Dynamic queue management for sustainable SDN controller operations and network flows under DDoS/DoS attack

Abstract

Nowadays, cloud computing not only associates centralizing and virtualization of storage servers but also centralizes and virtualizes networking service with sophisticated control, which is called second wave of cloud computing. Networking as a service (NaaS) is accessed remotely by the network control unit using software, termed as Software-defined Network (SDN), which enables can significantly reduce operational costs and capital investment. Bandwidth on demand is now an emerging issue for dynamic traffic patterns of a network. It is difficult to process a high volume of data flow requests, i.e. DoS/DDoS attacks that is varied within time causing service disruption to the SDN networking system. Most of the attack mitigation techniques cannot restrict attacks. There have been few queue-based management methods proposed in the literature to reduce the catastrophe of DoS/DDoS attacks. However, most of them are static solutions. To ensure the availability of SDN controller and switches under DoS/DDoS attack, we have proposed a dynamic queue management algorithm for a queue of controller and switch ports. We have customized the POX controller to implement our proposed model. For our experiment, we have prepared four DoS/DDoS attack scenarios: ping flood attack, smurf attack, TCP flood attack and UDP attack. Finally, we have compared our model with other two models: SingleQueue and Multi Queue-based models with respect to several performance metrics, e.g., throughput, data loss, round trip time (RTT), number of received packets, etc. Our results show that our proposed model shows better performance for the flexibility of data processing capacity and the limitation of the processing rate by identifying attack flow.