Design and implementation of a stateless and stateful DDOS prevention solution with Pyretic based firewall on SDN controller

  • Author(s) / Creator(s)
  • We realize information as a whole need a continuous flow when it comes to terms of networking systems. With this in view, Distributed Denial of Service (DDoS) is a threat that has continually degraded this important characteristics of networking systems, thus, the need to create and build an
    infrastructure that detects and prevents this threats as quickly as possible. This project proposes a DDoS prevention solution that utilizes both a stateless and stateless firewall on an SDN controller which blocks traffic from a node that has been detected as a source of a DDoS attack using explicit flows that match source addresses. Software Defined Networking (SDN) is an emerging technology, which offers the network architecture with an ideology of physical separation of the control and data plane of the forwarding devices. The controller implements the control plane while the switches perform the forwarding operations of the data plane. Using OpenFlow protocol which is the standard of communication between the controller and the switches, SDN controllers can manage forwarding behaviors of SDN switches by managing Flow Table entries. As a result, the network becomes more dynamic, and the network resources are managed in a more effective and cost-effective manner due to the centralized control. The detection and prevention mechanism designed here are effective for small network topologies and can also be extended to similar large domains.

  • Date created
  • Subjects / Keywords
  • Type of Item
  • DOI
  • License
    Attribution-NonCommercial 4.0 International