Analyzing distributed denial-of-service attacks in SDN architecture
Software-Defined Networks (SDN) are transforming modern network architectures by enabling dynamic resource provisioning through centralized control. This centralized design principle, however, exposes SDN to security vulnerabilities, particularly those posed by Distributed Denial of Service (DDoS) attacks which can compromise the availability of critical network functions and services. This thesis conducts a detailed review of DDoS attacks on SDN. This thesis emphasises on and examines three prominent DDoS attacks in SDN in depth, aiming to comprehend the nature of the attacks and how they unfold. All three attacks severely impact the controller and can have far-reaching consequences for the entire network. To that end, the thesis proposes a methodology that makes use of simulations and a variety of test cases. The research strives to replicate real-world conditions with these simulated scenarios, ensuring a detailed and nuanced examination of how DDoS attacks can specifically impact the SDN infrastructure. In this study, attack scenarios were conducted on fat-tree and ring topologies, the two most prominent topologies in use. The simulation results reveal that the fat-tree topology consistently exhibited patterns for three different attack types and durations, while the ring topology did not show any discernible pattern for the specified attacks. Overall, the research findings shed light on the intricate interplay between network topology and DDoS attack resilience within SDN environments, opening up avenues for future exploration and the refinement of network security practices.
The research findings aim to serve as a foundation for improving SDN’s security posture and fostering its continued advancement in addressing the complex challenges posed by the ever-changing cybersecurity landscape. Overall, this study provides practical knowledge and insights that can be used to develop robust countermeasures and improve the overall resilience of SDN systems.