Cog-SDN: Mitigation Mechanism for Distributed Denial of Service Attacks in Software Defined Networks

  • P. Mohana PriyaEmail author
  • K. R. Manjula
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1116)


Software Defined Network is a novel network paradigm that decouples forwarding devices from the controller. Distributed Denial of Service attack is the most common threat found in which an attacker floods request messages to the victim. These attacks saturate control plane and degrade the service for legitimate traffic flows. In this research work, Cognitive-Software Defined Network is proposed which uses an unsupervised Deep Belief Network algorithm to defend against attacks. Deep Belief Network self-learns the flow payload details and detects flooding attacks when the counter exceeds the threshold value. The proposed mitigation method is deployed in the SDN controller which monitors the incoming traffic flows and blocks the malicious hosts. The experimental results show that Cognitive Software Defined Network outperforms in terms of bandwidth consumption, installation of flow entries with attack detection time when compared with SLICOTS.


Software Defined Networks Cognition Distributed Denial of Service Attack Self-learning Deep Belief Network 


  1. 1.
    Jammal, M., Singh, T., Shami, A.: Software defined networking: state of art and research challenges. Comput. Netw. 72, 74–98 (2014). Scholar
  2. 2.
    Nunes, B.A.A., Mendonca, M., Nguyen, X.: A survey of software-defined networking: past, present and future of programmable networks. IEEE Commun. Surv. Tutor. 16(3), 1617–1634 (2014). Scholar
  3. 3.
    Li, W., Meng, W., Kwok, L.F.: A survey on OpenFlow-based software defined networks: security challenges and counter-measures. J. Netw. Comput. Appl. 68, 126–139 (2016). Scholar
  4. 4.
    Kim, H., Feamster, N.: Improving network management with software defined networking. IEEE Commun. Mag. 51, 114–119 (2013). Scholar
  5. 5.
    Savas, S.S., Tomatore, M., Habib, M.F.: Disaster-resilient control plane design and mapping in software-defined networks. In: Proceedings of IEEE International Conference on High Performance Switching and Routing, Budapest, Hungary, pp. 1–6 (2016).
  6. 6.
    Karakus, M., Duressi, A.: A survey: control plane scalability issues and approaches in software defined networking. Comput. Netw. 112, 279–293 (2016). CrossRefGoogle Scholar
  7. 7.
    Scott-Hayward, S., Natarajan, S., Sezer, S.: A survey of security in software defined networks. IEEE Commun. Surv. Tutor. 18(1), 623–654 (2016). Scholar
  8. 8.
    Brooks, M., Yang, B.: Man in the middle attack against OpenDayLight SDN controller. In: Proceedings of ACM Conference on Research in Information Technology, New York, USA, October, pp. 45–49 (2015).
  9. 9.
    Chen, P.J., Chen, Y.W.: Implementation of SDN based network intrusion detection and prevention system. In: Proceedings of Carnahan Conference on Security Technology, Taipei, Taiwan, January, pp. 141–146 (2016).
  10. 10.
    Niyaz, Q., Sun, W., Javaid, A.Y.: A Deep Learning Based DDoS Detection System in Software-Defined Networking. arXiv preprint arXiv:1611.07400 (2016). Scholar
  11. 11.
    Wang, H., Xu, L., Gu, G.: Floodguard: a DoS attack prevention extension in software-defined networks. In: Proceedings of IEEE International Conference on Dependable Systems and Networks, Riode Janeiro, Brazil, September, pp. 239–250 (2015).
  12. 12.
    Chin, T., Mountrouidou, X., Li, X.: Selective packet inspection to detect DoS flooding using software defined networking. In: Proceedings of International Conference on Computing Systems Workshops, Columbus, OH, USA, July, pp. 95–99 (2015).
  13. 13.
    Dhawan, M., Poddar, R., Mahajan, K.: SPHINX: detecting security attacks in software-defined networks. In: Network and Distributed System Security (2015).
  14. 14.
    Shin, S., Yegneswaran, V., Porras, P.: Avant-guard: scalable and vigilant switch flow management in software defined networks. In: Proceedings of ACM SIGSAC Conference on Computer and Communications Security, November, pp. 413–424 (2013).
  15. 15.
    Ambrosin, M., Conti, M., De Gaspari, F.: Lineswitch: efficiently managing switch flow in software defined networking while effectively tackling DoS attacks. In: Proceedings of ACM Symposium on Information, Computer and Communications Security, pp. 639–644 (2015).
  16. 16.
    Wei, L., Fung, C.: FlowRanger: a request prioritizing algorithm for controller DoS attacks in software defined networks. In: Proceedings of IEEE International Conference on Communications, London, UK, September, pp. 639–644 (2015).
  17. 17.
    Haopei, W., Lei, X., Guofei, G.: OF-GUARD: a DoS attack prevention extension in software defined networks. In: Open Network Summit (2014)Google Scholar
  18. 18.
    Nugraha, M., Paramita, I., Musa, A.: Utilizing OpenFlow and sFlow to detect and mitigate SYN flooding attack, pp. 988–994 (2014). Scholar
  19. 19.
    Amokrane, A., Langar, R., Boutaba, R.: Flow-based management for energy efficient campus networks. IEEE Trans. Netw. Serv. Manage. 12(4), 565–579 (2015). Scholar
  20. 20.
    Mohana Priya, P., Shalinie, S.M., Pandey, T.: Restricted Boltzmann machine based energy efficient cognitive network. In: Snášel, V., Abraham, A., Krömer, P., Pant, M., Muda, A.K. (eds.) Innovations in Bio-Inspired Computing and Applications. AISC, vol. 424, pp. 463–472. Springer, Cham (2016). Scholar
  21. 21.
    Berman, M., Chase, J.S., Landweber, L.: GENI: a federated testbed for innovative network experiments. Comput. Netw. 61, 5–23 (2014). Scholar
  22. 22.
    Imran, M., Durad, M.H., Khan, F.A., Derhab, A.: Toward an optimal solution against denial of service attacks in software defined networks. Future Gener. Comput. Syst. 92, 444–453 (2019). Scholar
  23. 23.
    Mohana Priya, P., Shalinie, S.M.: Restricted Boltzmann machine based detection system for DDoS attack in software defined networks. In: Fourth International Conference on Signal Processing, Communication and Networking, pp. 1–6 (2017).
  24. 24.
    Bawany, N.Z., Shamsi, J.A.: SEAL: SDN based secure and agile framework for protecting smart city applications from DDoS attacks. J. Netw. Comput. Appl. (2019). Scholar
  25. 25.
    Saraswat, S., Agarwal, V., Gupta, H.P., Mishra, R., Gupta, A., Dutta, T.: Challenges and solutions in software defined networking: a survey. J. Netw. Comput. Appl. 141, 23–58 (2019). Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  1. 1.School of ComputingSASTRA Deemed UniversityThanjavurIndia

Personalised recommendations