (ELELIJ)
Electrical and Electronics Engineering: An International Journal (ELELIJ)Electrical and Electronics Engineering: An International Journal (ELELIJ)
Electrical and Electronics Engineering: An International Journal (ELELIJ)
elelijjournal653
 
Ad

Denial of Service Attacks in Software Defined Networking - A Survey

  • 1. © 2022, IRJET | Impact Factor value: 7.529 | ISO 9001:2008 Certified Journal | Page 3091 Denial of Service Attacks in Software Defined Networking - A Survey Sreejesh N. G.1, Sabina M. A.2 1P G Scholar, Department of Computer Science and Engineering, Rajiv Gandhi Institute of Technology, Kottayam, Kerala, India 2Assistant Professor, Department of Computer Science and Engineering, Rajiv Gandhi Institute of Technology, Kottayam, Kerala, India ---------------------------------------------------------------------***--------------------------------------------------------------------- Abstract - The word Software Defined Networks (SDN) came into limelight only a few years ago. Butithasbecomethe backbone for various popular network technologies such as data centers, cloudstorage, mobilecommunication, Internetof Things and even in small business environments, thankstothe flexibility, programmability, scalability and centralized coordination that brings to the entire network. Even though the introduction of SDN brought easiness in network management, it is susceptible to all the attacks that may happen in the traditional network. One suchcommonattackis saturation attack, means saturating the network resources using malformed packets. In happens in two forms; Denial of Service attacks and Distributed Denial of Service attacks. Many proposals have been brought since the evolution of SDN to detect and mitigate these attacks. This survey brings an overview of some of such proposals, their effectiveness and possible comparisons. Key Words: Software Defined Networking, saturation attacks, DoS, DDoS, IoT, control plane, data plane,OpenFlow, northbound and southbound interfaces. 1. INTRODUCTION The evolution of network has gone through different phases before reaching the fully connected world. The traditional networking scenario uses routers as the backbone of the network paradigm. Apart from it, gateways and switches make their specific roles wisely. Transfer a packet of data from a source to destination needs proper end to end connectivity and through this connection,physical orlogical, packets are travelled. Thistransfer needsproper routing and forwarding. The traditional network does this task in a fantastic manner with the help of different protocols and addressing schemes. The problem arises when some functionalities of the intermediate network need to be changed. This brings a tedious thing because; most of the functionalities are fixed into the network devices. Changing the functionality require changing the whole or part of the network devices. This causes headache both practically and economically. Here comes the role of Software Defined Networking (SDN). A network device can have a data plane to forward the incoming packets, a control plane to manage and control the internal processing of the device,such ascreatingtherouting table, executing specific algorithms etc, and an application plane to access the device either for monitoring the device, managing the control plane by the administrators or executing business specific applications. In the traditional network components such as routers and switches, the control plane and the data plane are in a combined form. If the network does not need any change, this form is good method. But as the network technology advances more functionality and changes need to be incorporated.Hencethe control plane must be separated from the data plane, as it is the control plane which needs reformation every time. 2. BACKGROUND The SDN technology separates the control plane from the data plane [1][10][14]. The data plane devices are simply forwarding devices. The control plane is mostly a powerful system to whichthedataplanedevicesareconnecteddirectly or indirectly. This system is called the SDN controller. The control plane functionalities are programmed into the SDN controller. This is why the SDN is aid to be a programmable network. One major duty of the controller is to instruct the forwarding device what to do with the incoming packets. Since the most common action is forwardingthepackets,this device can be considered as a special type of switch. The application plane (otherwise called management plane) mostly lies on the controller itself, or it may be in a system directlyaccessibletothecontroller.Theapplicationsareused to monitorthe network and its various parameters, business specific functionalitiesoras administrativeaccesspathtothe controller. The architecture of SDN is shown in Fig. 1 [14]. The interface between the data plane and the control plane is called the southbound interface. The forwarding devices communicate with the controller through this interface. The packets that flow through this interface are generally packet-in messages, packet-out messagesandflow modification messages. The interaction need to follow some protocols for effective communication. The protocol used in the southbound interface is the OpenFlow protocol [2][3]. The OpenFlowfollowsaneventbasedwayofcommunication. The switches that follow the OpenFlow protocol are called OpenFlow Switches, which forms the data plane of the SDN architecture. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 09 Issue: 06 | Jun 2022 www.irjet.net p-ISSN: 2395-0072
