Software-Defined Networking (SDN) is an emerging Network technology that can augment the data plane with control plane by using programming technique. However, there are a numbers of security challenges which are required to address to achieve secured communication. Flooding attack is one of the most common threats on the internet for the last decades which is becoming the challenging issues in SDN networks too. To address these issues, we proposed a novel firewall application developed based on the multiple stages of packets filtering technique to provide flooding attack prevention system and layer-based packets detection system. In this research, we are using two main stages to detect the flooding attack and mitigate the flooding packets. The first stage is to identify the attacks and, the second stage is to identify the attacker’s information and act them based on layer-based packet header entity. The system contains two security entities to identify the flooding attacks, one is by measuring the packet size, and the other is by counting the packets flow. We used the details of packets flow to control over the flow and to identify the attacks being occurred or not. Along with, to identify the attacker’s information, we used layers (layer 2 to layer 4) based packet header entities by using multi-table architecture. The proposed solution was tested for different attack scenarios and successfully reduced the flow of volume-based bulk-size flooding attack and infinite packets flooding attack in SDN network.

1. Y. Gautam, K. Sato, B. P. Gautam and N. Shiratori, “Novel Firewall Application for Mitigating Flooding Attacks on an SDN Network,” 2021 International Conference on Networking and Network Applications (NaNA), 2021, pp. 449-455, doi: 10.1109/NaNA53684.2021.00084.
2. Raktim Deb and Sudipta Roy, “A comprehensive survey of vulnerability and information security in SDN,” Computer Networks, vol.206, 2022, doi: 10.1016/j.comnet.2022.108802.
3. B. P. Gautam, D. Shrestha, “A model for the development of Universal Browser for proper utilization of computer resources available in service cloud over secured environment,” Proc. of the International MultiConference of Engineers and Computer Scientists 2010 (IMECS), 2010.
4. D. Pun, A. Batajoo, B. P. Gautam, “Vulnerability of Network Traffic in Data Centers under Various kinds of Attacks,” IPSJ SIG Technical Report, Vol.2015-ITS-62, 2015.
5. D. Kim, P. T. Dinh, S. Noh, J. Yi and M. Park, “An Effective Defense Against SYN Flooding Attack in SDN,” 2019 International Conference on Information and Communication Technology Convergence (ICTC), 2019, pp. 369-371, doi: 10.1109/ICTC46691.2019.8939937.
6. P. Kumar, M. Tripathi, A. Nehra, M. Conti and C. Lal, “SAFETY: Early Detection and Mitigation of TCP SYN Flood Utilizing Entropy in SDN,” in IEEE Transactions on Network and Service Management, vol. 15, no. 4, pp. 1545-1559, Dec. 2018, doi: 10.1109/TNSM.2018.2861741.
7. S. Asadollahi, B. Goswami and M. Sameer, “Ryu controller’s scalability experiment on software defined networks,” 2018 IEEE International Conference on Current Trends in Advanced Computing (ICCTAC), 2018, pp. 1-5, doi: 10.1109/ICCTAC.2018.8370397.
8. T. Hu, Z. Guo, P. Yi, T. Baker and J. Lan, “Multi-controller Based Software-Defined Networking: A Survey,” in IEEE Access, vol. 6, pp. 15980-15996, 2018, doi: 10.1109/ACCESS.2018.2814738.
9. Y. Gautam, K. Sato, B. P. Gautam and N. Shiratori, “Novel Firewall Application for Mitigating Flooding Attacks on an SDN Network,” 2021 International Conference on Networking and Network Applications (NaNA), 2021, pp. 449-455, doi: 10.1109/NaNA53684.2021.00084.
10. D. Li et al., “Research on QoS routing method based on NSGAII in SDN,” Journal of Physics: Conference Series, vol. 1656, no. 1, 2020, doi: 10.1088/1742-6596/1656/1/012027.
11. I. H. Abdulqadder et al., “Validating User Flows to Protect Software Defined Network Environments,” Security and Communication Networks, 2018, doi: 10.1155/2018/1308678.
12. W. H. Muragaa, K. Seman, M. F. Marhusin, “Simulating DDoS Attack in sdn Network Using POX Controller and Mininet Emulator,” Proc. of 134th The IRES International Conference, pp.39-41, 2018.
13. M. I. Lali et al., “Effect of Input-Output ( IO ) Buffering to Minimize Flow Control Blocking in Software Defined Networking,” Mobile Information Systems, 53(3), pp.208-213, 2016.
14. R. M. Thomas and D. James, “DDOS detection and denial using third party application in SDN,” 2017 International Conference on Energy, Communication, Data Analytics and Soft Computing (ICECDS), 2017, pp. 3892-3897, doi: 10.1109/ICECDS.2017.8390193.
15. X. Liang and X. Qiu, “A software defined security architecture for SDN-based 5G network,” 2016 IEEE International Conference on Network Infrastructure and Digital Content (IC-NIDC), 2016, pp. 17-21, doi: 10.1109/ICNIDC.2016.7974528.
16. W. Iqbal, H. Abbas, M. Daneshmand, B. Rauf and Y. A. Bangash, “An In-Depth Analysis of IoT Security Requirements, Challenges, and Their Countermeasures via Software-Defined Security,” in IEEE Internet of Things Journal, 7(10), pp. 10250-10276, 2020, doi: 10.1109/JIOT.2020.2997651.
17. D. He, S. Chan and M. Guizani, “Securing software defined wireless networks,” in IEEE Communications Magazine, vol. 54, no. 1, pp. 20-25, 2016, doi: 10.1109/MCOM.2016.7378421.
18. A. M. AbdelSalam, A. B. El-Sisi and V. Reddy K, “Mitigating ARP Spoofing Attacks in Software-Defined Networks,” 2015 25th International Conference on Computer Theory and Applications (ICCTA), 2015, pp. 126-131, doi: 10.1109/ICCTA37466.2015.9513433.
19. S. Morzhov, I. Alekseev and M. Nikitinskiy, “Firewall application for Floodlight SDN controller,” 2016 International Siberian Conference on Control and Communications (SIBCON), 2016, pp. 1-5, doi: 10.1109/SIBCON.2016.7491821.
20. S. Kaur, K. Kaur and V. Gupta, “Implementing openflow based distributed firewall,” 2016 International Conference on Information Technology (InCITe) – The Next Generation IT Summit on the Theme – Internet of Things: Connect your Worlds, 2016, pp. 172-175, doi: 10.1109/INCITE.2016.7857611.
21. N. Zope, S. Pawar and Z. Saquib, “Firewall and load balancing as an application of SDN,” 2016 Conference on Advances in Signal Processing (CASP), 2016, pp. 354-359, doi: 10.1109/CASP.2016.7746195.
22. Y. Gautam, B. P. Gautam and K. Sato, “Experimental Security Analysis of SDN Network by Using Packet Sniffing and Spoofing Technique on POX and Ryu Controller,” 2020 International Conference on Networking and Network Applications (NaNA), 2020, pp. 394-399, doi: 10.1109/NaNA51271.2020.00073.

Citations by Dimensions

Citations by PlumX

Crossref Citations

This paper is currently not cited.

No. of Downloads per Month

No. of Downloads per Country