Scribd
Upload
74 views9 pages

18i 1467 (Cyber) PDF

This document discusses detection and prevention of DDoS attacks in SDN networks. It first provides an overview of the SDN architecture and types of DDoS attacks. It then reviews 3 papers on techniques for mitigating DDoS attacks in SDN networks. The first uses a STRIDE threat model to design a secure application. The second uses ArOMA to allow ISPs to deploy policies to mitigate attacks while the third uses entropy-based flow table modifications via OpenFlow. The document compares the approaches on efficiency, overhead, scalability and cost.

Uploaded by

Malikijazriaz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
74 views9 pages

18i 1467 (Cyber) PDF

This document discusses detection and prevention of DDoS attacks in SDN networks. It first provides an overview of the SDN architecture and types of DDoS attacks. It then reviews 3 papers on techniques for mitigating DDoS attacks in SDN networks. The first uses a STRIDE threat model to design a secure application. The second uses ArOMA to allow ISPs to deploy policies to mitigate attacks while the third uses entropy-based flow table modifications via OpenFlow. The document compares the approaches on efficiency, overhead, scalability and cost.

Uploaded by

Malikijazriaz
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 9

DDoS Attacks Detection and

Prevention mechanisms in SDN


Mohib Ullah
MS-CNS 18i-1467
Research Methodology
SDN(Software Define Network)
 Application Layer
 Control Layer
 Infrastructure Layer

2
3
DDoS Attacks on SDN
 Volumetric Attacks
 Congest network by flooding e.g., UDP reflection attacks
 Create congestion by consuming all available bandwidth
 State-exhaustion Attacks
 Types of protocol abuse e.g., TCP SYN flood
 Application layer Attacks
 Consume application resources e.g., HTTP GET, DNS query Floods

4
LITERATURE REVIEW
REF # Techniques Used Benefits/Results Limitations

[1] STRIDE Threat model Design a secure application for an SDN against but it causes delays for
DDOS attack. most users

ArOMA can systematically bridge between ISP


and Customers. Outside domain ISP can deploy Quality of Services is
[2] ArOMA
policies to mitigate the attacks degraded

Overhead imposed on
OpenFlow protocol can effectively mitigate it via
[3] entropy-based method usage of system
flow table modifications.
resources
Ref
Approach Efficiency Overhead Scalability Cost
.

[1] STRIDE Threat model NO YES YES YES

[2] AroMA YES NO YES YES

entropy-based
[3] YES NO NO NO
method

7
References
 [1]Jantila, Saksit, and Kornchawal Chaipah. "A security analysis of a hybrid
mechanism to defend DDoS attacks in SDN." Procedia Computer Science 86
(2016): 437-440.
 [2]Sahay, Rishikesh, et al. "ArOMA: An SDN based autonomic DDoS
mitigation framework." Computers & Security 70 (2017): 482-499.
 [3]Giotis, Kostas, et al. "Combining OpenFlow and sFlow for an effective
and scalable anomaly detection and mitigation mechanism on SDN
environments." Computer Networks 62 (2014): 122-136.

8
9

You might also like