IP Source Lockdown to Detect and Mitigate Multi-Destination, Multi-Port, Multi-Protocol DDoS Attacks in SDN
Jitendra Patil1, Vrinda Tokekar2, Alpana Rajan3

1Jitendra Patil, Department of Computer Engineering, Devi Ahilya Vishwavidyala, Indore (M.P), India.
2Vrinda Tokekar, Professor, Department of Information Technology, Institute of Engineering and Technology, Devi Ahilya University. Indore (M.P), India.
3Alpana Rajan, Department of Computer Engineering, Devi Ahilya Vishwavidyala, Indore (M.P), India.
Manuscript received on 19 September 2022 | Revised Manuscript received on 28 September 2022 | Manuscript Accepted on 15 October 2022 | Manuscript published on 30 October 2022 | PP: 29-40 | Volume-11 Issue-11, October 2022 | Retrieval Number: 100.1/ijitee.K929510111122 | DOI: 10.35940/ijitee.K9295.10111122
Open Access | Ethics and Policies | Cite | Mendeley | Indexing and Abstracting
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC-BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)

Abstract: Distributed Denial of Service (DDoS) attack is not a new attack and remains a challenging task. It has already been addressed by researchers and a lot of work has been done in this direction. Most of the work in Software-Defined-Network (SDN) environment focused on legacy DDoS attacks where targets are end servers. Legacy DDoS attack traffics are associated with a single destination and mostly the solutions are around this characteristic. In the case of SDN, the target is SDN controller plane whose overcharging brings the network to a complete halt. An attacker can achieve this by customizing Multi-Destination, Multi-Port, Multi-Protocol DDoS (MMMD) attack traffic to force the data plane to push more messages to the controller plane. In this paper, we have considered MMMD attack traffic which is just like normal traffic but has the potential to paralyze the complete SDN based networking infrastructure. In the contribution of this work, we have created MMMD traffic and proposed a model named “Simple, Lightweight DDoS Detection and Mitigation model in Software Defined Network” (SLDDM) to combat MMMD traffic in the SDN environment. SLDDM is based on the implementation of IP source-lockdown in SDN environment to detect and mitigate malicious traffic originating from spoof/legitimate IPs. The proposed model has been evaluated under different scenarios and compared with standard models in the literature. SLDDM brings down average response time in establishing https connections by legitimate hosts under attack scenario from 31 seconds to 0.054 seconds. It has been evaluated that the SLDDM keeps the SDN controller healthy and responsive to legitimate hosts under attack conditions. 
Keywords: SDN Controller; DDoS; spoof IP; TCP-SYN; IP Source-Lockdown
Scope of the Article: Network Protocols & Wireless Networks