A Novel Feature-Based DDoS Detection and Mitigation Scheme in SDN Controller Using Queueing Theory

Software defined network (SDN) has attracted great interests as an emergent paradigm which aims to centralize the configuration of network devices by decoupling control layer and data layer. One considerable challenge in SDN is to protect against multiple attacks generated by distributed denial of service (DDoS) bots which attempt to make SDN controllers unavailable. The goal of this research is to propose a novel detect and mitigate DDoS attack in SDN controllers using traffic monitoring. Besides the advantages of queueing theory based model is exploited to evaluate the arrival flows and leveraging robust features and entropy, a distance-based classification is designed accurately to detect malicious packets from legitimate packets. The experimental results vividly demonstrate that our proposed detection scheme effectively yields high accuracy as well as high-efficiency controller utilization.