Nowadays, Software-Defined Networking (SDN) has become a promising network architecture in which network devices are controlled in a separate Control Plane (i.e., SDN controller). In a specific aspect, employing SDN in a network offers an attractive network security solution due to its flexibility in building and adding more new software security rules. From another perspective, attack prediction and mitigation, especially for Distributed Denial of Service (DDoS) attacks, are still challenges in SDN environments since a SDN control system works probably slower than a non-SDN one and the
SDN controller can become a target of attacks. In this article, at first, we analyze a real traffic use case in order to derive DDoS indicators and thresholds. Secondly, we design an Openflow/SDN-based Attack Mitigation Architecture that is able to quickly mitigate DDoS attacks on the fly. The design solves the existing problems of the Openflow protocol, reducing the traffic volume traversing over the interface between the data plane (switch) and the control plane (SDN controller) and decreasing the buffer size at the Openflow switch. Applying our proposed Fuzzy Logic-based DDoS Mitigation algorithm that deploys multiple criteria for DDoS detection - FDDoM, the system demonstrates the ability to detect and filter 97% of attack flows and reach a False Positive Rate of 5% that are acceptable figures in real system management. The results also show that the network resource which is required to cope and maintain flow entries is 50% reduced during attack time.

C. Jin, H. Wang, and K. G. Shin, “Hop-count filtering: an effective defense against spoofed DDoS traffic,” in 10th ACM conference on Computer and communications security, 2003, pp. 30–41.

J. Ashraf and S. Latif, “Handling intrusion and DDoS attacks in Software Defined Networks using machine learning techniques,” in IEEE National Software Engineering Conference (NSEC), 2014, pp. 55–60.

S. X. Wu and W. Banzhaf, “The use of computational intelligence in intrusion detection systems: A review,” Applied Soft Computing, vol. 10, no. 1, pp. 1–35, 2010.

Y. Kim, J. Y. Jo, and K. K. Suh, “Baseline profile stability for network anomaly detection,” International Journal of Network Security, vol. 6, no. 1, pp. 60–66, 2008.

O. Salem, S. Vaton, and A. Gravey, “An efficient online anomalies detection mechanism for high-speed networks,” in IEEE/IST Workshop on Monitoring, Attack Detection and Migitation (MonAM), 2007.

M. Thottan and C. Ji, “Anomaly detection in IP networks,” IEEE Transactions on signal processing, vol. 51, no. 8, pp. 2191–2204, 2003.

R. Saurabh and B. Anup, “DDOS Attacks on Network: Anomaly Prevention using Statistical Algorithm,” International Journal of Advanced Research in Computer Science and Software Engineering, vol. 2, December, 2012.

Software Defined Networking Definition. [Online]. Available: https://opennetworking.org/sdn-resources/sdn-definition. Accessed: 11 May 2016.

OpenFlow: Enabling Innovation in Campus Networks. [Online]. Available: http://archive.openflow.org/documents/openflow-wp-latest.pdf. Accessed: 2 May 2016.

K. G. et al. Dileep, “A Survey on Defense Mechanisms countering DDoS Attacks in the Network,” International Journal of Advanced Research in Computer and Communication Engineering, ISSN: 2319-5940, vol. 2, no. 7, pp. 2599–2606, July, 2013.

X. Ma and Y. Chen, “DDoS detection method based on chaos analysis of network traffic entropy,” IEEE Communications Letters, vol. 18, no. 1, pp. 114–117, 2014.

L. Feinstein, D. Schnackenberg, R. Balupari, and D. Kindred, “Statistical approaches to DDoS attack detection and response,” in DARPA Information Survivability Conference and Exposition, vol. 1, 2003, pp. 303–314.

Z. Duan, X. Yuan, and J. Chandrashekar, “Controlling IP spoofing through interdomain packet filters,” IEEE Transactions on Dependable and Secure Computing, vol. 5, no. 1, pp. 22–36, 2008.

F. Yi, S. Yu, W. Zhou, J. Hai, and A. Bonti, “Source-Based Filtering Scheme against DDOS Attacks,” International Journal of Database Theory and Application, vol. 1, pp. 9–20, 2008.

D. Moore, C. Shannon, D. J. Brown, G. M. Voelker, and S. Savage, “Inferring internet denial-of-service activity,” ACM Transactions on Computer Systems (TOCS), vol. 24, no. 2, pp. 115–139, 2006.

M. Ramadas, S. Ostermann, and B. Tjaden, “Detecting anomalous network traffic with self-organizing maps,” in International Workshop on Recent Advances in Intrusion Detection. Springer, 2003, pp. 36–54.

R. Braga, E. Mota, and A. Passito, “Lightweight DDoS flooding attack detection using NOX/OpenFlow,” in 35th IEEE Conference onLocal Computer Networks (LCN), 2010, pp. 408–415.

Y. G. Dantas, V. Nigam, and I. E. Fonseca, “A selective defense for application layer DDoS attacks,” in IEEE Joint Intelligence and Security Informatics Conference (JISIC), 2014, pp. 75–82.

S. Sivabalan and P. Radcliffe, “A novel framework to detect and block DDoS attack at the application layer,” in IEEE TENCON Spring Conference, 2013, pp. 578–582.

J. D. Ndibwile, A. Govardhan, K. Okada, and Y. Kadobayashi, “Web Server protection against application layer DDoS attacks using machine learning and traffic authentication,” in 39th IEEE Annual Computer Software and Applications Conference (COMPSAC), vol. 3, 2015, pp. 261–267.

S. A. Mehdi, J. Khalid, and S. A. Khayam, “Revisiting traffic anomaly detection using software defined networking,” in International Workshop on Recent Advances in Intrusion Detection. Springer, 2011, pp. 161–180.

K. Giotis, C. Argyropoulos, G. Androulidakis, D. Kalogeras, and V. Maglaris, “Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments,” Computer Networks, vol. 62, pp. 122–136, 2014.

S. Shin, V. Yegneswaran, P. Porras, and G. Gu, “AVANT-GUARD: Scalable and vigilant switch flow management in software-defined networks,” in 2013 ACM SIGSAC Conference on Computer & Communications Security, 2013, pp. 413–424.

M. Ambrosin, M. Conti, F. De Gaspari, and R. Poovendran, “Lineswitch: Efficiently managing switch flow in software-defined networking while effectively tackling DoS attacks,” in 10th ACM Symposium on Information, Computer and Communications Security, 2015, pp. 639–644.

P. Van Trung, T. T. Huong, D. Van Tuyen, D. M. Duc, N. H. Thanh, and A. Marshall, “A multi-criteria-based DDoS-attack prevention solution using software defined networking,” in International Conference on Advanced Technologies for Communications (ATC), 2015, pp. 308–313.

Z. Kovacic and S. Bogdan, Fuzzy Controller Design: Theory and Applications. CRC press, 2005.

M. Sugeno, Industrial Applications of Fuzzy Control. Elsevier, 1985.