  • 2. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 09 Issue: 06 | Jun 2022 www.irjet.net p-ISSN: 2395-0072 © 2022, IRJET | Impact Factor value: 7.529 | ISO 9001:2008 Certified Journal | Page 3092 The interface between the control plane and the application plane is called the northbound interface. The protocol in this interface varies with the APIs used in the interface, and hence there is no specific protocol in this interface. Fig -1: SDN Architecture The features that highlights the SDN from traditional network comprises of its ability to program the network without changing any of the forwarding device. Any policies or functionalities that need to be added or changed can be done in the controller through programs, which will take effect in the whole network. This will save huge effort in changing the network infrastructure to implement the change. Another feature is the fine grained access control bases on the policies assigned by the SDN controller. This is highly useful in IoT based environments as they do not have in-built access control mechanisms in their light weight devices [11][12]. 2.1 Working of SDN The core component in the OpenFlow switch is the flow table. It is a huge table containing two major fields; match field and corresponding action field. The match table can contain parameter that can be checked with the incoming packets. If any match occurs, the corresponding action is taken. Some common actions are; forwarding the packet to a specified port, drop the packet, etc. The flows will have priorities so that the matches with higher priorities are checked first. If no match is there, it is called a table-miss. Then the default action is taken, which is to forward the packet to the controller, encapsulating it in a message called packet-in message. On getting he packet-in message, the controller unwraps it and decides what is to be done with that packet. The packet is then sentbacktotheswitchputting it into a packet-out message, along with an action for this packet. The controller may then send a flow rule to that switch specifying thematchandactionforthesimilarpackets that may come in the future so that when the packet comes later to the switch, it will create a table-hit and the packet need not be sent to the controller, saving the bandwidth in between. The SDN controller runs code for handling the packet-in messages and other event-messages. Examples of such controller code/softwares are RYU [4], POX [5], NOX [6], Floodlight [7] etc. Most of the controller softwares are open in natureso that developers are free to modify it or addmore functionalities as desired. 2.2 Attacks in SDN The major feature and at the same time the most prominent vulnerability of the SDN is its centralized control. This weakness is used by the attackers to act upon the controller to perish the entire network. Most attacks in traditional network is applicable to SDN too [8][9][10]. Saturation attack is the major SDN aimed attack. Here the major areas of SDN aimed attacks are the switch, the link between the controller and the switch, and the controller itself. Exhausting the resources in all the three will result in denial of services to the hosts connected to the network. Hence it is a type of Denial of Service (DoS) attack. It is possible for attackers to create a botnet by including more zombie systems into the attack scenario and hence this can lead to Distributed DoS (DDoS) attack. In a (D)DoS attack, the attacker creates spoofed packets and flood them into the switch. These will be queued up at the switch causing a lot of table miss and thereby lot of packet-in message to the controller. Hence, the switch resources will get exhausted and the link between theswitch and the controller filled withuselesspacket-inmessages.The controller on the other hand will unwrap each of this, try to find action for it which will go in vain. It will tell the switch to flood these packets and create useless entries in the flow table. Thus the controller CPU time and memory also get wasted. The packets who suffer are the benignpacketswhich cannot reach the switch or the controller and the service for its user is denied. 3. ATTACK DETECTION AND MITIGATION As DoS attacks can happen in any networks, so is in SDN. Here the difference is that the attacks can be host-aimed or SDN-aimed. The host-aimed attacks are possible in all networks in dependent of whether it is legacy [14] or SDN based [8][9][10]. TCP connections are heavier than other connection less protocols as there are different handshakes and table managements as faras a normal hostisconsidered.MostTCP attacks use SYN flags to exhaust the TCP connection tables of the target. To solve this type of attack, the controller can act as a proxy by managing a table of active TCP states as seen in Avant-Guard [16]. Thus the flows can be classified into those which complete the handshake and those which do not.
