Prevention of DDoS Attacks in SDN by Using Virtual IP Addresses

Enhancing Security in Software Defined Networks

Authors

  • Sanjeetha R. Department of Computer Science & Engineering Author
  • Monisha B. Department of Computer Science & Engineering Author
  • Anita Kanavalli Department of Computer Science & Engineering Author

Keywords:

DDoS attacks, SDN, virtual IP addresses, network architecture, data plane, control plane, DDoS detection, DDoS prevention, Legitimate clients, botnets

Abstract

DDoS is one of the most common attack that is prevalent in traditional networks, it also has its implications on Software Defined Networks (SDN). SDN is a new network architecture which separates the data plane from the control plane. In traditional networks an attack is performed by first identifying the IP addresses of the victim machine and then sending huge amounts of unnecessary data to it. A similar attack can also be performed on servers that are present in SDN. In our paper we propose a method wherein the real ipaddress of important servers can be hidden thereby preventing the DDoS attack. A DDoS Detection and Prevention modules are deployed on the SDN controller. The DDoS detection module identifies that there is a DDoS attack and differentiates legitimate clients from botnets. The DDoS prevention module generates virtual ipaddresses for every real ipaddress dynamically that changes regularly after some interval. The SDN controller makes use of the results of these two modules and installs rules into flow table such that only the legitimate clients will be provided with the real ipaddress whereas the botnets are blocked by dropping their requests.

Downloads

Download data is not yet available.

Downloads

Published

2016-12-15

Issue

Vol. 12 No. 25 (2016): Journal of Advances in Science and Technology (JAST)

Section

Articles