Dezhang Kong,Yi Shen,Xiang Chen,Qiumei Cheng,Hongyan Liu,Dong Zhang,Xuan Liu,Shuangxi Chen,Chunming Wu

DOI: https://doi.org/10.1109/tnet.2022.3203561

2023-01-01

IEEE/ACM Transactions on Networking

Abstract:The topology discovery service in Software-Defined Networking (SDN) provides the controller with a global view of the substrate network topology, allowing for central management of the entire network. Unfortunately, emerging topology attacks can poison the network topology and result in unforeseeable disasters. Although researchers have made great efforts to mitigate this problem, security hazards still exist. In this paper, we propose Invisible Assailant Attack (IAA), the first combination topology attack capable of injecting and maintaining fake links even when 12 existing defense strategies are deployed simultaneously. IAA consists of 14 attack phases that apply multiple attack strategies. Attackers skillfully disguise the attack traffic in each phase so that it looks like normal network traffic, and perform these phases in a well-planned sequence, thereby bypassing existing defenses step by step. To mitigate this attack, we propose a Route Path Verification (RPV) mechanism that orchestrates multiple defense strategies to identify fake links. According to the experiments, RPV can successfully detect IAA with low overhead: its detection completes within 1 ms while its per-flow storage consumption is only a few KB.

Haifeng Zhou,Chunming Wu,Chengyu Yang,Pengfei Wang,Qi Yang,Zhouhao Lu,Qiumei Cheng

DOI: https://doi.org/10.1109/TNET.2018.2859483

2018-01-01

IEEE/ACM Transactions on Networking

Abstract:A software-defined network (SDN) is increasingly deployed in many practical settings, bringing new security risks, e.g., SDN controller and switch hijacking. In this paper, we propose a real-time method to detect compromised SDN devices in a reliable way. The proposed method aims at solving the detection problem of compromised SDN devices when both the controller and the switch are trustless, and ...

Yi Shen,Chunming Wu,Dezhang Kong,Mingliang Yang

DOI: https://doi.org/10.1109/icc40277.2020.9149276

2020-01-01

Abstract:Distributed Denial of Service (DDoS) attack is one of the most severe threats to the current network security. As a new network architecture, Software-Defined Networking (SDN) draws notable attention from both industry and academia. The characteristics of SDN such as centralized management and flow-based traffic monitoring make it an ideal platform to defend against DDoS attacks. When designing a network intrusion detection system (NIDS) in SDN, how to obtain fine-grained flow information with minimal overhead to the SDN architecture is a problem to be solved. In this paper, we propose TPDD, a two-phase DDoS detection system to detect DDoS attacks in SDN. In the first phase, we utilize the characteristics of SDN to collect coarse-grained flow information from the core switches and locate the potential victim. Then we monitor the edge switches located close to the potential victim to obtain finer-grained traffic information in the second phase. The collection method of each phase fully considers the impact on the bandwidth between the controller and switches. Without modifying the existing flow rules, the collection module can obtain sufficient information about traffic. By using entropy-based and machine learning-based methods, the detection module can effectively detect anomalies and identify whether the potential victim marked in the first phase is the target of attacks. Experimental results show that TPDD can effectively detect DDoS attacks with little overhead.

Jin Wang,Liping Wang,Ruiqing Wang

DOI: https://doi.org/10.3390/e25081210

IF: 2.738

2023-08-15

Entropy

Abstract:Software defined networking (SDN) improves the flexibility and programmability of the network by separating the control plane and the data plane and effectively realizes the global control of the network infrastructure. However, the centralized structure design of SDN exposes the controller to potential threats. Attackers have used the active flow table delivery mode to launch distributed denial of service (DDoS) attacks on the SDN controller, resulting in the controller failure and seriously affecting the network performance. To overcome this problem, this paper proposes a defense framework called CC-Guard. The framework consists of four modules: attack detection triggering, switch migration, anomaly detection, and mitigation. Among them, the attack detection trigger module improves the system's timely response to DDoS attacks. The switch migration module effectively unclogs the controller congestion problem and provides convenience for network flow transmission. The anomaly detection module uses a coarse-grained method for two-stage detection, which improves the detection accuracy. The mitigation module uses the idea of cross-domain cooperation of the controller to clear the abnormal flow in the blacklist. Experimental results show that our proposed CC-Guard has real-time DDoS attack defense capability and high detection accuracy, as well as efficient network resource utilization.