  • 3. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 09 Issue: 06 | Jun 2022 www.irjet.net p-ISSN: 2395-0072 © 2022, IRJET | Impact Factor value: 7.529 | ISO 9001:2008 Certified Journal | Page 3093 Based on this, it can create flow rules to manage the flows which do not complete the TCP handshakes. Apart from TCP, other protocols can also create attacks especially UDP and ICMP. All the attacks will cause a disaster to the networks and need to be detected with the combined action of the switch and the controller. NEOD describes this scenario and a remedy [17]. But this must not increase the CPU load of the controller and the switch. Sometimes the networkoperatingsystem(NOS)itselfcan be created with primary focus to prevent attacks that may happen to the controller by compartmentalizingthenetwork applications so that the services would work in side sandboxes and does not cause much problems to the network. Rosemary [18] is designed with such a view. Hence it is possible to say that the OS is application-centric rather than flow-centric. One of the common methodsistofirstdetectthepresence of any attack and mitigate it by meansofdifferentalgorithms. This detection and mitigation strategy is used by many researchers in their own methods such as FloodGuard [19], SGuard [20], Flokeeper [22], SDNGuard [24] and FloodDefender [25] . Whenever an attack starts,theswitches will be getting overwhelmed.Toovercomesuchsituation,the general ideas are either to divert the packets to somewhere else, say neighbor switches [25] without losing the inport information, or to store thepacketstemporarilyinacachefor later processing [19][20][24]. But using the additional cache for packet storage is practically very difficult. Also it needs extra cost to add the additional hardware cache. Classifying the packets into benign and illegal is another tedious thing. Different classifiers are used for this such as SVM [25], Self Organizing Maps [20], etc. In small networks, this will not take much time, but when the network grow bigger in size, the real timeclassification must not take much timeasitmay cause severe packet transfer delay. Another method of finding the attack is the anomaly detection in the network [23]. Maddu et. al. uses a probabilistic model for such classification [24]. When the number of spoofed packets increases atswitch, this will increase the number of packet-in messages to the controller. Thus the switch-controller link willgetbusierand this this maylead tolink saturation. Hence by monitoringthe link bandwidth, it is possible to detect the presence of flooding at the switch and there by predict the attack [21]. The prediction will not be crisp asthenetworkbehaviourcan be changed atany time. Thus onlya fuzzy model is feasible in predicting the future bandwidth utilization and thereby the chance of attack. Most of the alleviation methods are focused on the controller. Recently experiments are being happened to provide some sort of intelligence to the openflow switches too, so that theycan do more than just forwarding the packet based on the flow table. Such an initiation is the Data Plane Development Kit (DPDK) that consistsoflibrariesinstalledin the switch to accelerate packet processing and for efficient computing. Based on the DPDK the attack detection can be made faster by processing each packet in a very speedy way. Newer methods such as DPDK based DDoS Detection frameworks [26] are based on such packet processing. With this the attack detection happens at the data plane itself and mitigation at the control plane. One of the difficult attacks to mitigate is the Low Rate attack, which occurs as spikes at random interval of time. To identify such attacks different methods need to be combined and collaborated. Tang et. al. has introduced a model for classification basedonperformanceandfeaturesofthetraffic [27]. It combines both machine learning and flow frequency analysis. A comparison of some of the previous proposals are shown in table 1. Table -1: Comparison of Different Methods Proposal Protocols Additional Hardware Controller AvantGuard [16] TCP No POX FloodGuard [19] All Yes POX SGuard [20] All Yes NOX BWManager [21] All No Floodlight DAISY [23] All No RYU SDNGuard [24] All Yes POX FloodDefender [25] All No RYU 3.1 Security Issues in SDN IoT The SDN can be introduced as the backbone of the IoT network, so that the controller will get an entire view on the whole IoT topology [28][29]. The sensor data packets can be inspected by the controller and knowthecompleteattributes of the packets. This enables the controller to manage the IoT network in a finer level. IoT architecture also is not escaped from DoS attacks. With spoofed flood and junk value packets, the sink devices may get overwhelmed and the valuable sensor packets cannot reach the sink, causing DoS situation. As SDN can
