ODL-ANTIFLOOD: A Comprehensive Solution for Securing OpenDayLight Controller

Software-Defined Networking (SDN) has emerged as a novel network architecture for facilitating and simplifying network control and management. The main fundamental of SDN is the separation of the control and data planes that allows to rapidly, simply manage and configure network operations. However, because of the logically centralized control plane, SDN brings many security challenges, especially to be the victim of Controller-aimed Distributed Denial of Service (DDoS) attacks. In this paper, we proposed a solution to detect and mitigate this dangerous threat to protect SDN controllers. Our proposal consists of two components including a network application for supporting in decision making and a network function for enforcing the detection and mitigation tasks. We also contribute a multi-layer attack detection mechanism and a three-phase mitigation approach to treat with the attacks. Our methodology is implemented on OpenDayLight controller and evaluated using a high-speed test-bed network. The results show that our solution is able to detect attacks after 40 milliseconds on average, and the accuracy of detection process is around 95%. Moreover, it also can effectively, efficiently mitigate attacks to reduce CPU Utilization from high (approx. 90%) to remain average (approx. 20%). � 2018 IEEE.