A novel DDoS attack-aware smart backup controller placement in SDN design
Security issues like Distributed Denial of Service (DDoS) attacks are becoming the main threat for Software-Defined Networking (SDN). Controller placement is a fundamental factor in the design and planning of SDN infrastructure. The controller could be seen as a single dot of failure for the whole S...
Saved in:
| Main Authors: | , , , , , , , , |
|---|---|
| Format: | Article |
| Language: | English English |
| Published: |
Annals of Emerging Technologies in Computing (AETiC)
2020
|
| Online Access: | https://eprints.ums.edu.my/id/eprint/27175/1/A%20novel%20DDoS%20attack%20abstract.pdf https://eprints.ums.edu.my/id/eprint/27175/2/A%20novel%20DDoS%20attack.pdf https://eprints.ums.edu.my/id/eprint/27175/ https://doi.org/10.33166/AETIC.2020.05.005 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Security issues like Distributed Denial of Service (DDoS) attacks are becoming the main threat for Software-Defined Networking (SDN). Controller placement is a fundamental factor in the design and planning of SDN infrastructure. The controller could be seen as a single dot of failure for the whole SDN and it's the alluring point for DDoS attack. Single controller placement implies a single point of SDN control. So, there is a very high chance to fail the entire network topology as the controller associated with all switches. As a result, legitimate clients won't have the capacity to use SDN services. This is the reason why the controller is the suitable center dot of attack for the aggressor. To protect SDN from this type of single purpose of failure, it is essential to place multiple smart backup controllers to guarantee the SDN operation. In this paper, we propose a novel Integer Linear Programming (ILP) model to optimize the security issue by placing powerful smart backup controller. Result obtained from the simulation shows that our proposed novel ILP model can suggest single or multiple smart backup controller placement to support several
ordinary victim controllers which has the capacity to save the cost of multiple ordinary controllers by sharing link, maximum new flows per second of controller and port, etc. |
|---|