  • 4. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 09 Issue: 06 | Jun 2022 www.irjet.net p-ISSN: 2395-0072 © 2022, IRJET | Impact Factor value: 7.529 | ISO 9001:2008 Certified Journal | Page 3094 handle the devices and packet flow in a granular way, different proposals have been introduced by implementing SDN into IoT environment. Some are just to finetunethedata flow and some lightly approaches the security aspects also. Common attacks that may happen to an IoT network include malwareinjection,DDoSattacks,spoofing/masqueradingand man-in-the-middle attack [12]. As in data centersandclouds, DoS and DDoS attacks in the IoT environment may lead to failure of collecting sensor data and there by hindering the intended services to be run at the proper time. The attacks may happen from insideor outside the IoT network.Thiscan be controlled by limiting the access to authenticated devices only and controlling the access of network services in a pre- defined manner. This is possible using SDN. Z. Qin et. al. [31] proposed MINA which uses the programmability and flow control feature of the SDN. It focuses on Network Services and scheduling flows. The networkservicesareprovidedasprogrammablefeaturesand SDN's inherent flow table mechanism is used for scheduling flows. This resists the illegal flows in the network and thereby reducing the chance of DoS attacks. But, there is no mentioning about which devices has to access the network and which services are allowed for them. IoTPot and IoTBox [30] are some sort of honey pot and sand boxing methods to trap the attacker and there by stopping it from generating a DoS attack. An entropybasedmethodin[32]findsanomalyin the packet flow by constantly monitoring the data flow and thereby detects and mitigates the illegal packets. On larger IoT networks of heterogeneous devices, clusters of devices can be formed, which are managed by one SDN controller for each cluster and all the clustercontrollerscanbecoordinated by a master controller [33]. Here the cluster controllers will classify theabnormal flows using anomalydetectionthrough Support Vector Machine (SVM) and will report to the master controller. The master will decide the actions/flow rules to manage and control the flows in the network. Krishnan P et. al. [34] proposed a loosely coupled integration scheme and tightly coupled integration scheme. In the former, the controller apps take care of the attacks whereas the latter does the detection through the switch and its security controller. 3.2 Implementation of Proposals To implement and test the proposals, setting up a hardware environment is very costly. Hence the researchers use an emulator tool called “Mininet” [35][36][37] for creating the wired and wireless setup. It is highly scalable and powerful so that it can create virtual hosts and Open Virtual Switches. The hosts are provided with terminals to access its functionality and the switches are as powerful as the real ones. With specific tools such as Scapy [38][39][40] and hping [41], benign and spoofed traffic can be created inside the network. Performance of the systems suchasbandwidth and throughput can be measured using iperf [42] like utilities. The controller can be from a list of choices such as RYU, POX, NOX, Floodlight etc. 4. CONCLUSIONS This paper provides a brief overview of DoS attacks in SDN and some mitigation measures proposed for various contexts such as data warehouses and IoT environments. As the controller is the key element in SDN, any attempt which causes hindrance to the controller or the link to the controller will decrease the functionality of the network, sometimes destroying the entire communication. It can be seen that the measures against DoS attacks are well suited for DDoS attacks too. The measures reveal that the attack