physics, multidisciplinary

Sagar Ramani,Rutvij H Jhaveri

DOI: https://doi.org/10.3390/s22186958

2022-09-14

Abstract:Traditional security mechanisms find difficulties in dealing with intelligent assaults in cyber-physical systems (CPSs) despite modern information and communication technologies. Furthermore, resource consumption in software-defined networks (SDNs) in industrial organizations is usually on a larger scale, and the present routing algorithms fail to address this issue. In this paper, we present a real-time delay attack detection and isolation scheme for fault-tolerant software-defined industrial networks. The primary goal of the delay attack is to lower the resilience of our previously proposed scheme, SDN-resilience manager (SDN-RM). The attacker compromises the OpenFlow switch and launches an attack by delaying the link layer discovery protocol (LLDP) packets. As a result, the performance of SDN-RM is degraded and the success rate decreases significantly. In this work, we developed a machine learning (ML)-based attack detection and isolation mechanism, which extends our previous work, SDN-RM. Predicting and labeling malicious switches in an SDN-enabled network is a challenge that can be successfully addressed by integrating ML with network resilience solutions. Therefore, we propose a delay-based attack detection and isolation scheme (DA-DIS), which avoids malicious switches from entering the routes by combining an ML mechanism along with a route-handoff mechanism. DA-DIS increases network resilience by increasing success rate and network throughput.

D. Sendil Vadivu,Narendran Rajagopalan

DOI: https://doi.org/10.1002/cpe.8289

2024-10-14

Concurrency and Computation Practice and Experience

Abstract:Summary Software defined network (SDN) is an experimental network design utilized by software companies, academia, and healthcare systems to provide adequate resource utilization, data management, superior network control, and administration. However, these networks face substantial risks, especially from distributed denial of service (DDoS) attacks, requiring robust cybersecurity measures. This article proposes RyuGuard, an intrusion detection and prevention system (IDPS) enhanced with machine learning (ML) capabilities, specifically designed to protect SDNs from DDoS attacks. A DDoS‐specific dataset was collected in the SDN environment through feature extraction from normal and malicious traffic. The evaluation of the dataset with the ML classifiers demonstrates that the decision tree (DT) was the most effective model, with a low false alarm rate (FAR), achieving an accuracy of 99.9%, and rapid execution time, which ensures timely detection and response, suitable for real‐time implementation. RyuGuard, with DT deployment and utilizing the programmability feature of SDN, is designed to predict and prevent the DDoS attack from the ongoing traffic of SDN. Compared with the other existing models, the presented IDPS, RyuGuard, enables early attack prediction, preventing the full impact of DDoS within the network while maintaining sustained throughput and performance with low CPU utilization.

computer science, theory & methods, software engineering

Jishuai Li,Tengfei Tu,Yongsheng Li,Sujuan Qin,Yijie Shi,Qiaoyan Wen

DOI: https://doi.org/10.3390/s22031061

IF: 3.9

2022-01-29

Sensors

Abstract:Software-defined networking (SDN) is a new networking paradigm that realizes the fast management and optimal configuration of network resources by decoupling control logic and forwarding functions. However, centralized network architecture brings new security problems, and denial-of-service (DoS) attacks are among the most critical threats. Due to the lack of an effective message-verification mechanism in SDN, attackers can easily launch a DoS attack by faking the source address information. This paper presents DoSGuard, an efficient and protocol-independent defense framework for SDN networks to detect and mitigate such attacks. DoSGuard is a lightweight extension module on SDN controllers that mainly consists of three key components: a monitor, a detector, and a mitigator. The monitor maintains the information between the switches and the hosts for anomaly detection. The detector utilizes OpenFlow message and flow features to detect the attack. The mitigator protects networks by filtering malicious packets. We implement a prototype of DoSGuard in the floodlight controller and evaluate its effectiveness in a simulation environment. Experimental results show the DoSGuard achieves 98.72% detecion precision, and the average CPU utilization of the controller is only around 8%. The results demonstrate that DoSGuard can effectively mitigate DoS attacks against SDN with limited overhead.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Zheng,Xu Mingwei,Li Qi,Zhang Yun

