Detection and Prevention of TCP DoS/DDoS Attacks in Software Defined Network

Software Defined Networks (SDN) is an emerging network architecture that allows software programs to govern and configure the network intelligently and centrally. Although it offers numerous benefits such as controlling data traffic and improving security, it possesses vulnerabilities across its various levels, which can make it a tempting target to attackers who use Distributed Denial-of-Service (DDoS) attacks. This matter triggers till date field researchers and developers to keep on developing methodologies and applications to detect attacks and secure the Software Defined Networks. Our paper bridges the gap between the developing environment of SDNs and the ongoing security challenges they face by describing major DDoS detection techniques as well as introducing two novel methods to enhance the security posture of SDN environments. We propose two lightweight and practical approaches to detect and prevent attacks. The first approach targets TCP SYN flood attack with a TCP Proxy approach. The second approach prevents data plane saturation from 3-way complete handshaking TCP attacks with a hashing approach. Our work involves creating a set of firewall rules to spot TCP SYN flood attacks, as well as developing an application to evaluate the hash values for the different source IP address set of data. Simulation results shows insights into identifying and protecting against potential attacks on SDNs.