mitigation is possible through speculative and efficient management of resources and prompt and accurate classification of illegal packets from benign ones. Furthermore, this paper brings the methodology used inthe preventive measures, the features they used and the limitations they bear. Each new method tries to overcome the gap found in the previous ones. Overall, a researcher can use this summary to well prepare for finding new methods to detect and mitigate DoS and DDoS attacks in more effective ways. REFERENCES [1] Kirkpatrick, Keith. “Software-defined networking.” Communications of the ACM 56.9 (2013): 16-19. M. Young, The Technical Writer’s Handbook. Mill Valley, CA: University Science, 1989. [2] N. McKeown et al., “OpenFlow: Enabling innovation in campus net-works,” ACM SIG-COMM Comput. Commun. Rev., vol. 38, no. 2,pp.69–74, Mar. 2008. [3] OpenFlow Switch Specification [online] https://opennetworking.org/wpcontent/uploads/2014 /10/openflow-switch-v1.3.5.pdf [4] RYU SDN Framework [online] https://ryu-sdn.org/ [5] Kaur, Sukhveer, Japinder Singh, and Navtej Singh Ghumman. “Network programmability using POX controller.” ICCCS International conference on communication, computing & systems, IEEE. Vol. 138. sn, 2014. [6] Gude, Natasha, et al. “NOX: towards an operatingsystem for networks.”ACMSIGCOMMcomputercommunication review 38.3 (2008): 105-110. [7] Floodlight Controller [online] https://floodlight.atlassian.net/wiki/spaces/floodlightc ontroller/overview [8] Chica, Juan Camilo Correa, Jenny Cuatindioy Imbachi, and Juan Felipe Botero Vega. “Security in SDN: A
  • 5. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 09 Issue: 06 | Jun 2022 www.irjet.net p-ISSN: 2395-0072 © 2022, IRJET | Impact Factor value: 7.529 | ISO 9001:2008 Certified Journal | Page 3095 comprehensive survey.” Journal of Network and Computer Applications 159 (2020): 102595. [9] Ahmad, Ijaz, et al. “Security in software defined networks: A survey.” IEEE Communications Surveys & Tutorials 17.4 (2015): 2317-2346. [10] Benzekki, Kamal, Abdeslam El Fergougui,andAbdelbaki ElbelrhitiElalaoui.“Software-defined networking(SDN): a survey.” Security and communication networks 9.18 (2016): 5803-5833. [11] Flauzac, Olivier, et al. “SDN based architecture for IoT and improvement of the security.” 2015 IEEE 29th international conference on advanced information networking and applications workshops. IEEE, 2015. [12] Karmakar, Kallol Krishna, et al.“SDN-enabledsecureIoT architecture.” IEEE Internet of Things Journal 8.8 (2020): 6549-6564. [13] Das¸, Resul, Abubakar Karabade, and Gurkan Tuna. “Common network attack types and defense mechanisms.” 2015 23nd signal processing and communications applications conference (siu). IEEE, 2015. [14] Kreutz, Diego, et al. “Software-defined networking: A comprehensive survey.” Proceedings of the IEEE 103.1 (2014): 14-76. [15] Abdullaziz, Osamah Ibrahiem, Li-Chun Wang,and Yu-Jia Chen. “HiAuth: Hidden authentication for protecting software defined networks.” IEEE Transactions on Network and Service Management 16.2 (2019): 618- 631. [16] S. Shin, V. Yegneswaran, P. Porras, and G. Gu, “AVANT- GUARD: Scalable and vigilant switch flow management in software-defined networks,” in Proc. ACM SIGSAC Conf. Comput. Commun. Secur. (CCS), 2013, pp. 413– 424. [17] S. Song, S. Hong, X. Guan, B.-Y. Choi, and C. Choi, “NEOD: Network embedded on-line disaster management framework for software defined networking,” in Proc. IFIP/IEEE Int. Symp. Integr. Netw. Manage. (IM), May 2013, pp. 492–498. [18] Shin, Seungwon, Yongjoo Song, Taekyung Lee, Sangho Lee, Jaewoong Chung, Phillip Porras, Vinod Yegneswaran, Jiseong Noh, and Brent Byunghoon Kang. “Rosemary: A robust, secure, and high-performance network operating system.” In Proceedings of the 2014 ACM SIGSAC conference on computer and communications security, pp. 78-89. 2014. [19] H. Wang, L. Xu, and G. Gu, “FloodGuard: A DoS attack prevention extension in software-defined networks,” in Proc. 45th Annu. IEEE/IFIP Int. Conf. Dependable Syst. Netw., Jun. 2015, pp. 239–250. [20] Wang, Tao, and HongchangChen.