Investigating high traffic rate distributed denial of service attacks detection mechanisms in Software-Defined Networks

Software-defined networking is a new and enhanced networking paradigm, which decouples control plane and data plane in a network. It is a networking paradigm that addresses networking problems, such as manual configuration of switches and cumbersome administration of networks. In software-defined networking the logically centralized controller has a global view of the network, which makes it superior over traditional networking approaches in terms of agility, programmability, and cost effectiveness. However, it is susceptible to security at-tacks. The controller is vulnerable to attacks such as the single point of failure, which renders the network servers unavailable. For example, high traffic or distributed denial of service can ex-haust the bandwidth, processing time, and the memory of the controller in seconds. The paper investigates and evaluates the performance of the existing high traffic and distributed denial of service attacks detection mechanisms. The results show that lightweight and early detecting schemes are better performing schemes. However, further work is still required.