Extending the Floodlight Controller

Software Defined Networking (SDN) emerges as an option to implement security features difficult to develop and deploy in traditional network infrastructures. SDN has a programmable component that can build a global view of the actual state of a network and change network configuration to react to actual events: a controller. Additionally, a controller's functionality may be extended to meet specific requirements. This work studies the features that Floodlight, a Java based SDN controller, offers to extend its behavior. Previous works have studied Floodlight architecture and performance, but not these features. To meet the goal, we selected a known security context for traditional networks: DDoS detection and mitigation. This paper presents design and implementation of the CDM(Collection, Detection, and Mitigation) module, a statistical-based DDoS detection module that extends Floodlight. Statistical algorithms are a good fit for SDN, they have low memory and CPU demands, and can react to changes in network configuration. The module also uses Java features to establish an interface for statistical-based detection algorithms, enabling administrators to use libraries of algorithms and select some of them according to their systems. The results show that Floodlight is easy to extend and flexible. It is also efficient regarding CPU, but requires more memory than other controllers. The collection, detection, and mitigation algorithms run fast, although the time window required to detect statistical change bounds reaction times.