MinDoS: A Priority-Based SDN Safe-Guard Architecture for DoS Attacks

Tao WANG  Hongchang CHEN  Chao QI  

IEICE TRANSACTIONS on Information and Systems   Vol.E101-D   No.10   pp.2458-2464
Publication Date: 2018/10/01
Online ISSN: 1745-1361
DOI: 10.1587/transinf.2017EDP7419
Type of Manuscript: PAPER
Category: Information Network
software-defined networking,  denial-of-service attack,  priority queue,  round-robin scheme,  

Full Text: PDF(1.6MB)>>
Buy this Article

Software-defined networking (SDN) has rapidly emerged as a promising new technology for future networks and gained considerable attention from both academia and industry. However, due to the separation between the control plane and the data plane, the SDN controller can easily become the target of denial-of service (DoS) attacks. To mitigate DoS attacks in OpenFlow networks, our solution, MinDoS, contains two key techniques/modules: the simplified DoS detection module and the priority manager. The proposed architecture sends requests into multiple buffer queues with different priorities and then schedules the processing of these flow requests to ensure better controller protection. The results show that MinDoS is effective and adds only minor overhead to the entire SDN/OpenFlow infrastructure.