AutoDrop: Automatic DDoS Detection and its Mitigation with combination of sFlow and OpenFlow

Abstract

World has emerged into global village due to connected internet. Everyone is connected with each other through internet which make everyone subject of being compromised. Many organizations' confidential and private data has been compromised and many online services are compromised due to cyber-attacks. Many researches and innovation has been made for making network secure but commercial routers limit them to deploy custom security algorithms in real network. Recently, researchers succeed to innovate a novel protocol OpenFlow in Software Defined Networks. OpenFlow separates control plane and data plane and provide space for researchers to experiment their innovations. Control plane is responsible for all forwarding logic, which is managed by Controller (external server) and router just need to forward data packets. Due to this separation, now researcher can easily implement their own data monitoring, encryption and forwarding algorithms. Taking advantage of this innovation we used Controller (control plane) to analyze real-time traffic, detect DDoS attack and mitigate attack. We surveyed literature and highlight many solutions but most of them worked on attack detection irrespective care of computation and performance impact. They also does not focus on attack mitigation and left it for future work. Keeping all this in view we worked on one comprehensive solution which real-time monitors traffic, identify anomalies and mitigate attacking source without impacting on network performance. We used sFlow-RT analytic engine for real time network traffic monitoring. Multiple triggers can be registered using its REST API based on different thresholds for different types of attacks such as Ping Flood, SYN and Ping of Death. Whenever traffic deviates specified thresholds it trigger an event, our mitigation application handle this event and manage network state using Kinetic Controller.