DOI: https://doi.org/10.7544/issn1000-1239.2018.20160740

2018-01-01

Journal of Computer Research and Development

Abstract:Software-defined networking (SDN) is a new network paradigm.Unlike the conventional network,SDN separates the control plane from the data plane.The function of the data plane is enabled in switches while only the controller provides the functions of the control plane.The controller learns topologies of the whole networks and makes the traffic forwarding decisions.However,recent studies show that there exist some serious vulnerabilities in topology management services of the current SDN controller designs,which mainly exists in host tracking service and link discovery service.Attackers can exploit these vulnerabilities to poison the network topology information in the SDN controllers.What's more,attackers can even make the whole network down.Fortunately,researchers have paid some attention to this serious problem and proposed their defense solution.However,the existing countermeasures can be easily evaded by the attackers.In this paper,we propose an effective approach called SecTopo,to defend against the network topology poisoning attacks.Our evaluation on SecTopo in the Floodlight controller shows that the defense solution can effectively secure network topology with a minor impact on normal operations of OpenFlow controllers.

Qi Liu,Hongwei Ruan,Hua Li,Xiaodi Li,Xianrong Wang

DOI: https://doi.org/10.1145/3444370.3444612

2020-01-01

Abstract:Software Defined Network (SDN) is a new networking technology with the advantages of separating data forwarding plane from the control plane, and a growing number of traditional network attacks are left to this new network architecture. However, current solutions only concentrate on several special attacks in SDN and bring out a variety of overhead. In this paper, we consider two levels detection in data forwarding plane: packet level and flow level. We proposed an efficient, effective, real-time and machine learning based mechanism, called REAL-GUARD, to detect and defend network security threats with decision tree methods and without any extra devices. The experiments prove that our mechanism can defend scanning attacks and detect flooding attacks effectively with low additional performance overhead.

Ziming Zhao,Zhuotao Liu,Huan Chen,Fan Zhang,Zhuoxue Song,Zhaoxuan Li

DOI: https://doi.org/10.1109/tdsc.2023.3349180

2024-01-01

Abstract:Defending against Distributed Denial of Service (DDoS) attacks is a fundamental problem in the Internet. Over the past few decades, the research and industry communities have proposed a variety of solutions, from adding incremental capabilities to the existing Internet routing stack, to clean-slate future Internet architectures, and to widely deployed commercial DDoS prevention services. Yet a recent interview with over 100 security practitioners in multiple sectors reveals that existing solutions are still insufficient against , due to either unenforceable protocol deployment or non-comprehensive traffic filters. This seemingly endless arms race with attackers probably means that we need a fundamental paradigm shift. In this paper, we propose a new DDoS prevention paradigm named preference-driven and in-network enforced traffic shaping , aiming to explore the novel DDoS prevention norms that focus on delivering victim-preferred traffic rather than consistently chasing after the DDoS attacks. Towards this end, we propose DFNet, a novel DDoS prevention system that provides reliable delivery of victim-preferred traffic without full knowledge of DDoS attacks. At a very high level, the core innovative design of DFNet embraces the advances in Machine Learning (ML) and new network dataplane primitives, by encoding the victim's traffic preference (in the form of complex ML models) into dataplane packet scheduling algorithms such that the victim-preferred traffic is forwarded with priority at line-speed, regardless of the attacker strategy. We implement a prototype of DFNet in 11,560 lines of code, and extensively evaluate it on our testbed. The results show that a single instance of DFNet can forward 99.93% of victim-desired traffic when facing previously unseen attacks, while imposing less than 0.1% forwarding overhead on a dataplane with 80 Gbps upstream links and a 40 Gbps bottleneck.

Kuan-yin Chen,Anudeep Reddy Junuthula,Ishant Kumar Siddhrau,Yang Xu,H. Jonathan Chao

DOI: https://doi.org/10.1109/cns.2016.7860467

2016-01-01

Abstract:While the software-defined networking (SDN) paradigm is gaining much popularity, current SDN infrastructure has potential bottlenecks in the control plane, hindering the network's capability of handling on-demand, fine-grained flow level visibility and controllability. Adversaries can exploit these vulnerabilities to launch distributed denial-of-service (DDoS) attacks against the SDN infrastructure. Recently proposed solutions either scale up the SDN control plane or filter out forged traffic, but not both. We propose SDNShield, a combined solution towards more comprehensive defense against DDoS attacks on SDN control plane. SDNShield deploys specialized software boxes to improve the scalability of ingress SDN switches to accommodate control plane workload surges. It further incorporates a two-stage filtering scheme to protect the centralized controller. The first stage statistically distinguishes legitimate flows from forged ones, and the second stage recovers the false positives of the first stage with in-depth TCP handshake verification. Prototype tests and dataset-driven evaluation results show that SDNShield maintains higher resilience than existing solutions under varying attack intensity.

