Software-Defined Networking (SDN) and Distributed Denial of Service (DDoS) Attacks in Cloud Computing Environments: A Survey, Some Research Issues, and Challenges

  title={Software-Defined Networking (SDN) and Distributed Denial of Service (DDoS) Attacks in Cloud Computing Environments: A Survey, Some Research Issues, and Challenges},
  author={Qiao Yan and Fei Richard Yu and Qingxiang Gong and Jianqiang Li},
  journal={IEEE Communications Surveys \& Tutorials},
Distributed Denial of Service (DDoS) attacks in cloud computing environments are growing due to the essential characteristics of cloud computing. With recent advances in software-defined networking (SDN), SDN-based cloud brings us new chances to defeat DDoS attacks in cloud computing environments. Nevertheless, there is a contradictory relationship between SDN and DDoS attacks. On one hand, the capabilities of SDN, including software-based traffic analysis, centralized control, global view of… 

Figures and Tables from this paper

Detecting DDoS Attack using Software Defined Network (SDN) in Cloud Computing Environment

  • K. BhushanB. Gupta
  • Computer Science
    2018 5th International Conference on Signal Processing and Integrated Networks (SPIN)
  • 2018
An approach to detect DDoS attacks in SDN-based cloud by utilizing the features of SDN is proposed, which can detect the DDoS attack detection and mitigation capabilities with very low communicational and computational overhead.

Software-defined Networking-based DDoS Defense Mechanisms

The main focus of this research work is on discovering critical security implications in SDN while reviewing the current ongoing research studies and emphasizing the available state-of-the-art techniques.

A Review of Anomaly Detection Techniques and Distributed Denial of Service (DDoS) on Software Defined Network (SDN)

This research explains DDoS attacks and the anomaly detection as one of the famous detection techniques for intelligent networks.

FlexProtect: A SDN-based DDoS Attack Protection Architecture for Multi-tenant Data Centers

This paper exploits the flexibility of SDN and NFV to propose FlexProtect, a flexible distributed DDoS protection architecture for multi-tenant data centers and proposes FP-SYN, an anti-spoofing SYN flood protection mechanism.

Toward secure software-defined networks against distributed denial of service attack

An information distance-based flow discriminator framework has been discussed, which can discriminate the DDoS traffic during flash events, a similar looking legitimate traffic, in SDN environment and can detect the traffic at the edge switch so that the attack alert can be raised at the earliest.

DDoS Flooding Attack Mitigation in Software Defined Networks

This research work proposes a lightweight and practical mitigation mechanism to protect SDN architecture against DDoS flooding threats and ensure a secure and efficient SDN-based networking environment.

Towards DDoS detection mechanisms in Software-Defined Networking




Distributed denial of service attacks in software-defined networking with cloud computing

It is shown that SDN brings a new chance to defeat DDoS attacks in cloud computing environments, and good features of SDN in defeating DDoS attacked, and a number of challenges that need to be addressed to mitigate DDoS attached in SDN with cloud computing.

DoS and DDoS in Named Data Networking

This paper identifies and analyzing several new types of attacks in Named Data Networking and investigates their variations, effects and counter-measures, and sheds some light on the debate about relative virtues of self-certifying, as opposed to human-readable, names in the context of content-centric networking.

EDoS-Shield - A Two-Steps Mitigation Technique against EDoS Attacks in Cloud Computing

This paper advocates a novel solution, named EDoS-Shield, to mitigate the Economic Denial of Sustainability (EDoS) attack in the cloud computing systems and designs a discrete simulation experiment to evaluate its performance and shows that it is a promising solution to mitigateThe EDoS.

A Survey on Methods to Defend against DDoS Attack in Cloud Computing

This paper introduces cloud computing, Virtualization and DDoS attack and a review and comparison of the existing methods against DDoSattack on cloud computing is presented.

OpenFlow: A security analysis

This work performs a security analysis of OpenFlow using STRIDE and attack tree modeling methods, and proposes appropriate counter-measures that can potentially mitigate the security issues associated with OpenFlow networks.

Can We Beat DDoS Attacks in Clouds?

This paper proposes a dynamic resource allocation strategy to counter DDoS attacks against individual cloud customers and establishes a mathematical model to approximate the needs of the resource investment based on queueing theory.

Mitigating Economic Denial of Sustainability (EDoS) in Cloud Computing Using In-cloud Scrubber Service

For cloud computing to remain attractive, the DDoS threat is to be addressed before it triggers the billing mechanism, which can be addressed by using reactive/on-demand in-cloud eDDoS mitigation service (scrubber Service) for mitigating the application-layer and network-layer DDOS attacks with the help of an efficient client-puzzle approach.

Software-Defined Mobile Cloud: Architecture, services and use cases

  • I. KuYou LuM. Gerla
  • Computer Science
    2014 International Wireless Communications and Mobile Computing Conference (IWCMC)
  • 2014
This paper presents the required core components to build SDN-based Mobile Cloud, including variations that are required to accommodate different wireless environments, such as mobility and unreliable wireless link conditions, and introduces several instances of the proposed architectures based on frequency selection of wireless transmission that are designed around different use cases ofSDN- based Mobile Cloud.

A Survey on Software-Defined Networking

A generally accepted definition for SDN is presented, including decoupling the control plane from the data plane and providing programmability for network application development, and its three-layer architecture is dwelled on, including an infrastructure layer, a control layer, and an application layer.

Sdn Security: A Survey

This paper presents a comprehensive survey of the research relating to security in software-defined networking that has been carried out to date, and both the security enhancements to be derived from using the SDN framework and the security challenges introduced by the framework are discussed.