ZTE Communications ›› 2017, Vol. 15 ›› Issue (3): 13-19.DOI: 10.3969/j.issn.1673-5188.2017.03.003

• Special Topic • Previous Articles     Next Articles

DDoS Attack in Software Defined Networks: A Survey

XU Xiaoqiong, YU Hongfang, YANG Kun   

  1. School of Communication & Information Engineering, University of Electronic Science and Technology of China, Chengdu 611731, China
  • Received:2017-06-03 Online:2017-08-25 Published:2019-12-24
  • About author:XU Xiaoqiong (xiaoqiongxu@std.uestc.edu.cn) is currently a Ph.D. student in University of Electronic Science and Technology of China, China. Her research interests include software defined networking and cloud computing.|YU Hongfang (yuhf@uestc.edu.cn) received her B.Sc. degree in electrical engineering in 1996 from Xidian University, China her M.Sc. degree and Ph.D. degree in communication and information engineering in 1999 and 2006 from University of Electronic Science and Technology of China, respectively. From 2009 to 2010, she was a visiting scholar at the Department of Computer Science and Engineering, University at Buffalo (SUNY), USA. Her research interests include network survivability and next generation Internet, and cloud computing.|YANG Kun(kunyang@uestc.edu.cn)received his Ph.D. from the Department of Electronic & Electrical Engineering of University College London (UCL), UK, and M.Sc. and B.Sc. from the Computer Science Department of Jilin University, China. He is currently a Chair Professor in the School of Computer Science & Electronic Engineering, University of Essex, leading the Network Convergence Laboratory (NCL), UK. He is also an affiliated professor at University of Electronic Science and Technology of China, China. Before joining in University of Essex at 2003, he worked at UCL on several European Union (EU) research projects for several years. His main research interests include wireless networks and communications, future Internet technology and network virtualization, mobile cloud computing. He manages research projects funded by various sources such as UK EPSRC, EU FP7/H2020 and industries. He has published 100+ journal papers. He serves on the editorial boards of both IEEE and non-IEEE journals. He is a senior member of IEEE (since 2008) and a Fellow of IET (since 2009).
  • Supported by:
    This work is supported in part by the “973” Program of China under Grant(No. 2013CB329103);the National Natural Science Foundation of China under Grant(No. 61271171);the National Natural Science Foundation of China under Grant(No. 61401070);National Key Research and Development Program of China(No. 2016YFB0800105);the “863” Program of China under Grant(No. 2015AA015702);the “863” Program of China under Grant(No. 2015AA016102)

Abstract:

Distributed Denial of Service (DDoS) attacks have been one of the most destructive threats to Internet security. By decoupling the network control and data plane, software defined networking (SDN) offers a flexible network management paradigm to solve DDoS attack in traditional networks. However, the centralized nature of SDN is also a potential vulnerability for DDoS attack. In this paper, we first provide some SDN-supported mechanisms against DDoS attack in traditional networks. A systematic review of various SDN-self DDoS threats are then presented as well as the existing literatures on quickly DDoS detection and defense in SDN. Finally, some promising research directions in this field are introduced.

Key words: software defined networks, SDN security, DDoS, detection method, defense mechanism