Tao Wang,Hongchang Chen

DOI: https://doi.org/10.1109/cc.2017.7961368

2017-01-01

China Communications

Abstract:Software Defined Networking（SDN） is a revolutionary networking paradigm towards the future network,experiencing rapid development nowadays.However,its main characteristic,the separation of control plane and data plane,also brings about new security challenges,i.e.,Denial-of-Service（DoS） attacks specific to Open Flow SDN networks to exhaust the control plane bandwidth and overload the buffer memory of Open Flow switch.To mitigate the DoS attacks in the Open Flow networks,we design and implement SGuard,a security application on top of the NOX controller that mainly contains two modules:Access control module and Classification module.We employ novel six-tuple as feature vector to classify traffic flows,meanwhile optimizing classification by feature ranking and selecting algorithms.All the modules will cooperate with each other to complete a series of tasks such as authorization,classification and so on.At the end of this paper,we experimentally use Mininet to evaluate SGuard in a software environment.The results show that SGuard works efficiently and accurately without adding more overhead to the SDN networks.

Duohe Ma,Zhen Xu,Dongdai Lin

DOI: https://doi.org/10.1007/978-3-319-23829-6_32

2015-01-01

Abstract:Software Defined Networking (SDN) provides a new network solution by decoupling control plane and data plane from the closed and proprietary implementations of traditional network devices. With its promisingly advanced architecture, SDN represents the future development trend of network. In its typical structure, collaborative interaction between one controller and multiple switches forms a centralized network topology. As playing a key role in this network architecture, the controller in SDN is very vulnerable to single point of failure. What is worse, the emergence of Blind DDoS attack against SDN’s special structure increases its risks. To address this challenge, we introduce a Moving Target Defense(MTD) system to defend Blind DDoS attack. The approach adopts a multi-controller pool to solve the saturation problem, and it can dynamically shift controllers connecting to switches according to the density of flood flow. By randomly delaying the scanning packets and filtering the flood with route-map, this MTD system can effectively resist the Blind DDoS attack and protect the availability and reliability of SDN.

Gupta, Neelam,Tanwar, Sarvesh,Badotra, Sumit

DOI: https://doi.org/10.1007/s10586-024-04535-y

2024-05-14

Cluster Computing

Abstract:Software-defined networking (SDN) is a new way of designing and managing networks. The central SDN controller serves as the network's brain in the control plane. This paper compares the performance of OpenDayLight (ODL) and Ryu SDN controllers by installing the most stable version of the controllers on a realistic test environment, Mininet, on which several other SDN controllers are built. The sFlow and snort tools have been used to compare the performance of the two controllers for a variety of different workloads. Tests were carried out by launching Distributed Denial of Service (DDoS) attacks on the host, stopping them, and then examining the outcomes. Experimental results show that the ODL controller is more effective than the Ryu controller in dealing with DDoS attacks on the SDN network. DDoS attacks are detected using Mininet analysis and the tools Snort and sFlow. The results also show that both controllers perform better in terms of flow setup latency and load shedding performance compared to the Ryu controller. The ODL controller exceeds the Ryu controller in levels of jitter, and its computational complexity outperforms the Ryu controller in terms of processing power. Based on these test findings, it can be concluded that both controllers perform equally well in terms of jitter and ODL is more reliable than Ryu.

