A novel sFlow based DDoS detection model in software defined networking

A novel sFlow based DDoS detection model in software defined networking

Software-defined networking (SDN) is a networking model that makes networks programmable, convenient, and agile. Its centralized control plane is a key component of DDoS, which causes system resources and prevents services from responding to legitimate requests. The SDN controller's centralized structure makes it extremely susceptible to DDoS attacks. DDoS attacks are quickly identified in SDN controllers, which is essential for preventing them. There are several suggested techniques for finding DDoS attacks, but not much research has been done. The first step in preventing DDoS attacks is to identify them. In this paper, sFlow is used to build an early DDoS detection tool with SDN controller integration for widely used SDN controllers (OpenDaylight and Ryu). Several network scenarios are taken into consideration for the experimental configuration, with Mininet and penetration tools used to create hosts and switches. Each situation involves a different quantity of hosts, switches, and packet forwarding. The number of hosts and switches used in each scenario varies, and the created packets of data range from 1,00,000 to 5,00,000 per second. The controllers are inundated with data traffic, and Wireshark is used to analyse the data traffic, and our DDoS detection system is evaluated based on a variety of criteria, including how long it takes to detect a DDoS assault, the round-trip time (RTT), the percentage of packet loss, and the type of DDoS attack. It has been discovered that ODL takes longer than Ryu to shut down after detecting a successful DDoS attack. Our technology makes sure quick DDoS attacks are promptly detected, improving the SDN controller's performance without compromising the network's overall operation.