DoS Attack Impact Assessment on Software Defined Networks

Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 231)


Software Defined Networking (SDN) is an evolving network paradigm which promises greater interoperability, more innovation, flexible and effective solutions. Although SDN on the surface provides a simple framework for network programmability and monitoring, few has been said about security measures to make it resilient to hitherto security flaws in traditional network and the new threats the architecture is ushering in. One of the security weaknesses the architecture is ushering in due to separation of control and data plane is Denial of Service (DoS) attack. The main goal of this attack is to make network resources unavailable to legitimate users or introduce large delays. In this paper, the effect of DoS attack on SDN is presented using Mininet, OpenDaylight (ODL) controller and network performance testing tools such as iperf and ping. Internet Control Message Protocol (ICMP) flood attack is performed on a Transmission Control Protocol (TCP) server and a User Datagram Protocol (UDP) server which are both connected to OpenFlow switches. The simulation results reveal a drop in network throughput from 233 Mbps to 87.4 Mbps and the introduction of large jitter between 0.003 ms and 0.789 ms during DoS attack.


Software Defined Networks DoS Network security 


  1. 1.
    McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L.: OpenFlow: enabling innovation in campus networks. ACM SIGCOMM Comput. Commun. Rev. 38(2), 69–74 (2008)CrossRefGoogle Scholar
  2. 2.
    Kreutz, D., Ramos, F., Verissimo, P.: Towards secure and dependable software-defined networks. In: Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in software Defined Networking, pp. 55–60. ACM (2013)Google Scholar
  3. 3.
    Das, S., Parulkar, G., McKeown, N.: Rethinking IP core networks. J. Opt. Commun. Netw. 5(12), 1431–1442 (2013)CrossRefGoogle Scholar
  4. 4.
    Kreutz, D., Ramos, F.M., Verissimo, P.E., Rothenberg, C.E., Azodolmolky, S., Uhlig, S.: Software-defined networking: a comprehensive survey. Proc. IEEE 103(1), 14–76 (2015)CrossRefGoogle Scholar
  5. 5.
    Akhunzada, A., Ahmed, E., Gani, A., Khan, M.K., Imran, M., Guizani, S.: Securing software defined networks: taxonomy, requirements, and open issues. IEEE Commun. Mag. 53(4), 36–44 (2015)CrossRefGoogle Scholar
  6. 6.
    Casado, M., Freedman, M.J., Pettit, J., Luo, J., McKeown, N., Shenker, S.: Ethane: taking control of the enterprise. ACM SIGCOMM Comput. Commun. Rev. 37(4), 1–12 (2007)CrossRefGoogle Scholar
  7. 7.
    Jain, S., Kumar, A., Mandal, S., Ong, J., et al.: B4: experience with a globally-deployed software defined WAN. ACM SIGCOMM Comput. Commun. Rev. 43(4), 3–14 (2013)CrossRefGoogle Scholar
  8. 8.
    VMware: Software-Defined Data Center (SDDC) (2017).
  9. 9.
    Sezer, S., Scott-Hayward, S., Chouhan, P.K., Fraser, B., Lake, D., Finnegan, J.: Are we ready for SDN? implementation challenges for software-defined networks. IEEE Commun. Mag. 51(7), 36–43 (2013)CrossRefGoogle Scholar
  10. 10.
    Goransson, P., Black, C., Culver, T.: Software Defined Networks: A Comprehensive Approach. Morgan Kaufmann, Burlington (2016)Google Scholar
  11. 11.
    Scott-Hayward, S., Natarajan, S., Sezer, S.: A survey of security in software defined networks. IEEE Commun. Surv. Tutor. 18(1), 623–654 (2016)CrossRefGoogle Scholar
  12. 12.
    Alsmadi, I., Xu, D.: Security of software defined networks: a survey. Comput. Secur. 53, 79–108 (2015)CrossRefGoogle Scholar
  13. 13.
    Ali, S.T., Sivaraman, V., Radford, A., Jha, S.: A survey of securing networks using software defined networking. IEEE Trans. Reliab. 64(3), 1086–1097 (2015)CrossRefGoogle Scholar
  14. 14.
    Shin, S., Gu, G.: Attacking software-defined networks: a first feasibility study. In: Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, pp. 165–166. ACM (2013)Google Scholar
  15. 15.
    Li, D., Hong, X., Bowman, J.: Evaluation of security vulnerabilities by using ProtoGENI as a launchpad. In: Global Telecommunications Conference (GLOBECOM 2011), pp. 1–6. IEEE (2011)Google Scholar
  16. 16.
    Shin, S., Yegneswaran, V., Porras, P., Gu, G.: Avant-guard: scalable and vigilant switch flow management in software-defined networks. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, pp. 413–424. ACM (2013)Google Scholar
  17. 17.
    Fonseca, P., Bennesby, R., Mota, E., Passito, A.: A replication component for resilient openflow-based networking. In: Network Operations and Management Symposium (NOMS), pp. 933–939 (2013)Google Scholar
  18. 18.
    Braga, R., Mota, E., Passito, A.: Lightweight DDoS flooding attack detection using NOX/OpenFlow. In: IEEE 35th Conference on Local Computer Networks (LCN), pp. 408–415 (2010)Google Scholar
  19. 19.
    Gude, N., Koponen, T., Pettit, J., Pfaff, B., Casado, M., McKeown, N., Shenker, S.: NOX: towards an operating system for networks. ACM SIGCOMM Comput. Commun. Rev. 38(3), 105–110 (2008)CrossRefGoogle Scholar
  20. 20.
    Benton, K., Camp, L.J., Small, C.: OpenFlow vulnerability assessment. In: Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, pp. 151–152. ACM (2012)Google Scholar
  21. 21.
    TeamMininet: Mininet (2017)
  22. 22.
    Linux-Foundation-Collaborative-Projects: ODL (2017)

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2018

Authors and Affiliations

  1. 1.Faculty of Engineering and InformaticsUniversity of BradfordBradfordUK
  2. 2.Faculty of Technology, Design and EnvironmentOxford Brookes UniversityOxfordUK
  3. 3.Nettitude LimitedWarwickshireUK

Personalised recommendations