computer science, information systems, theory & methods

M. Revathi,V. V. Ramalingam,B. Amutha

DOI: https://doi.org/10.1007/s11277-021-09071-1

IF: 2.017

2021-09-15

Wireless Personal Communications

Abstract:Recently, SDN has arisen as a new network platform that offers unparalleled programming that enables network operators to dynamically customize and control their networks. The attackers aim to paralyse the logical plane, the brain of the network that offers several advantages, by using the SDN controller. However, the control plane is the desirable target of security attacks on the opponents because of its characteristics. One of the most common threats is the DDOS attacks to drain network capacity by sending them heavy traffic, causing network congestion. SDN is a common area of investigation for SDN defenceand DDoS threat identification and prevention in the SDN context has been introduced to many researchers since the proposed SDN attacks. Nevertheless, security risks must be adequately secured. In this paper we suggest a discrete scalable memory based support vector machine algorithm for DDoS threat and SDN mitigation architecture for attack detection. By starting the process of attack detection the input data can gets pre-processed by using Spark standardization technique in which the missing values are replaced and the unwanted data are removed. Then the feature extractions are done using semantic multilinear component analysis algorithm. The classifier is responsible for predicting target and for this a novel discrete scalable memory based support vector machine (DSM-SVM) algorithm is used which provides high accuracy of attack prediction. Followed by attack detection the mitigation process was done, here the mitigation server can identify the threat by intelligently dropping malicious bot traffic and absorbing the rest of the traffic. Here the suggested mechanism achieves attack traffic mitigation and benign traffic dropping. We have evaluated the whole process on KDD dataset. The proposed network model was trained and then used in an SDN threat detection and mitigation environment as part of the assessment process. The entire experiment is run on a VMware-based Ubuntu virtual machine. Weka will utilize our suggested classifier model for training and evaluation, while Mininet uses a RYU controller to establish an SD Network. The findings demonstrate that the mechanism presented exceeds the other algorithms examined, by expressing 99.7% accuracy especially concerning training and testing time over KDD dataset.

telecommunications

Tao Wang,Hongchang Chen,Guozhen Cheng,Yulin Lu

DOI: https://doi.org/10.1155/2018/7545079

IF: 1.968

2018-01-01

Security and Communication Networks

Abstract:Software-Defined Networking (SDN) has quickly emerged as a promising technology for future networks and gained much attention. However, the centralized nature of SDN makes the system vulnerable to denial-of-services (DoS) attacks, especially for the currently widely deployed multicontroller system. Due to DoS attacks, SDN multicontroller model may additionally face the risk of the cascading failures of controllers. In this paper, we propose SDNManager, a lightweight and fast denial-of-service detection and mitigation system for SDN. It has five components: monitor, forecast engine, checker, updater, and storage service. It typically follows a control loop of reading flow statistics, forecasting flow bandwidth changes based on the statistics, and accordingly updating the network. It is worth noting that the forecast engine employs a novel dynamic time-series (DTS) model which greatly improves bandwidth prediction accuracy. What is more, to further optimize the defense effect, we also propose a controller dynamic scheduling strategy to ensure the global network state optimization and improve the defense efficiency. We evaluate SDNManager through a prototype implementation tested in a real SDN network environment. The results show that SDNManager is effective with adding only a minor overhead into the entire SDN/OpenFlow infrastructure.

Naziya Aslam,Shashank Srivastava,M. M. Gore

DOI: https://doi.org/10.1002/ett.4534

IF: 3.6

2022-05-24

Transactions on Emerging Telecommunications Technologies

Abstract:The programmable behavior of Software‐Defined Networking (SDN) enables it to change behavior on the fly, provides instructions for the task's automatic performance, dynamic scaling, and service integration. These advantages have made SDN necessary in networks. Unfortunately, SDN suffers from the threat of DDoS attacks. We have developed an approach to detect and mitigate these threats in SDN by creating an ONOS Flood Defender application (OFD app). This app effectively detects DDoS attacks using machine learning techniques and mitigates them by tracebacking the attack traffic to its origin. The proposed framework of the OFD app is implemented in a Mininet emulator and ONOS SDN controller. The application performs effectively in terms of time, accuracy, and overhead of the system and efficiently mitigates the attacks, preventing a tremendous amount of damage to legitimate users. Software‐Defined Networking (SDN) has made its place in the networks as new technology. SDN's programmable behavior enables it to change behavior on the fly, provides instructions for the task's automatic performance, dynamic scaling, and service integration. These advantages have made SDN necessary in networks. However, SDN suffers from the threat of DDoS attack. We have developed an approach to mitigate these threats by creating an ONOS Flood Defender Application (OFD App). This app effectively detects DDoS attack using supervised and ensemble machine learning techniques and mitigates them by tracebacking the attack traffic to its origin. Our results show that ensemble machine learning techniques perform better than single machine learning algorithm to detect DDoS attack. Random Forest classifier (RFC), an ensemble technique, performs best with the highest accuracy of 99.3% in detecting DDoS attack, followed by XGBoost classifier with an accuracy of 99%. The proposed framework of the OFD app is implemented in a Mininet emulator and ONOS SDN controller. The application performs effectively in terms of time, accuracy, and overhead of the system. Our app efficiently mitigates the attacks, thereby preventing a tremendous amount of damage to legitimate users.

