Software-defined networks (SDN) offer significant flexibility, scalability, and dynamic management. However, these networks are increasingly vulnerable to distributed denial of service (DDoS) attacks. This study investigates the susceptibility of SDNs to such attacks and presents a DMHDA (real-time detection and mitigation of DDoS attacks). The model employs a unified capability for both detection and mitigation. It features a custom-developed script, ryu2m.js, for the real-time detection and mitigation, along with the elephant.py script to identify the route through which elephant flow occurs. The proposed model uses the sFlow tool to monitor the network traffic, and a virtual SDN environment consisting of virtual hosts, openvswitches, and a RYU controller. The sFlow-RT application provides visualisation of the topology used, the connection between switches, visualisation of traffic and topology. The findings emphasise its effectiveness in mitigating congestion caused by attacks, indicating a potential for significant improvements in security and performance within SDN environment.
Kumar et al. (Thu,) studied this question.