“SGuard:Alightweight SDN safeguard architecture for DoS attacks.” China Communications 14, no. 6 (2017): 113-125. [21] Wang, Tao, Zehua Guo, Hongchang Chen, and Wei Liu. “BWManager: Mitigating denial of service attacks in software-defined networks through bandwidth prediction.” IEEE Transactions on Network and Service Management 15, no. 4 (2018): 1235-1248. [22] S. Gao, Z. Li, B. Xiao, and G. Wei, “Security threats in the data plane of software-defined networks,” IEEE Netw., vol. 32, no. 4, pp. 108–113, Jul. 2018. [23] Imran, Muhammad, Muhammad Hanif Durad, Farrukh Aslam Khan, and Haider Abbas. “DAISY: A detection and mitigation system against denial-of-service attacks in software-defined networks.” IEEE Systems Journal 14, no. 2 (2019): 1933-1944. [24] Maddu, Jeevan Surya, Somanath Tripathy, and Sanjeet Kumar Nayak. “SDNGuard: An Extension in Software Defined Network to Defend DoS Attack.” In 2019 IEEE Region 10 Symposium (TENSYMP), pp. 44-49. IEEE, 2019. [25] Gao, Shang, Zhe Peng, Bin Xiao, Aiqun Hu, Yubo Song, and Kui Ren. “Detection and Mitigation of DoSAttacksin Software Defined Networks.” IEEE/ACM Transactions on Networking 28, no. 3 (2020): 1419-1433. [26] Varghese, Josy Elsa, and Balachandra Muniyal. “An Efficient IDS Framework for DDoS Attacks in SDN Environment.” IEEE Access 9 (2021): 69680-69699. [27] Tang, Dan, et al. “Performance and Features: Mitigating the Low-Rate TCP-Targeted DoS Attack via SDN.” IEEE Journal on Selected Areas in Communications 40.1 (2021): 428-444. [28] Tayyaba, Sahrish Khan, et al. “Software definednetwork (sdn) based internet of things (iot) a road ahead.” Proceedings of the international conference on future networks and distributed systems. 2017. [29] Flauzac, Olivier, et al. “SDN based architecture for IoT and improvement of the security.” 2015 IEEE 29th international conference on advanced information networking and applications workshops. IEEE, 2015.
  • 6. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 09 Issue: 06 | Jun 2022 www.irjet.net p-ISSN: 2395-0072 © 2022, IRJET | Impact Factor value: 7.529 | ISO 9001:2008 Certified Journal | Page 3096 [30] Pa, Yin Minn Pa, et al. “IoTPOT: Analysing the Rise of IoT Compromises.” 9th USENIX Workshop on Offensive Technologies (WOOT 15). 2015. [31] Qin, Zhijing, et al. “A software defined networking architecture for the internet-of-things.” 2014 IEEE network operations and management symposium (NOMS). IEEE, 2014. [32] Galeano-Brajones, Jesus, et al. “Detection andmitigation of dos and ddos attacks in iot-based stateful sdn: An experimental approach.” Sensors 20.3 (2020): 816. [33] Bhunia, Suman Sankar, andMohanGurusamy.“Dynamic attack detection and mitigation in IoT using SDN.” 2017 27th International telecommunication networks and applications conference (ITNAC). IEEE, 2017. [34] Krishnan, Prabhakar, Jisha S. Najeem, and Krishnashree Achuthan. “SDN framework for securing IoT networks.” International Conference on Ubiquitous Communications and Network Computing. Springer, Cham, 2017. [35] Mininet Walkthrough [online] http://mininet.org/walkthrough/ [36] De Oliveira, Rogerio Leao Santos, et al. “Using mininet for emulation and prototyping software-defined networks.” 2014 IEEE Colombian conference on communications and computing (COLCOM). Ieee, 2014. [37] Fontes, Ramon R., et al. “Mininet-WiFi: Emulating software-defined wireless networks.” 2015 11th International Conference on Network and Service Management (CNSM). IEEE, 2015. [38] Rohith, R., Minal Moharir, and G. Shobha. “SCAPY-A powerful interactive packet manipulation program.” 2018 international conference on networking, embedded and wireless systems (ICNEWS). IEEE, 2018. [39] Biondi, Philippe. “Scapy: explore the net withnew eyes.” Technical report, Technical report, EADS Corporate Research Center (2005). [40] Scapy [online] https://scapy.net/ [41] hping3 [online] https://linux.die.net/man/8/hping3 [42] iperf [online] https://iperf.fr/iperf-doc.php BIOGRAPHIES Sreejesh N. G. is a P. G. Scholar of Computer ScienceandEngineering at Rajiv Gandhi Institute of Technology, Kottayam, Kerala, India. He has completed his B.Tech in Computer Science and Engineering. His areas of interest include Computer Networks, SDN and Network Security. Sabina M. A. is an Assistant Professor in the Department of Computer ScienceandEngineering at Rajiv Gandhi Institute of Technology, Kottayam, Kerala, India. She has completed her M.Tech in Computer Science and Engineering. She has more than 5 years of experience as Lecturer and her areas of interest include Computer Networks and Machine Learning.