telecommunications

Kuan-Yin Chen,Sen Liu,Yang Xu,Ishant Kumar Siddhrau,Siyu Zhou,Zehua Guo,H. Jonathan Chao

DOI: https://doi.org/10.1109/tnet.2021.3105187

2021-01-01

IEEE/ACM Transactions on Networking

Abstract:Software-defined networking (SDN) is increasingly popular in today's information technology industry, but existing SDN control plane is insufficiently scalable to support on-demand, high-frequency flow requests. Weaknesses along SDN control paths can be exploited by malicious third parties to launch distributed denial-of-service (DDoS) attacks against the SDN control plane. Recently proposed solutions only partially solve the problem, by protecting either the SDN network edges or the centralized controller. We propose SDNShield, a solution based on emerging network function virtualization (NFV) technologies, which enforces more comprehensive defense against potential DDoS attacks on SDN control plane. SDNShield incorporates a three-stage overload control scheme. The first stage statistically identifies legitimate flows with low complexity and performance overhead. The second stage further performs in-depth TCP handshake verification to ensure good flows are eventually served. The third stage intellectually salvages the misclassified legitimate flows that are falsely dropped from the first two stages. Prototype tests and real data-driven simulation results show that SDNShield can achieve high resilience against brute-force attacks, and maintain good flow-level service quality at the same time.

Shang Gao,Zhe Peng,Bin Xiao,Aiqun Hu,Yubo Song,Kui Ren

DOI: https://doi.org/10.1109/tnet.2020.2983976

2020-01-01

IEEE/ACM Transactions on Networking

Abstract:The introduction of software-defined networking (SDN) has emerged as a new network paradigm for network innovations. By decoupling the control plane from the data plane in traditional networks, SDN provides high programmability to control and manage networks. However, the communication between the two planes can be a bottleneck of the whole network. SDN-aimed DoS attacks can cause long packet delay and high packet loss rate by using massive table-miss packets to jam links between the two planes. To detect and mitigate SDN-aimed DoS attacks, this paper presents FloodDefender, an efficient and protocol-independent defense framework for SDN/OpenFlow networks. FloodDefender stands between the controller platform and other controller apps, and conforms to the OpenFlow policy without additional devices. The detection module in FloodDefender utilizes new frequency features to precisely identify SDN-aimed DoS attacks. The mitigation module uses three new techniques to efficiently mitigate attack traffic: table-miss engineering to prevent the communication bandwidth from being exhausted; packet filter to filter out attack traffic and save computational resources of the control plane; and flow rule management to eliminate most of useless flow entries in the switch flow table. Our evaluation on a prototype implementation of FloodDefender shows that the defense framework can precisely identify and efficiently mitigate the SDN-aimed DoS attacks with very little overhead.

Jin Wang,Liping Wang

DOI: https://doi.org/10.3390/s22218287

IF: 3.9

2022-10-29

Sensors

Abstract:With the development of Software Defined Networking (SDN), its security is becoming increasingly important. Since SDN has the characteristics of centralized management and programmable, attackers can easily take advantage of the security vulnerabilities of SDN to carry out distributed denial of service (DDoS) attacks, which will cause the memory of controllers and switches to be occupied, network bandwidth and server resources to be exhausted, affecting the use of normal users. To solve this problem, this paper designs and implements an online attack detection and mitigation SDN defense system. The SDN defense system consists of two modules: anomaly detection module and mitigation module. The anomaly detection model uses a lightweight hybrid deep learning method—Convolutional Neural Network and Extreme Learning Machine (CNN-ELM) for anomaly detection of traffic. The mitigation model uses IP traceback to locate the attacker and effectively filters out abnormal traffic by sending flow rule commands from the controller. Finally, we evaluate the SDN defense system. The experimental results show that the SDN defense system can accurately identify and effectively mitigate DDoS attack flows in real-time.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation